Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admin Console Active vulnerability hash calculation #6897

Merged
merged 2 commits into from
Apr 16, 2024
Merged

Admin Console Active vulnerability hash calculation #6897

merged 2 commits into from
Apr 16, 2024

Conversation

jandro996
Copy link
Member

@jandro996 jandro996 commented Apr 9, 2024
edited
Loading

What Does This Do

The current implementation uses the default VulnerabilityTypeImpl but this is conceptually wrong as there is no error in a file.

Change VulnerabilityType ADMIN_CONSOLE_ACTIVE implementation to ServiceVulnerabilityType

Motivation

Additional Notes

Jira ticket: APPSEC-52435

@jandro996 jandro996 added the comp: asm iast Application Security Management (IAST) label Apr 9, 2024
@jandro996 jandro996 changed the base branch from master to alejandro.gonzalez/remove_app_vuln_dedup April 9, 2024 06:56
@pr-commenter
Copy link

pr-commenter bot commented Apr 9, 2024
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/change_admin_console_active_impl
git_commit_date 1713248465 1713249192
git_commit_sha 4c97fc1 5d0a522
release_version 1.33.0-SNAPSHOT~4c97fc1a28 1.33.0-SNAPSHOT~5d0a5221cc
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1713252535 1713252535
ci_job_id 487427247 487427247
ci_pipeline_id 32167935 32167935
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 47 metrics, 16 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.33.0-SNAPSHOT~5d0a5221cc, baseline=1.33.0-SNAPSHOT~4c97fc1a28

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.081 s) : 0, 1081028
Total [baseline] (8.561 s) : 0, 8560654
Agent [candidate] (1.084 s) : 0, 1084132
Total [candidate] (8.583 s) : 0, 8582913
section iast
Agent [baseline] (1.197 s) : 0, 1196637
Total [baseline] (9.024 s) : 0, 9024044
Agent [candidate] (1.201 s) : 0, 1201112
Total [candidate] (9.031 s) : 0, 9030963
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.199 s) : 0, 1199444
Total [baseline] (9.019 s) : 0, 9019318
Agent [candidate] (1.21 s) : 0, 1209774
Total [candidate] (9.016 s) : 0, 9016480
section iast_TELEMETRY_OFF
Agent [baseline] (1.202 s) : 0, 1202408
Total [baseline] (9.053 s) : 0, 9052965
Agent [candidate] (1.198 s) : 0, 1198137
Total [candidate] (9.007 s) : 0, 9007021
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.081 s -
Agent iast 1.197 s 115.61 ms (10.7%)
Agent iast_HARDCODED_SECRET_DISABLED 1.199 s 118.416 ms (11.0%)
Agent iast_TELEMETRY_OFF 1.202 s 121.381 ms (11.2%)
Total tracing 8.561 s -
Total iast 9.024 s 463.39 ms (5.4%)
Total iast_HARDCODED_SECRET_DISABLED 9.019 s 458.663 ms (5.4%)
Total iast_TELEMETRY_OFF 9.053 s 492.311 ms (5.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.084 s -
Agent iast 1.201 s 116.98 ms (10.8%)
Agent iast_HARDCODED_SECRET_DISABLED 1.21 s 125.642 ms (11.6%)
Agent iast_TELEMETRY_OFF 1.198 s 114.005 ms (10.5%)
Total tracing 8.583 s -
Total iast 9.031 s 448.051 ms (5.2%)
Total iast_HARDCODED_SECRET_DISABLED 9.016 s 433.567 ms (5.1%)
Total iast_TELEMETRY_OFF 9.007 s 424.109 ms (4.9%) 
gantt
    title insecure-bank - break down per module: candidate=1.33.0-SNAPSHOT~5d0a5221cc, baseline=1.33.0-SNAPSHOT~4c97fc1a28

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (677.746 ms) : 0, 677746
BytebuddyAgent [candidate] (679.275 ms) : 0, 679275
GlobalTracer [baseline] (311.003 ms) : 0, 311003
GlobalTracer [candidate] (312.092 ms) : 0, 312092
AppSec [baseline] (49.491 ms) : 0, 49491
AppSec [candidate] (49.77 ms) : 0, 49770
Remote Config [baseline] (655.579 µs) : 0, 656
Remote Config [candidate] (665.35 µs) : 0, 665
Telemetry [baseline] (7.57 ms) : 0, 7570
Telemetry [candidate] (7.67 ms) : 0, 7670
section iast
BytebuddyAgent [baseline] (793.744 ms) : 0, 793744
BytebuddyAgent [candidate] (795.596 ms) : 0, 795596
GlobalTracer [baseline] (287.127 ms) : 0, 287127
GlobalTracer [candidate] (289.145 ms) : 0, 289145
AppSec [baseline] (50.655 ms) : 0, 50655
AppSec [candidate] (50.237 ms) : 0, 50237
IAST [baseline] (23.593 ms) : 0, 23593
IAST [candidate] (23.624 ms) : 0, 23624
Remote Config [baseline] (571.254 µs) : 0, 571
Remote Config [candidate] (591.323 µs) : 0, 591
Telemetry [baseline] (6.557 ms) : 0, 6557
Telemetry [candidate] (7.37 ms) : 0, 7370
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (794.91 ms) : 0, 794910
BytebuddyAgent [candidate] (801.824 ms) : 0, 801824
GlobalTracer [baseline] (288.325 ms) : 0, 288325
GlobalTracer [candidate] (291.018 ms) : 0, 291018
AppSec [baseline] (51.093 ms) : 0, 51093
AppSec [candidate] (52.782 ms) : 0, 52782
IAST [baseline] (22.654 ms) : 0, 22654
IAST [candidate] (22.139 ms) : 0, 22139
Remote Config [baseline] (591.373 µs) : 0, 591
Remote Config [candidate] (618.576 µs) : 0, 619
Telemetry [baseline] (7.418 ms) : 0, 7418
Telemetry [candidate] (6.727 ms) : 0, 6727
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (796.671 ms) : 0, 796671
BytebuddyAgent [candidate] (793.273 ms) : 0, 793273
GlobalTracer [baseline] (289.38 ms) : 0, 289380
GlobalTracer [candidate] (288.94 ms) : 0, 288940
AppSec [baseline] (49.605 ms) : 0, 49605
AppSec [candidate] (47.931 ms) : 0, 47931
IAST [baseline] (23.435 ms) : 0, 23435
IAST [candidate] (24.934 ms) : 0, 24934
Remote Config [baseline] (583.044 µs) : 0, 583
Remote Config [candidate] (582.318 µs) : 0, 582
Telemetry [baseline] (8.078 ms) : 0, 8078
Telemetry [candidate] (8.026 ms) : 0, 8026
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.33.0-SNAPSHOT~5d0a5221cc, baseline=1.33.0-SNAPSHOT~4c97fc1a28

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.083 s) : 0, 1083426
Total [baseline] (10.335 s) : 0, 10335060
Agent [candidate] (1.085 s) : 0, 1084682
Total [candidate] (10.377 s) : 0, 10376863
section appsec
Agent [baseline] (1.195 s) : 0, 1195403
Total [baseline] (10.545 s) : 0, 10545259
Agent [candidate] (1.199 s) : 0, 1198610
Total [candidate] (10.502 s) : 0, 10501905
section iast
Agent [baseline] (1.198 s) : 0, 1198243
Total [baseline] (10.787 s) : 0, 10786734
Agent [candidate] (1.217 s) : 0, 1216683
Total [candidate] (10.777 s) : 0, 10776660
section profiling
Agent [baseline] (1.276 s) : 0, 1275960
Total [baseline] (10.618 s) : 0, 10618204
Agent [candidate] (1.27 s) : 0, 1269915
Total [candidate] (10.68 s) : 0, 10679721
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.083 s -
Agent appsec 1.195 s 111.976 ms (10.3%)
Agent iast 1.198 s 114.817 ms (10.6%)
Agent profiling 1.276 s 192.534 ms (17.8%)
Total tracing 10.335 s -
Total appsec 10.545 s 210.199 ms (2.0%)
Total iast 10.787 s 451.674 ms (4.4%)
Total profiling 10.618 s 283.144 ms (2.7%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.085 s -
Agent appsec 1.199 s 113.928 ms (10.5%)
Agent iast 1.217 s 132.002 ms (12.2%)
Agent profiling 1.27 s 185.233 ms (17.1%)
Total tracing 10.377 s -
Total appsec 10.502 s 125.042 ms (1.2%)
Total iast 10.777 s 399.796 ms (3.9%)
Total profiling 10.68 s 302.858 ms (2.9%) 
gantt
    title petclinic - break down per module: candidate=1.33.0-SNAPSHOT~5d0a5221cc, baseline=1.33.0-SNAPSHOT~4c97fc1a28

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (678.832 ms) : 0, 678832
BytebuddyAgent [candidate] (679.141 ms) : 0, 679141
GlobalTracer [baseline] (311.591 ms) : 0, 311591
GlobalTracer [candidate] (312.696 ms) : 0, 312696
AppSec [baseline] (49.935 ms) : 0, 49935
AppSec [candidate] (49.883 ms) : 0, 49883
Remote Config [baseline] (667.995 µs) : 0, 668
Remote Config [candidate] (662.721 µs) : 0, 663
Telemetry [baseline] (7.694 ms) : 0, 7694
Telemetry [candidate] (7.648 ms) : 0, 7648
section appsec
BytebuddyAgent [baseline] (693.487 ms) : 0, 693487
BytebuddyAgent [candidate] (695.825 ms) : 0, 695825
GlobalTracer [baseline] (289.891 ms) : 0, 289891
GlobalTracer [candidate] (292.084 ms) : 0, 292084
AppSec [baseline] (148.918 ms) : 0, 148918
AppSec [candidate] (149.941 ms) : 0, 149941
IAST [baseline] (18.76 ms) : 0, 18760
IAST [candidate] (18.845 ms) : 0, 18845
Remote Config [baseline] (606.828 µs) : 0, 607
Remote Config [candidate] (606.871 µs) : 0, 607
Telemetry [baseline] (9.381 ms) : 0, 9381
Telemetry [candidate] (6.812 ms) : 0, 6812
section iast
BytebuddyAgent [baseline] (795.236 ms) : 0, 795236
BytebuddyAgent [candidate] (806.526 ms) : 0, 806526
GlobalTracer [baseline] (287.993 ms) : 0, 287993
GlobalTracer [candidate] (292.53 ms) : 0, 292530
AppSec [baseline] (48.956 ms) : 0, 48956
AppSec [candidate] (49.975 ms) : 0, 49975
IAST [baseline] (24.547 ms) : 0, 24547
IAST [candidate] (24.801 ms) : 0, 24801
Remote Config [baseline] (592.976 µs) : 0, 593
Remote Config [candidate] (589.896 µs) : 0, 590
Telemetry [baseline] (6.576 ms) : 0, 6576
Telemetry [candidate] (7.466 ms) : 0, 7466
section profiling
BytebuddyAgent [baseline] (681.953 ms) : 0, 681953
BytebuddyAgent [candidate] (678.215 ms) : 0, 678215
GlobalTracer [baseline] (381.767 ms) : 0, 381767
GlobalTracer [candidate] (380.64 ms) : 0, 380640
AppSec [baseline] (50.652 ms) : 0, 50652
AppSec [candidate] (50.344 ms) : 0, 50344
Remote Config [baseline] (733.611 µs) : 0, 734
Remote Config [candidate] (729.111 µs) : 0, 729
Telemetry [baseline] (7.515 ms) : 0, 7515
Telemetry [candidate] (7.435 ms) : 0, 7435
ProfilingAgent [baseline] (96.641 ms) : 0, 96641
ProfilingAgent [candidate] (96.119 ms) : 0, 96119
Profiling [baseline] (96.665 ms) : 0, 96665
Profiling [candidate] (96.143 ms) : 0, 96143
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-04-16T07:01:15 2024-04-16T07:23:12
git_branch master alejandro.gonzalez/change_admin_console_active_impl
git_commit_date 1713248465 1713249192
git_commit_sha 4c97fc1 5d0a522
release_version 1.33.0-SNAPSHOT~4c97fc1a28 1.33.0-SNAPSHOT~5d0a5221cc
start_time 2024-04-16T07:01:02 2024-04-16T07:22:59
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1713252535 1713252535
ci_job_id 487427247 487427247
ci_pipeline_id 32167935 32167935
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 13 metrics, 15 unstable metrics.

Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.33.0-SNAPSHOT~5d0a5221cc, baseline=1.33.0-SNAPSHOT~4c97fc1a28
    dateFormat X
    axisFormat %s
section baseline
no_agent (360.659 µs) : 341, 380
.   : milestone, 361,
iast (470.947 µs) : 450, 492
.   : milestone, 471,
iast_FULL (537.568 µs) : 516, 559
.   : milestone, 538,
iast_GLOBAL (503.393 µs) : 480, 526
.   : milestone, 503,
iast_HARDCODED_SECRET_DISABLED (476.582 µs) : 455, 498
.   : milestone, 477,
iast_INACTIVE (446.453 µs) : 426, 467
.   : milestone, 446,
iast_TELEMETRY_OFF (470.94 µs) : 450, 492
.   : milestone, 471,
tracing (437.488 µs) : 417, 458
.   : milestone, 437,
section candidate
no_agent (367.405 µs) : 348, 387
.   : milestone, 367,
iast (472.021 µs) : 451, 493
.   : milestone, 472,
iast_FULL (539.684 µs) : 519, 561
.   : milestone, 540,
iast_GLOBAL (490.366 µs) : 468, 512
.   : milestone, 490,
iast_HARDCODED_SECRET_DISABLED (469.569 µs) : 448, 491
.   : milestone, 470,
iast_INACTIVE (446.213 µs) : 426, 466
.   : milestone, 446,
iast_TELEMETRY_OFF (468.898 µs) : 447, 491
.   : milestone, 469,
tracing (450.105 µs) : 430, 471
.   : milestone, 450,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 360.659 µs [340.864 µs, 380.453 µs] -
iast 470.947 µs [449.689 µs, 492.205 µs] 110.288 µs (30.6%)
iast_FULL 537.568 µs [516.449 µs, 558.687 µs] 176.91 µs (49.1%)
iast_GLOBAL 503.393 µs [480.441 µs, 526.345 µs] 142.734 µs (39.6%)
iast_HARDCODED_SECRET_DISABLED 476.582 µs [454.966 µs, 498.198 µs] 115.923 µs (32.1%)
iast_INACTIVE 446.453 µs [425.566 µs, 467.34 µs] 85.795 µs (23.8%)
iast_TELEMETRY_OFF 470.94 µs [449.557 µs, 492.323 µs] 110.281 µs (30.6%)
tracing 437.488 µs [417.454 µs, 457.523 µs] 76.83 µs (21.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 367.405 µs [347.812 µs, 386.999 µs] -
iast 472.021 µs [451.031 µs, 493.011 µs] 104.616 µs (28.5%)
iast_FULL 539.684 µs [518.616 µs, 560.752 µs] 172.278 µs (46.9%)
iast_GLOBAL 490.366 µs [468.335 µs, 512.397 µs] 122.96 µs (33.5%)
iast_HARDCODED_SECRET_DISABLED 469.569 µs [448.093 µs, 491.046 µs] 102.164 µs (27.8%)
iast_INACTIVE 446.213 µs [425.942 µs, 466.484 µs] 78.808 µs (21.4%)
iast_TELEMETRY_OFF 468.898 µs [447.072 µs, 490.723 µs] 101.492 µs (27.6%)
tracing 450.105 µs [429.605 µs, 470.605 µs] 82.7 µs (22.5%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.33.0-SNAPSHOT~5d0a5221cc, baseline=1.33.0-SNAPSHOT~4c97fc1a28
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.348 ms) : 1329, 1366
.   : milestone, 1348,
appsec (1.707 ms) : 1683, 1731
.   : milestone, 1707,
appsec_no_iast (1.726 ms) : 1702, 1750
.   : milestone, 1726,
iast (1.498 ms) : 1476, 1520
.   : milestone, 1498,
profiling (1.495 ms) : 1470, 1520
.   : milestone, 1495,
tracing (1.465 ms) : 1441, 1490
.   : milestone, 1465,
section candidate
no_agent (1.357 ms) : 1338, 1376
.   : milestone, 1357,
appsec (1.723 ms) : 1700, 1747
.   : milestone, 1723,
appsec_no_iast (1.717 ms) : 1693, 1741
.   : milestone, 1717,
iast (1.482 ms) : 1459, 1505
.   : milestone, 1482,
profiling (1.505 ms) : 1479, 1531
.   : milestone, 1505,
tracing (1.492 ms) : 1468, 1516
.   : milestone, 1492,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.348 ms [1.329 ms, 1.366 ms] -
appsec 1.707 ms [1.683 ms, 1.731 ms] 359.388 µs (26.7%)
appsec_no_iast 1.726 ms [1.702 ms, 1.75 ms] 378.401 µs (28.1%)
iast 1.498 ms [1.476 ms, 1.52 ms] 150.377 µs (11.2%)
profiling 1.495 ms [1.47 ms, 1.52 ms] 147.531 µs (10.9%)
tracing 1.465 ms [1.441 ms, 1.49 ms] 117.751 µs (8.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.357 ms [1.338 ms, 1.376 ms] -
appsec 1.723 ms [1.7 ms, 1.747 ms] 366.134 µs (27.0%)
appsec_no_iast 1.717 ms [1.693 ms, 1.741 ms] 359.939 µs (26.5%)
iast 1.482 ms [1.459 ms, 1.505 ms] 124.67 µs (9.2%)
profiling 1.505 ms [1.479 ms, 1.531 ms] 148.206 µs (10.9%)
tracing 1.492 ms [1.468 ms, 1.516 ms] 134.563 µs (9.9%)

@jandro996 jandro996 marked this pull request as ready for review April 9, 2024 09:40
@jandro996 jandro996 requested a review from a team as a code owner April 9, 2024 09:40
Base automatically changed from alejandro.gonzalez/remove_app_vuln_dedup to master April 16, 2024 06:21
@jandro996 jandro996 force-pushed the alejandro.gonzalez/change_admin_console_active_impl branch from a5edcf6 to 99b05dd Compare April 16, 2024 06:26
@jandro996 jandro996 merged commit 0e0654b into master Apr 16, 2024
77 checks passed
@jandro996 jandro996 deleted the alejandro.gonzalez/change_admin_console_active_impl branch April 16, 2024 10:53
@github-actions github-actions bot added this to the 1.33.0 milestone Apr 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@smola smola Awaiting requested review from smola smola is a code owner automatically assigned from DataDog/asm-java

@ValentinZakharov ValentinZakharov Awaiting requested review from ValentinZakharov ValentinZakharov is a code owner automatically assigned from DataDog/asm-java

Assignees
No one assigned
Labels
comp: asm iast Application Security Management (IAST)
Projects
None yet
Milestone
1.33.0
Development

Successfully merging this pull request may close these issues.
2 participants
@jandro996 @manuel-alvarez-alvarez