Ensure cached subscriptions are cleared on reconfiguration via RC #8229

manuel-alvarez-alvarez · 2025-01-16T12:57:07Z

What Does This Do

Clears all cached subscriptions when a new configuration is pulled from RC.

Motivation

In certain scenarios (specially in system-tests) configs might contain rules only for a subset of addresses, meanwhile a future config might change them completely. Every time we pull a new configuration from RC we must clear all cached subscriptions to ensure consistency.

Additional Notes

Contributor Checklist

Format the title according the contribution guidelines
Assign the type: and (comp: or inst:) labels in addition to any usefull labels
Don't use close, fix or any linking keywords when referencing an issue.
Use solves instead, and assign the PR milestone to the issue
Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-56377

dd-java-agent/appsec/src/main/java/com/datadog/appsec/AppSecSystem.java

pr-commenter · 2025-01-16T13:38:35Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/waf-fix-cached-subscriptions
git_commit_date	1737027556	1737036122
git_commit_sha	`ae1aa30`	`47af939`
release_version	1.46.0-SNAPSHOT~ae1aa30548	1.46.0-SNAPSHOT~47af939ee7

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1737038538	1737038538
ci_job_id	768967584	768967584
ci_pipeline_id	53184915	53184915
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 61 metrics, 2 unstable metrics.

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.46.0-SNAPSHOT~47af939ee7, baseline=1.46.0-SNAPSHOT~ae1aa30548

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.058 s) : 0, 1057988
Total [baseline] (8.629 s) : 0, 8628984
Agent [candidate] (1.058 s) : 0, 1057524
Total [candidate] (8.619 s) : 0, 8619471
section iast
Agent [baseline] (1.183 s) : 0, 1182588
Total [baseline] (9.171 s) : 0, 9170562
Agent [candidate] (1.183 s) : 0, 1182767
Total [candidate] (9.207 s) : 0, 9207203
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.185 s) : 0, 1184828
Total [baseline] (9.197 s) : 0, 9196761
Agent [candidate] (1.183 s) : 0, 1182788
Total [candidate] (9.22 s) : 0, 9220345
section iast_TELEMETRY_OFF
Agent [baseline] (1.185 s) : 0, 1185132
Total [baseline] (9.218 s) : 0, 9218314
Agent [candidate] (1.178 s) : 0, 1177855
Total [candidate] (9.202 s) : 0, 9202010

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.058 s	-
Agent	iast	1.183 s	124.601 ms (11.8%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.185 s	126.841 ms (12.0%)
Agent	iast_TELEMETRY_OFF	1.185 s	127.145 ms (12.0%)
Total	tracing	8.629 s	-
Total	iast	9.171 s	541.578 ms (6.3%)
Total	iast_HARDCODED_SECRET_DISABLED	9.197 s	567.777 ms (6.6%)
Total	iast_TELEMETRY_OFF	9.218 s	589.33 ms (6.8%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.058 s	-
Agent	iast	1.183 s	125.242 ms (11.8%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.183 s	125.264 ms (11.8%)
Agent	iast_TELEMETRY_OFF	1.178 s	120.331 ms (11.4%)
Total	tracing	8.619 s	-
Total	iast	9.207 s	587.733 ms (6.8%)
Total	iast_HARDCODED_SECRET_DISABLED	9.22 s	600.874 ms (7.0%)
Total	iast_TELEMETRY_OFF	9.202 s	582.539 ms (6.8%)

gantt
    title insecure-bank - break down per module: candidate=1.46.0-SNAPSHOT~47af939ee7, baseline=1.46.0-SNAPSHOT~ae1aa30548

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (714.675 ms) : 0, 714675
BytebuddyAgent [candidate] (715.051 ms) : 0, 715051
GlobalTracer [baseline] (256.406 ms) : 0, 256406
GlobalTracer [candidate] (256.103 ms) : 0, 256103
AppSec [baseline] (56.864 ms) : 0, 56864
AppSec [candidate] (56.927 ms) : 0, 56927
Remote Config [baseline] (718.247 µs) : 0, 718
Remote Config [candidate] (729.227 µs) : 0, 729
Telemetry [baseline] (14.284 ms) : 0, 14284
Telemetry [candidate] (13.696 ms) : 0, 13696
section iast
BytebuddyAgent [baseline] (831.691 ms) : 0, 831691
BytebuddyAgent [candidate] (831.832 ms) : 0, 831832
GlobalTracer [baseline] (247.054 ms) : 0, 247054
GlobalTracer [candidate] (247.006 ms) : 0, 247006
AppSec [baseline] (57.98 ms) : 0, 57980
AppSec [candidate] (57.885 ms) : 0, 57885
Remote Config [baseline] (671.763 µs) : 0, 672
Remote Config [candidate] (677.888 µs) : 0, 678
Telemetry [baseline] (8.746 ms) : 0, 8746
Telemetry [candidate] (8.793 ms) : 0, 8793
IAST [baseline] (21.441 ms) : 0, 21441
IAST [candidate] (21.527 ms) : 0, 21527
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (833.761 ms) : 0, 833761
BytebuddyAgent [candidate] (831.235 ms) : 0, 831235
GlobalTracer [baseline] (246.75 ms) : 0, 246750
GlobalTracer [candidate] (246.801 ms) : 0, 246801
AppSec [baseline] (58.299 ms) : 0, 58299
AppSec [candidate] (58.36 ms) : 0, 58360
Remote Config [baseline] (683.609 µs) : 0, 684
Remote Config [candidate] (682.078 µs) : 0, 682
Telemetry [baseline] (8.713 ms) : 0, 8713
Telemetry [candidate] (8.904 ms) : 0, 8904
IAST [baseline] (21.522 ms) : 0, 21522
IAST [candidate] (21.688 ms) : 0, 21688
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (835.498 ms) : 0, 835498
BytebuddyAgent [candidate] (828.279 ms) : 0, 828279
GlobalTracer [baseline] (246.86 ms) : 0, 246860
GlobalTracer [candidate] (246.553 ms) : 0, 246553
AppSec [baseline] (57.562 ms) : 0, 57562
AppSec [candidate] (57.757 ms) : 0, 57757
Remote Config [baseline] (661.506 µs) : 0, 662
Remote Config [candidate] (657.431 µs) : 0, 657
Telemetry [baseline] (8.689 ms) : 0, 8689
Telemetry [candidate] (8.55 ms) : 0, 8550
IAST [baseline] (20.802 ms) : 0, 20802
IAST [candidate] (20.983 ms) : 0, 20983

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.46.0-SNAPSHOT~47af939ee7, baseline=1.46.0-SNAPSHOT~ae1aa30548

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.056 s) : 0, 1056263
Total [baseline] (10.486 s) : 0, 10486117
Agent [candidate] (1.064 s) : 0, 1064163
Total [candidate] (10.59 s) : 0, 10590449
section appsec
Agent [baseline] (1.194 s) : 0, 1193597
Total [baseline] (10.745 s) : 0, 10745213
Agent [candidate] (1.194 s) : 0, 1193924
Total [candidate] (10.747 s) : 0, 10747416
section iast
Agent [baseline] (1.191 s) : 0, 1191257
Total [baseline] (11.037 s) : 0, 11036935
Agent [candidate] (1.187 s) : 0, 1186567
Total [candidate] (11.072 s) : 0, 11071826
section profiling
Agent [baseline] (1.255 s) : 0, 1254948
Total [baseline] (10.884 s) : 0, 10883890
Agent [candidate] (1.255 s) : 0, 1255291
Total [candidate] (10.896 s) : 0, 10895919

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.056 s	-
Agent	appsec	1.194 s	137.333 ms (13.0%)
Agent	iast	1.191 s	134.994 ms (12.8%)
Agent	profiling	1.255 s	198.684 ms (18.8%)
Total	tracing	10.486 s	-
Total	appsec	10.745 s	259.096 ms (2.5%)
Total	iast	11.037 s	550.818 ms (5.3%)
Total	profiling	10.884 s	397.773 ms (3.8%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.064 s	-
Agent	appsec	1.194 s	129.761 ms (12.2%)
Agent	iast	1.187 s	122.404 ms (11.5%)
Agent	profiling	1.255 s	191.128 ms (18.0%)
Total	tracing	10.59 s	-
Total	appsec	10.747 s	156.967 ms (1.5%)
Total	iast	11.072 s	481.377 ms (4.5%)
Total	profiling	10.896 s	305.47 ms (2.9%)

gantt
    title petclinic - break down per module: candidate=1.46.0-SNAPSHOT~47af939ee7, baseline=1.46.0-SNAPSHOT~ae1aa30548

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (714.116 ms) : 0, 714116
BytebuddyAgent [candidate] (721.638 ms) : 0, 721638
GlobalTracer [baseline] (255.937 ms) : 0, 255937
GlobalTracer [candidate] (258.411 ms) : 0, 258411
AppSec [baseline] (56.067 ms) : 0, 56067
AppSec [candidate] (55.942 ms) : 0, 55942
Remote Config [baseline] (724.1 µs) : 0, 724
Remote Config [candidate] (749.549 µs) : 0, 750
Telemetry [baseline] (14.359 ms) : 0, 14359
Telemetry [candidate] (12.21 ms) : 0, 12210
section appsec
BytebuddyAgent [baseline] (734.219 ms) : 0, 734219
BytebuddyAgent [candidate] (734.299 ms) : 0, 734299
GlobalTracer [baseline] (253.806 ms) : 0, 253806
GlobalTracer [candidate] (254.171 ms) : 0, 254171
AppSec [baseline] (171.729 ms) : 0, 171729
AppSec [candidate] (171.629 ms) : 0, 171629
Remote Config [baseline] (667.383 µs) : 0, 667
Remote Config [candidate] (675.182 µs) : 0, 675
Telemetry [baseline] (8.245 ms) : 0, 8245
Telemetry [candidate] (8.23 ms) : 0, 8230
IAST [baseline] (19.608 ms) : 0, 19608
IAST [candidate] (19.584 ms) : 0, 19584
section iast
BytebuddyAgent [baseline] (838.568 ms) : 0, 838568
BytebuddyAgent [candidate] (834.926 ms) : 0, 834926
GlobalTracer [baseline] (248.001 ms) : 0, 248001
GlobalTracer [candidate] (247.568 ms) : 0, 247568
AppSec [baseline] (58.343 ms) : 0, 58343
AppSec [candidate] (58.027 ms) : 0, 58027
Remote Config [baseline] (675.652 µs) : 0, 676
Remote Config [candidate] (671.232 µs) : 0, 671
Telemetry [baseline] (8.902 ms) : 0, 8902
Telemetry [candidate] (8.745 ms) : 0, 8745
IAST [baseline] (21.687 ms) : 0, 21687
IAST [candidate] (21.547 ms) : 0, 21547
section profiling
BytebuddyAgent [baseline] (703.493 ms) : 0, 703493
BytebuddyAgent [candidate] (703.79 ms) : 0, 703790
GlobalTracer [baseline] (348.601 ms) : 0, 348601
GlobalTracer [candidate] (350.69 ms) : 0, 350690
AppSec [baseline] (55.845 ms) : 0, 55845
AppSec [candidate] (53.83 ms) : 0, 53830
Remote Config [baseline] (669.979 µs) : 0, 670
Remote Config [candidate] (698.842 µs) : 0, 699
Telemetry [baseline] (8.797 ms) : 0, 8797
Telemetry [candidate] (8.712 ms) : 0, 8712
ProfilingAgent [baseline] (95.605 ms) : 0, 95605
ProfilingAgent [candidate] (95.424 ms) : 0, 95424
Profiling [baseline] (95.629 ms) : 0, 95629
Profiling [candidate] (95.449 ms) : 0, 95449

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2025-01-16T14:12:30	2025-01-16T14:19:37
git_branch	master	malvarez/waf-fix-cached-subscriptions
git_commit_date	1737027556	1737036122
git_commit_sha	`ae1aa30`	`47af939`
release_version	1.46.0-SNAPSHOT~ae1aa30548	1.46.0-SNAPSHOT~47af939ee7
start_time	2025-01-16T14:12:16	2025-01-16T14:19:23

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1737037539	1737037539
ci_job_id	768967586	768967586
ci_pipeline_id	53184915	53184915
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 13 metrics, 15 unstable metrics.

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.46.0-SNAPSHOT~47af939ee7, baseline=1.46.0-SNAPSHOT~ae1aa30548
    dateFormat X
    axisFormat %s
section baseline
no_agent (383.195 µs) : 363, 403
.   : milestone, 383,
iast (517.254 µs) : 495, 539
.   : milestone, 517,
iast_FULL (747.753 µs) : 726, 770
.   : milestone, 748,
iast_GLOBAL (558.357 µs) : 537, 580
.   : milestone, 558,
iast_HARDCODED_SECRET_DISABLED (514.338 µs) : 493, 536
.   : milestone, 514,
iast_INACTIVE (467.733 µs) : 446, 489
.   : milestone, 468,
iast_TELEMETRY_OFF (501.377 µs) : 479, 523
.   : milestone, 501,
tracing (459.276 µs) : 438, 480
.   : milestone, 459,
section candidate
no_agent (386.653 µs) : 367, 406
.   : milestone, 387,
iast (513.064 µs) : 491, 535
.   : milestone, 513,
iast_FULL (749.791 µs) : 728, 772
.   : milestone, 750,
iast_GLOBAL (563.517 µs) : 542, 585
.   : milestone, 564,
iast_HARDCODED_SECRET_DISABLED (518.184 µs) : 496, 540
.   : milestone, 518,
iast_INACTIVE (463.515 µs) : 442, 485
.   : milestone, 464,
iast_TELEMETRY_OFF (506.593 µs) : 484, 529
.   : milestone, 507,
tracing (453.271 µs) : 433, 474
.   : milestone, 453,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	383.195 µs [363.23 µs, 403.16 µs]	-
iast	517.254 µs [495.307 µs, 539.2 µs]	134.059 µs (35.0%)
iast_FULL	747.753 µs [725.715 µs, 769.79 µs]	364.558 µs (95.1%)
iast_GLOBAL	558.357 µs [536.691 µs, 580.023 µs]	175.163 µs (45.7%)
iast_HARDCODED_SECRET_DISABLED	514.338 µs [492.932 µs, 535.745 µs]	131.144 µs (34.2%)
iast_INACTIVE	467.733 µs [446.393 µs, 489.074 µs]	84.539 µs (22.1%)
iast_TELEMETRY_OFF	501.377 µs [479.327 µs, 523.427 µs]	118.182 µs (30.8%)
tracing	459.276 µs [438.434 µs, 480.117 µs]	76.081 µs (19.9%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	386.653 µs [367.088 µs, 406.217 µs]	-
iast	513.064 µs [491.23 µs, 534.897 µs]	126.411 µs (32.7%)
iast_FULL	749.791 µs [727.851 µs, 771.73 µs]	363.138 µs (93.9%)
iast_GLOBAL	563.517 µs [541.827 µs, 585.207 µs]	176.864 µs (45.7%)
iast_HARDCODED_SECRET_DISABLED	518.184 µs [496.433 µs, 539.935 µs]	131.532 µs (34.0%)
iast_INACTIVE	463.515 µs [442.142 µs, 484.888 µs]	76.862 µs (19.9%)
iast_TELEMETRY_OFF	506.593 µs [484.498 µs, 528.688 µs]	119.94 µs (31.0%)
tracing	453.271 µs [432.91 µs, 473.633 µs]	66.619 µs (17.2%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.46.0-SNAPSHOT~47af939ee7, baseline=1.46.0-SNAPSHOT~ae1aa30548
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.358 ms) : 1338, 1378
.   : milestone, 1358,
appsec (1.748 ms) : 1723, 1774
.   : milestone, 1748,
appsec_no_iast (1.764 ms) : 1739, 1789
.   : milestone, 1764,
iast (1.515 ms) : 1491, 1540
.   : milestone, 1515,
profiling (1.582 ms) : 1557, 1607
.   : milestone, 1582,
tracing (1.488 ms) : 1463, 1514
.   : milestone, 1488,
section candidate
no_agent (1.363 ms) : 1343, 1382
.   : milestone, 1363,
appsec (1.766 ms) : 1742, 1790
.   : milestone, 1766,
appsec_no_iast (1.769 ms) : 1744, 1793
.   : milestone, 1769,
iast (1.509 ms) : 1484, 1534
.   : milestone, 1509,
profiling (1.556 ms) : 1532, 1581
.   : milestone, 1556,
tracing (1.495 ms) : 1469, 1520
.   : milestone, 1495,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.358 ms [1.338 ms, 1.378 ms]	-
appsec	1.748 ms [1.723 ms, 1.774 ms]	390.372 µs (28.7%)
appsec_no_iast	1.764 ms [1.739 ms, 1.789 ms]	406.001 µs (29.9%)
iast	1.515 ms [1.491 ms, 1.54 ms]	157.468 µs (11.6%)
profiling	1.582 ms [1.557 ms, 1.607 ms]	224.212 µs (16.5%)
tracing	1.488 ms [1.463 ms, 1.514 ms]	130.351 µs (9.6%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.363 ms [1.343 ms, 1.382 ms]	-
appsec	1.766 ms [1.742 ms, 1.79 ms]	403.417 µs (29.6%)
appsec_no_iast	1.769 ms [1.744 ms, 1.793 ms]	405.591 µs (29.8%)
iast	1.509 ms [1.484 ms, 1.534 ms]	145.822 µs (10.7%)
profiling	1.556 ms [1.532 ms, 1.581 ms]	193.224 µs (14.2%)
tracing	1.495 ms [1.469 ms, 1.52 ms]	131.869 µs (9.7%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/waf-fix-cached-subscriptions
git_commit_date	1737027556	1737036122
git_commit_sha	`ae1aa30`	`47af939`
release_version	1.46.0-SNAPSHOT~ae1aa30548	1.46.0-SNAPSHOT~47af939ee7

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1737038066	1737038066
ci_job_id	768967587	768967587
ci_pipeline_id	53184915	53184915
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.46.0-SNAPSHOT~47af939ee7, baseline=1.46.0-SNAPSHOT~ae1aa30548
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.561 s) : 15561000, 15561000
.   : milestone, 15561000,
appsec (14.807 s) : 14807000, 14807000
.   : milestone, 14807000,
iast (18.88 s) : 18880000, 18880000
.   : milestone, 18880000,
iast_GLOBAL (18.01 s) : 18010000, 18010000
.   : milestone, 18010000,
profiling (15.08 s) : 15080000, 15080000
.   : milestone, 15080000,
tracing (14.77 s) : 14770000, 14770000
.   : milestone, 14770000,
section candidate
no_agent (14.939 s) : 14939000, 14939000
.   : milestone, 14939000,
appsec (14.971 s) : 14971000, 14971000
.   : milestone, 14971000,
iast (18.256 s) : 18256000, 18256000
.   : milestone, 18256000,
iast_GLOBAL (17.846 s) : 17846000, 17846000
.   : milestone, 17846000,
profiling (15.163 s) : 15163000, 15163000
.   : milestone, 15163000,
tracing (15.227 s) : 15227000, 15227000
.   : milestone, 15227000,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.561 s [15.561 s, 15.561 s]	-
appsec	14.807 s [14.807 s, 14.807 s]	-754.0 ms (-4.8%)
iast	18.88 s [18.88 s, 18.88 s]	3.319 s (21.3%)
iast_GLOBAL	18.01 s [18.01 s, 18.01 s]	2.449 s (15.7%)
profiling	15.08 s [15.08 s, 15.08 s]	-481.0 ms (-3.1%)
tracing	14.77 s [14.77 s, 14.77 s]	-791.0 ms (-5.1%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.939 s [14.939 s, 14.939 s]	-
appsec	14.971 s [14.971 s, 14.971 s]	32.0 ms (0.2%)
iast	18.256 s [18.256 s, 18.256 s]	3.317 s (22.2%)
iast_GLOBAL	17.846 s [17.846 s, 17.846 s]	2.907 s (19.5%)
profiling	15.163 s [15.163 s, 15.163 s]	224.0 ms (1.5%)
tracing	15.227 s [15.227 s, 15.227 s]	288.0 ms (1.9%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.46.0-SNAPSHOT~47af939ee7, baseline=1.46.0-SNAPSHOT~ae1aa30548
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.469 ms) : 1457, 1480
.   : milestone, 1469,
appsec (2.364 ms) : 2321, 2407
.   : milestone, 2364,
iast (2.111 ms) : 2056, 2165
.   : milestone, 2111,
iast_GLOBAL (2.152 ms) : 2097, 2206
.   : milestone, 2152,
profiling (2.465 ms) : 2278, 2652
.   : milestone, 2465,
tracing (1.949 ms) : 1907, 1990
.   : milestone, 1949,
section candidate
no_agent (1.469 ms) : 1458, 1481
.   : milestone, 1469,
appsec (2.364 ms) : 2321, 2407
.   : milestone, 2364,
iast (2.111 ms) : 2057, 2166
.   : milestone, 2111,
iast_GLOBAL (2.146 ms) : 2092, 2201
.   : milestone, 2146,
profiling (1.978 ms) : 1935, 2022
.   : milestone, 1978,
tracing (1.942 ms) : 1900, 1984
.   : milestone, 1942,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.469 ms [1.457 ms, 1.48 ms]	-
appsec	2.364 ms [2.321 ms, 2.407 ms]	895.357 µs (61.0%)
iast	2.111 ms [2.056 ms, 2.165 ms]	642.146 µs (43.7%)
iast_GLOBAL	2.152 ms [2.097 ms, 2.206 ms]	682.868 µs (46.5%)
profiling	2.465 ms [2.278 ms, 2.652 ms]	996.019 µs (67.8%)
tracing	1.949 ms [1.907 ms, 1.99 ms]	480.058 µs (32.7%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.469 ms [1.458 ms, 1.481 ms]	-
appsec	2.364 ms [2.321 ms, 2.407 ms]	894.644 µs (60.9%)
iast	2.111 ms [2.057 ms, 2.166 ms]	641.993 µs (43.7%)
iast_GLOBAL	2.146 ms [2.092 ms, 2.201 ms]	677.247 µs (46.1%)
profiling	1.978 ms [1.935 ms, 2.022 ms]	509.139 µs (34.7%)
tracing	1.942 ms [1.9 ms, 1.984 ms]	472.802 µs (32.2%)

| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [com.google.cloud:google-cloud-datastore](https://github.com/googleapis/java-datastore) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.25.4` -> `2.26.0` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.45.2` -> `1.46.0` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.45.2` -> `1.46.0` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | --- ### Release Notes <details> <summary>googleapis/java-datastore (com.google.cloud:google-cloud-datastore)</summary> ### [`v2.26.0`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2260-2025-01-29) ##### Features - Add firestoreInDatastoreMode for datastore emulator ([#1698](googleapis/java-datastore#1698)) ([50f106d](googleapis/java-datastore@50f106d)) ##### Dependencies - Update dependency com.google.cloud:sdk-platform-java-config to v3.42.0 ([#1725](googleapis/java-datastore#1725)) ([1cbaf22](googleapis/java-datastore@1cbaf22)) </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.46.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.46.0): 1.46.0 ##### Breaking Changes > \[!WARNING] > jnr-unixsocket is now an external dependency of dd-trace-ot and must be included when deploying dd-trace-ot. > \[!NOTE] > The API `TracerScope.setAsync(boolean)`, used to manually control asynchronous span propagation, does no more apply to the scope instance but to the active span scope. ##### Components ##### Application Security Management (IAST) - 🐛 Fix String.replace instrumentation for IAST ([#8281](DataDog/dd-trace-java#8281) - [@Mariovido](https://github.com/Mariovido)) - ✨ Apply the standard nomenclature to the stacktrace configs ([#8244](DataDog/dd-trace-java#8244) - [@jandro996](https://github.com/jandro996)) - 🐛 Exclude false positive weak randomness ([#8232](DataDog/dd-trace-java#8232) - [@jandro996](https://github.com/jandro996)) - ✨ Propagation of translateEscapes of String class ([#8186](DataDog/dd-trace-java#8186) - [@sezen-datadog](https://github.com/sezen-datadog)) - ✨ Add security control metrics ([#8175](DataDog/dd-trace-java#8175) - [@jandro996](https://github.com/jandro996)) - ✨ Increase IAST propagation to StringBuffer setLength ([#8128](DataDog/dd-trace-java#8128) - [@Mariovido](https://github.com/Mariovido)) - ✨ Add IAST taint tracking for DB values ([#8072](DataDog/dd-trace-java#8072) - [@Mariovido](https://github.com/Mariovido)) ##### Application Security Management (WAF) - 🐛 Prevents a NPE when there is no subscriber for user events ([#8258](DataDog/dd-trace-java#8258) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Apply the standard nomenclature to the stacktrace configs ([#8244](DataDog/dd-trace-java#8244) - [@jandro996](https://github.com/jandro996)) - 🐛 Ensure cached subscriptions are cleared on reconfiguration via RC ([#8229](DataDog/dd-trace-java#8229) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Add support for session tracking in Vertx ([#8167](DataDog/dd-trace-java#8167) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Create span tag: \_dd.appsec.rasp.timeout ([#8269](DataDog/dd-trace-java#8269) - [@Mariovido](https://github.com/Mariovido)) ##### Build & Tooling - 🐛 Ensure shaded helpers have unique names when injected into class-loaders ([#8192](DataDog/dd-trace-java#8192) - [@mcculls](https://github.com/mcculls)) ##### Configuration at Runtime - 🐛 Remove filtering of `DD_SERVICE` and `DD_ENV` from the tracer ([#8176](DataDog/dd-trace-java#8176) - [@mhlidd](https://github.com/mhlidd)) ##### Continuous Integration Visibility - 🧹 Generalize TestRetryPolicy to TestExecutionPolicy ([#8302](DataDog/dd-trace-java#8302) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Parallelize CI Visibility settings requests ([#8299](DataDog/dd-trace-java#8299) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Generalize test retry logic ([#8289](DataDog/dd-trace-java#8289) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Generalize tests skipping logic ([#8288](DataDog/dd-trace-java#8288) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Remove skip and shouldBeSkipped methods from TestEventsHandler in favor of isSkippable ([#8286](DataDog/dd-trace-java#8286) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨⚡ Optimize Git repository information computation ([#8270](DataDog/dd-trace-java#8270) - [@dougqh](https://github.com/dougqh)) - ✨ Always request known tests from the backend ([#8268](DataDog/dd-trace-java#8268) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Fix NPE when trying to get retry analyzer in Test NG ([#8253](DataDog/dd-trace-java#8253) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Set test framework and test framework version tags atomically ([#8252](DataDog/dd-trace-java#8252) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add debug logging to Android Gradle module layout logic ([#8251](DataDog/dd-trace-java#8251) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Fix source and destination folders computation for Android Gradle projects ([#8190](DataDog/dd-trace-java#8190) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add basic Scala Weaver sbt support ([#8189](DataDog/dd-trace-java#8189) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Implement impacted tests detection ([#8188](DataDog/dd-trace-java#8188) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) ##### Data Streams Monitoring - ✨ Change hash computation for protobuf to better represent impacting changes + save proto number in schema ([#8201](DataDog/dd-trace-java#8201) - [@vandonr](https://github.com/vandonr)) ##### Database Monitoring - Add peer service tag in dbm sql commenter ([#7913](DataDog/dd-trace-java#7913) - [@jordan-wong](https://github.com/jordan-wong)) ##### Dynamic Instrumentation - ✨ Add support for SymDB to scan directories ([#8306](DataDog/dd-trace-java#8306) - [@jpbempel](https://github.com/jpbempel)) - ✨ Add SymDB report for any jar scanning failures ([#8300](DataDog/dd-trace-java#8300) - [@jpbempel](https://github.com/jpbempel)) - ✨ Use two budgets depending on type ([#8283](DataDog/dd-trace-java#8283) - [@evanchooly](https://github.com/evanchooly)) - ✨ Institute a 10 snapshot per probe per trace budget ([#8277](DataDog/dd-trace-java#8277) - [@evanchooly](https://github.com/evanchooly)) - 🐛 Avoid double snapshots for Exception Replay ([#8273](DataDog/dd-trace-java#8273) - [@jpbempel](https://github.com/jpbempel)) - ✨ Simplify code origins. Separate out snapshot generation. ([#8263](DataDog/dd-trace-java#8263) - [@evanchooly](https://github.com/evanchooly)) - ✨ Add Exception probe custom instrumentation ([#8230](DataDog/dd-trace-java#8230) - [@jpbempel](https://github.com/jpbempel)) - ✨ Enhance log probes to honor debug session tags ([#8215](DataDog/dd-trace-java#8215) - [@evanchooly](https://github.com/evanchooly)) - 🐛 Don't redact env tokens from debugger probe snapshots ([#8211](DataDog/dd-trace-java#8211) - [@watson](https://github.com/watson)) - ✨⚡ Move Trace/SpanId capture at commit time ([#8184](DataDog/dd-trace-java#8184) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Capture values at entry for method probe ([#8169](DataDog/dd-trace-java#8169) - [@jpbempel](https://github.com/jpbempel)) ##### JMX fetch - 🐛 Mute JMXFetch Shutdown in progress error ([#8068](DataDog/dd-trace-java#8068) - [@ygree](https://github.com/ygree)) ##### OpenTracing - ⚠️🧹 Make jnr-unixsocket an explicit dependency of dd-trace-ot ([#8307](DataDog/dd-trace-java#8307) - [@mcculls](https://github.com/mcculls)) ##### Profiling - 🐛 Avoid unsupported API call for creating folders on windows ([#8304](DataDog/dd-trace-java#8304) - [@jbachorik](https://github.com/jbachorik)) - ✨ Tag profiles for serverless ([#8279](DataDog/dd-trace-java#8279) - [@jbachorik](https://github.com/jbachorik)) - ✨ add queue type and length to queue events ([#8242](DataDog/dd-trace-java#8242) - [@richardstartin](https://github.com/richardstartin)) - 🐛 TempLocationManager Fixes and Improvements ([#8191](DataDog/dd-trace-java#8191) - [@jbachorik](https://github.com/jbachorik)) - ✨ Bump ddprof to 1.18.0 ([#8173](DataDog/dd-trace-java#8173) - [@jbachorik](https://github.com/jbachorik)) - ✨ Report profiler initialization and configuration errors to telemetry ([#8171](DataDog/dd-trace-java#8171) - [@jbachorik](https://github.com/jbachorik)) ##### Telemetry - ✨ Add pending traces report in tracer flares ([#8053](DataDog/dd-trace-java#8053) - [@mhlidd](https://github.com/mhlidd)) ##### Testing - ✨ Test http server requests in parallel ([#8222](DataDog/dd-trace-java#8222) - [@amarziali](https://github.com/amarziali)) ##### Trace context propagation - ✨ Add non default propagator registration ([#8310](DataDog/dd-trace-java#8310) - [@PerfectSlayer](https://github.com/PerfectSlayer)) ##### Tracer core - ✨ Probe for existence of IBMSASL or ACCP security providers ([#8276](DataDog/dd-trace-java#8276) - [@mcculls](https://github.com/mcculls)) - ✨⚡ Overhead improvement to agent feedback based sampling ([#8265](DataDog/dd-trace-java#8265) - [@dougqh](https://github.com/dougqh)) - 🧹 Move async propagation API from scope to tracer ([#8231](DataDog/dd-trace-java#8231) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨ Introduce context propagation API ([#8161](DataDog/dd-trace-java#8161) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨🧪 Use env-entry to add tags per webapp deployment ([#8138](DataDog/dd-trace-java#8138) - [@amarziali](https://github.com/amarziali)) - ✨ Introduce context helpers API ([#8134](DataDog/dd-trace-java#8134) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨ Support IPv6 values for `DD_AGENT_HOST` and `DD_TRACE_AGENT_URL` ([#7984](DataDog/dd-trace-java#7984) - [@mhlidd](https://github.com/mhlidd)) ##### Instrumentations ##### Apache HttpComponents - 🐛 Properly finish spans and support latest apache httpclient5 ([#8272](DataDog/dd-trace-java#8272) - [@amarziali](https://github.com/amarziali)) ##### AWS Lambda instrumentation - 🐛 Properly capture lambda payloads for all handler types. ([#8264](DataDog/dd-trace-java#8264) - [@purple4reina](https://github.com/purple4reina)) ##### AWS S3 instrumentation - 💡 Create S3 instrumentation + add span pointers ([#8075](DataDog/dd-trace-java#8075) - [@nhulston](https://github.com/nhulston)) ##### AWS SDK instrumentation - 🐛 Revert "Add avoid double instrumenting lambda non-streaming handlers." ([#8247](DataDog/dd-trace-java#8247) - [@nhulston](https://github.com/nhulston)) ##### Cassandra - ✨ Allow extracting keyspace from statement result ([#8239](DataDog/dd-trace-java#8239) - [@amarziali](https://github.com/amarziali)) ##### Core Java language instrumentation - ✨ Propagation of translateEscapes of String class ([#8186](DataDog/dd-trace-java#8186) - [@sezen-datadog](https://github.com/sezen-datadog)) ##### Eclipse Vert.x instrumentation - 🐛 Fix vertx worker propagation and error handling ([#8237](DataDog/dd-trace-java#8237) - [@amarziali](https://github.com/amarziali)) - ✨ Support vertx 5 ([#8220](DataDog/dd-trace-java#8220) - [@amarziali](https://github.com/amarziali)) - ✨ Add support for session tracking in Vertx ([#8167](DataDog/dd-trace-java#8167) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) ##### Kafka instrumentation - 🐛 Prevent possible NPE calculating Kafka record header size ([#8292](DataDog/dd-trace-java#8292) - [@ygree](https://github.com/ygree)) ##### Mule instrumentation - 🐛 Fix crash using Mule with JPMS ([#8187](DataDog/dd-trace-java#8187) - [@amarziali](https://github.com/amarziali)) ##### Protocol Buffer instrumentation - ✨ Change hash computation for protobuf to better represent impacting changes + save proto number in schema ([#8201](DataDog/dd-trace-java#8201) - [@vandonr](https://github.com/vandonr)) ##### Spring instrumentation - 🐛 Preserve getQualifier from spring scheduling runnables ([#8293](DataDog/dd-trace-java#8293) - [@amarziali](https://github.com/amarziali)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: bb09d47e4eed77a003f630273b4d0a84003eb899

Ensure cached subscriptions are cleared on reconfiguration via RC

d0e0c56

manuel-alvarez-alvarez added type: bug Bug report and fix comp: asm waf Application Security Management (WAF) labels Jan 16, 2025

manuel-alvarez-alvarez requested a review from a team as a code owner January 16, 2025 12:57

manuel-alvarez-alvarez requested review from ValentinZakharov, jandro996, sezen-datadog and smola January 16, 2025 12:57

smola reviewed Jan 16, 2025

View reviewed changes

dd-java-agent/appsec/src/main/java/com/datadog/appsec/AppSecSystem.java Outdated Show resolved Hide resolved

Avoid race conditions

47af939

manuel-alvarez-alvarez requested a review from smola January 16, 2025 14:03

Mariovido approved these changes Jan 16, 2025

View reviewed changes

smola approved these changes Jan 17, 2025

View reviewed changes

manuel-alvarez-alvarez added type: bug Bug report and fix and removed type: bug Bug report and fix labels Jan 17, 2025

manuel-alvarez-alvarez merged commit aa815e4 into master Jan 17, 2025
173 of 174 checks passed

manuel-alvarez-alvarez deleted the malvarez/waf-fix-cached-subscriptions branch January 17, 2025 12:36

github-actions bot added this to the 1.46.0 milestone Jan 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Ensure cached subscriptions are cleared on reconfiguration via RC #8229

Ensure cached subscriptions are cleared on reconfiguration via RC #8229

Uh oh!

manuel-alvarez-alvarez commented Jan 16, 2025 •

edited

Loading

Uh oh!

Uh oh!

pr-commenter bot commented Jan 16, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Ensure cached subscriptions are cleared on reconfiguration via RC #8229

Ensure cached subscriptions are cleared on reconfiguration via RC #8229

Uh oh!

Conversation

manuel-alvarez-alvarez commented Jan 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What Does This Do

Motivation

Additional Notes

Contributor Checklist

Uh oh!

Uh oh!

pr-commenter bot commented Jan 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Benchmarks

Startup

Parameters

Summary

Load

Parameters

Summary

Dacapo

Parameters

Summary

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

manuel-alvarez-alvarez commented Jan 16, 2025 •

edited

Loading

pr-commenter bot commented Jan 16, 2025 •

edited

Loading