Exclude IBM Instana from IAST #8406

smola · 2025-02-17T18:28:30Z

What Does This Do

Exclude IBM Instana from IAST instrumentation. This avoids false positive on weak randomness, and hopefully also avoids performance or compatibility issues.

Motivation

Additional Notes

Contributor Checklist

Format the title according the contribution guidelines
Assign the type: and (comp: or inst:) labels in addition to any usefull labels
Don't use close, fix or any linking keywords when referencing an issue.
Use solves instead, and assign the PR milestone to the issue
Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-56799

pr-commenter · 2025-02-17T19:16:31Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	smola/exclude-instana
git_commit_date	1739875872	1739876008
git_commit_sha	`ebdbdd4`	`a19d623`
release_version	1.47.0-SNAPSHOT~ebdbdd43a2	1.47.0-SNAPSHOT~a19d6232dd

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1739878595	1739878595
ci_job_id	811671877	811671877
ci_pipeline_id	56135354	56135354
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-tkvbt1j7-project-304-concurrent-1-zf5ic4i5 6.8.0-1021-aws #23~22.04.1-Ubuntu SMP Tue Dec 10 16:50:46 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-tkvbt1j7-project-304-concurrent-1-zf5ic4i5 6.8.0-1021-aws #23~22.04.1-Ubuntu SMP Tue Dec 10 16:50:46 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 58 metrics, 5 unstable metrics.

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.47.0-SNAPSHOT~a19d6232dd, baseline=1.47.0-SNAPSHOT~ebdbdd43a2

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.044 s) : 0, 1044237
Total [baseline] (8.652 s) : 0, 8652354
Agent [candidate] (1.039 s) : 0, 1038966
Total [candidate] (8.628 s) : 0, 8628478
section iast
Agent [baseline] (1.188 s) : 0, 1188260
Total [baseline] (9.286 s) : 0, 9285721
Agent [candidate] (1.177 s) : 0, 1177136
Total [candidate] (9.268 s) : 0, 9267919
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.169 s) : 0, 1168841
Total [baseline] (9.188 s) : 0, 9188073
Agent [candidate] (1.176 s) : 0, 1176056
Total [candidate] (9.189 s) : 0, 9188618
section iast_TELEMETRY_OFF
Agent [baseline] (1.181 s) : 0, 1181067
Total [baseline] (9.259 s) : 0, 9259172
Agent [candidate] (1.167 s) : 0, 1166534
Total [candidate] (9.259 s) : 0, 9259322

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.044 s	-
Agent	iast	1.188 s	144.023 ms (13.8%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.169 s	124.604 ms (11.9%)
Agent	iast_TELEMETRY_OFF	1.181 s	136.829 ms (13.1%)
Total	tracing	8.652 s	-
Total	iast	9.286 s	633.367 ms (7.3%)
Total	iast_HARDCODED_SECRET_DISABLED	9.188 s	535.719 ms (6.2%)
Total	iast_TELEMETRY_OFF	9.259 s	606.818 ms (7.0%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.039 s	-
Agent	iast	1.177 s	138.17 ms (13.3%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.176 s	137.09 ms (13.2%)
Agent	iast_TELEMETRY_OFF	1.167 s	127.568 ms (12.3%)
Total	tracing	8.628 s	-
Total	iast	9.268 s	639.441 ms (7.4%)
Total	iast_HARDCODED_SECRET_DISABLED	9.189 s	560.14 ms (6.5%)
Total	iast_TELEMETRY_OFF	9.259 s	630.844 ms (7.3%)

gantt
    title insecure-bank - break down per module: candidate=1.47.0-SNAPSHOT~a19d6232dd, baseline=1.47.0-SNAPSHOT~ebdbdd43a2

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (719.086 ms) : 0, 719086
BytebuddyAgent [candidate] (715.837 ms) : 0, 715837
GlobalTracer [baseline] (240.312 ms) : 0, 240312
GlobalTracer [candidate] (239.146 ms) : 0, 239146
AppSec [baseline] (55.398 ms) : 0, 55398
AppSec [candidate] (55.286 ms) : 0, 55286
Remote Config [baseline] (690.691 µs) : 0, 691
Remote Config [candidate] (704.456 µs) : 0, 704
Telemetry [baseline] (13.446 ms) : 0, 13446
Telemetry [candidate] (12.849 ms) : 0, 12849
section iast
BytebuddyAgent [baseline] (848.997 ms) : 0, 848997
BytebuddyAgent [candidate] (840.762 ms) : 0, 840762
GlobalTracer [baseline] (233.17 ms) : 0, 233170
GlobalTracer [candidate] (231.435 ms) : 0, 231435
IAST [baseline] (23.367 ms) : 0, 23367
IAST [candidate] (22.87 ms) : 0, 22870
AppSec [baseline] (57.698 ms) : 0, 57698
AppSec [candidate] (57.3 ms) : 0, 57300
Remote Config [baseline] (618.573 µs) : 0, 619
Remote Config [candidate] (597.597 µs) : 0, 598
Telemetry [baseline] (8.875 ms) : 0, 8875
Telemetry [candidate] (8.684 ms) : 0, 8684
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (834.337 ms) : 0, 834337
BytebuddyAgent [candidate] (838.882 ms) : 0, 838882
GlobalTracer [baseline] (230.082 ms) : 0, 230082
GlobalTracer [candidate] (231.755 ms) : 0, 231755
IAST [baseline] (22.769 ms) : 0, 22769
IAST [candidate] (23.09 ms) : 0, 23090
AppSec [baseline] (57.126 ms) : 0, 57126
AppSec [candidate] (57.521 ms) : 0, 57521
Remote Config [baseline] (605.763 µs) : 0, 606
Remote Config [candidate] (604.036 µs) : 0, 604
Telemetry [baseline] (8.666 ms) : 0, 8666
Telemetry [candidate] (8.81 ms) : 0, 8810
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (843.29 ms) : 0, 843290
BytebuddyAgent [candidate] (832.888 ms) : 0, 832888
GlobalTracer [baseline] (232.495 ms) : 0, 232495
GlobalTracer [candidate] (230.309 ms) : 0, 230309
IAST [baseline] (26.452 ms) : 0, 26452
IAST [candidate] (24.37 ms) : 0, 24370
AppSec [baseline] (53.901 ms) : 0, 53901
AppSec [candidate] (54.589 ms) : 0, 54589
Remote Config [baseline] (653.391 µs) : 0, 653
Remote Config [candidate] (613.295 µs) : 0, 613
Telemetry [baseline] (8.826 ms) : 0, 8826
Telemetry [candidate] (8.484 ms) : 0, 8484

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.47.0-SNAPSHOT~a19d6232dd, baseline=1.47.0-SNAPSHOT~ebdbdd43a2

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.04 s) : 0, 1039779
Total [baseline] (10.494 s) : 0, 10493955
Agent [candidate] (1.052 s) : 0, 1051505
Total [candidate] (10.469 s) : 0, 10468693
section appsec
Agent [baseline] (1.19 s) : 0, 1189724
Total [baseline] (10.759 s) : 0, 10759066
Agent [candidate] (1.182 s) : 0, 1181596
Total [candidate] (10.753 s) : 0, 10753073
section iast
Agent [baseline] (1.176 s) : 0, 1175510
Total [baseline] (11.035 s) : 0, 11034665
Agent [candidate] (1.169 s) : 0, 1168652
Total [candidate] (10.938 s) : 0, 10937895
section profiling
Agent [baseline] (1.262 s) : 0, 1261838
Total [baseline] (10.846 s) : 0, 10846433
Agent [candidate] (1.259 s) : 0, 1259041
Total [candidate] (10.92 s) : 0, 10920200

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.04 s	-
Agent	appsec	1.19 s	149.945 ms (14.4%)
Agent	iast	1.176 s	135.731 ms (13.1%)
Agent	profiling	1.262 s	222.058 ms (21.4%)
Total	tracing	10.494 s	-
Total	appsec	10.759 s	265.11 ms (2.5%)
Total	iast	11.035 s	540.71 ms (5.2%)
Total	profiling	10.846 s	352.478 ms (3.4%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.052 s	-
Agent	appsec	1.182 s	130.091 ms (12.4%)
Agent	iast	1.169 s	117.148 ms (11.1%)
Agent	profiling	1.259 s	207.536 ms (19.7%)
Total	tracing	10.469 s	-
Total	appsec	10.753 s	284.381 ms (2.7%)
Total	iast	10.938 s	469.203 ms (4.5%)
Total	profiling	10.92 s	451.507 ms (4.3%)

gantt
    title petclinic - break down per module: candidate=1.47.0-SNAPSHOT~a19d6232dd, baseline=1.47.0-SNAPSHOT~ebdbdd43a2

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (716.631 ms) : 0, 716631
BytebuddyAgent [candidate] (726.514 ms) : 0, 726514
GlobalTracer [baseline] (239.305 ms) : 0, 239305
GlobalTracer [candidate] (240.98 ms) : 0, 240980
AppSec [baseline] (55.116 ms) : 0, 55116
AppSec [candidate] (55.72 ms) : 0, 55720
Remote Config [baseline] (696.902 µs) : 0, 697
Remote Config [candidate] (698.376 µs) : 0, 698
Telemetry [baseline] (12.811 ms) : 0, 12811
Telemetry [candidate] (12.203 ms) : 0, 12203
section appsec
BytebuddyAgent [baseline] (739.338 ms) : 0, 739338
BytebuddyAgent [candidate] (733.868 ms) : 0, 733868
GlobalTracer [baseline] (237.992 ms) : 0, 237992
GlobalTracer [candidate] (236.324 ms) : 0, 236324
IAST [baseline] (21.623 ms) : 0, 21623
IAST [candidate] (21.281 ms) : 0, 21281
AppSec [baseline] (177.29 ms) : 0, 177290
AppSec [candidate] (176.618 ms) : 0, 176618
Remote Config [baseline] (674.751 µs) : 0, 675
Remote Config [candidate] (662.697 µs) : 0, 663
Telemetry [baseline] (8.315 ms) : 0, 8315
Telemetry [candidate] (8.242 ms) : 0, 8242
section iast
BytebuddyAgent [baseline] (840.757 ms) : 0, 840757
BytebuddyAgent [candidate] (833.858 ms) : 0, 833858
GlobalTracer [baseline] (230.573 ms) : 0, 230573
GlobalTracer [candidate] (230.169 ms) : 0, 230169
IAST [baseline] (22.848 ms) : 0, 22848
IAST [candidate] (22.808 ms) : 0, 22808
AppSec [baseline] (56.737 ms) : 0, 56737
AppSec [candidate] (57.205 ms) : 0, 57205
Remote Config [baseline] (602.806 µs) : 0, 603
Remote Config [candidate] (606.157 µs) : 0, 606
Telemetry [baseline] (8.684 ms) : 0, 8684
Telemetry [candidate] (8.699 ms) : 0, 8699
section profiling
BytebuddyAgent [baseline] (708.003 ms) : 0, 708003
BytebuddyAgent [candidate] (707.383 ms) : 0, 707383
GlobalTracer [baseline] (349.915 ms) : 0, 349915
GlobalTracer [candidate] (350.072 ms) : 0, 350072
AppSec [baseline] (55.576 ms) : 0, 55576
AppSec [candidate] (54.385 ms) : 0, 54385
Remote Config [baseline] (663.409 µs) : 0, 663
Remote Config [candidate] (663.173 µs) : 0, 663
Telemetry [baseline] (8.882 ms) : 0, 8882
Telemetry [candidate] (8.815 ms) : 0, 8815
ProfilingAgent [baseline] (96.412 ms) : 0, 96412
ProfilingAgent [candidate] (95.466 ms) : 0, 95466
Profiling [baseline] (96.437 ms) : 0, 96437
Profiling [candidate] (95.491 ms) : 0, 95491

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2025-02-18T11:06:29	2025-02-18T11:13:34
git_branch	master	smola/exclude-instana
git_commit_date	1739875872	1739876008
git_commit_sha	`ebdbdd4`	`a19d623`
release_version	1.47.0-SNAPSHOT~ebdbdd43a2	1.47.0-SNAPSHOT~a19d6232dd
start_time	2025-02-18T11:06:15	2025-02-18T11:13:20

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1739877573	1739877573
ci_job_id	811671878	811671878
ci_pipeline_id	56135354	56135354
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-tkvbt1j7-project-304-concurrent-2-0s9ptdfo 6.8.0-1021-aws #23~22.04.1-Ubuntu SMP Tue Dec 10 16:50:46 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-tkvbt1j7-project-304-concurrent-2-0s9ptdfo 6.8.0-1021-aws #23~22.04.1-Ubuntu SMP Tue Dec 10 16:50:46 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 16 unstable metrics.

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.47.0-SNAPSHOT~a19d6232dd, baseline=1.47.0-SNAPSHOT~ebdbdd43a2
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.351 ms) : 1331, 1370
.   : milestone, 1351,
appsec (1.755 ms) : 1731, 1778
.   : milestone, 1755,
appsec_no_iast (1.751 ms) : 1725, 1777
.   : milestone, 1751,
iast (1.518 ms) : 1493, 1543
.   : milestone, 1518,
profiling (1.5 ms) : 1477, 1524
.   : milestone, 1500,
tracing (1.486 ms) : 1461, 1511
.   : milestone, 1486,
section candidate
no_agent (1.368 ms) : 1348, 1387
.   : milestone, 1368,
appsec (1.749 ms) : 1726, 1772
.   : milestone, 1749,
appsec_no_iast (1.751 ms) : 1726, 1776
.   : milestone, 1751,
iast (1.512 ms) : 1488, 1536
.   : milestone, 1512,
profiling (1.515 ms) : 1492, 1539
.   : milestone, 1515,
tracing (1.51 ms) : 1485, 1534
.   : milestone, 1510,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.351 ms [1.331 ms, 1.37 ms]	-
appsec	1.755 ms [1.731 ms, 1.778 ms]	403.741 µs (29.9%)
appsec_no_iast	1.751 ms [1.725 ms, 1.777 ms]	400.072 µs (29.6%)
iast	1.518 ms [1.493 ms, 1.543 ms]	166.995 µs (12.4%)
profiling	1.5 ms [1.477 ms, 1.524 ms]	149.611 µs (11.1%)
tracing	1.486 ms [1.461 ms, 1.511 ms]	135.219 µs (10.0%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.368 ms [1.348 ms, 1.387 ms]	-
appsec	1.749 ms [1.726 ms, 1.772 ms]	381.552 µs (27.9%)
appsec_no_iast	1.751 ms [1.726 ms, 1.776 ms]	383.889 µs (28.1%)
iast	1.512 ms [1.488 ms, 1.536 ms]	144.555 µs (10.6%)
profiling	1.515 ms [1.492 ms, 1.539 ms]	147.878 µs (10.8%)
tracing	1.51 ms [1.485 ms, 1.534 ms]	142.125 µs (10.4%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.47.0-SNAPSHOT~a19d6232dd, baseline=1.47.0-SNAPSHOT~ebdbdd43a2
    dateFormat X
    axisFormat %s
section baseline
no_agent (386.929 µs) : 367, 407
.   : milestone, 387,
iast (512.43 µs) : 491, 534
.   : milestone, 512,
iast_FULL (752.058 µs) : 730, 774
.   : milestone, 752,
iast_GLOBAL (552.936 µs) : 532, 574
.   : milestone, 553,
iast_HARDCODED_SECRET_DISABLED (509.023 µs) : 486, 532
.   : milestone, 509,
iast_INACTIVE (460.507 µs) : 439, 482
.   : milestone, 461,
iast_TELEMETRY_OFF (503.836 µs) : 481, 527
.   : milestone, 504,
tracing (452.779 µs) : 431, 474
.   : milestone, 453,
section candidate
no_agent (381.215 µs) : 361, 402
.   : milestone, 381,
iast (509.7 µs) : 488, 531
.   : milestone, 510,
iast_FULL (749.943 µs) : 728, 772
.   : milestone, 750,
iast_GLOBAL (558.252 µs) : 537, 580
.   : milestone, 558,
iast_HARDCODED_SECRET_DISABLED (512.835 µs) : 490, 535
.   : milestone, 513,
iast_INACTIVE (459.047 µs) : 438, 480
.   : milestone, 459,
iast_TELEMETRY_OFF (497.442 µs) : 475, 519
.   : milestone, 497,
tracing (459.314 µs) : 438, 481
.   : milestone, 459,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	386.929 µs [366.727 µs, 407.131 µs]	-
iast	512.43 µs [490.749 µs, 534.111 µs]	125.501 µs (32.4%)
iast_FULL	752.058 µs [730.152 µs, 773.963 µs]	365.128 µs (94.4%)
iast_GLOBAL	552.936 µs [531.515 µs, 574.358 µs]	166.007 µs (42.9%)
iast_HARDCODED_SECRET_DISABLED	509.023 µs [486.176 µs, 531.87 µs]	122.094 µs (31.6%)
iast_INACTIVE	460.507 µs [439.256 µs, 481.757 µs]	73.578 µs (19.0%)
iast_TELEMETRY_OFF	503.836 µs [480.556 µs, 527.117 µs]	116.907 µs (30.2%)
tracing	452.779 µs [431.474 µs, 474.084 µs]	65.85 µs (17.0%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	381.215 µs [360.75 µs, 401.68 µs]	-
iast	509.7 µs [488.271 µs, 531.129 µs]	128.485 µs (33.7%)
iast_FULL	749.943 µs [727.974 µs, 771.912 µs]	368.728 µs (96.7%)
iast_GLOBAL	558.252 µs [536.542 µs, 579.962 µs]	177.037 µs (46.4%)
iast_HARDCODED_SECRET_DISABLED	512.835 µs [490.374 µs, 535.295 µs]	131.619 µs (34.5%)
iast_INACTIVE	459.047 µs [437.934 µs, 480.161 µs]	77.832 µs (20.4%)
iast_TELEMETRY_OFF	497.442 µs [475.411 µs, 519.472 µs]	116.226 µs (30.5%)
tracing	459.314 µs [437.736 µs, 480.892 µs]	78.099 µs (20.5%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	smola/exclude-instana
git_commit_date	1739875872	1739876008
git_commit_sha	`ebdbdd4`	`a19d623`
release_version	1.47.0-SNAPSHOT~ebdbdd43a2	1.47.0-SNAPSHOT~a19d6232dd

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1739877786	1739877786
ci_job_id	811671879	811671879
ci_pipeline_id	56135354	56135354
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-jya8sx-a-project-304-concurrent-0-vhbi4bf6 6.8.0-1021-aws #23~22.04.1-Ubuntu SMP Tue Dec 10 16:50:46 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-jya8sx-a-project-304-concurrent-0-vhbi4bf6 6.8.0-1021-aws #23~22.04.1-Ubuntu SMP Tue Dec 10 16:50:46 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.47.0-SNAPSHOT~a19d6232dd, baseline=1.47.0-SNAPSHOT~ebdbdd43a2
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.896 s) : 14896000, 14896000
.   : milestone, 14896000,
appsec (15.192 s) : 15192000, 15192000
.   : milestone, 15192000,
iast (18.657 s) : 18657000, 18657000
.   : milestone, 18657000,
iast_GLOBAL (18.047 s) : 18047000, 18047000
.   : milestone, 18047000,
profiling (15.079 s) : 15079000, 15079000
.   : milestone, 15079000,
tracing (15.132 s) : 15132000, 15132000
.   : milestone, 15132000,
section candidate
no_agent (15.633 s) : 15633000, 15633000
.   : milestone, 15633000,
appsec (15.259 s) : 15259000, 15259000
.   : milestone, 15259000,
iast (18.842 s) : 18842000, 18842000
.   : milestone, 18842000,
iast_GLOBAL (17.736 s) : 17736000, 17736000
.   : milestone, 17736000,
profiling (15.572 s) : 15572000, 15572000
.   : milestone, 15572000,
tracing (14.823 s) : 14823000, 14823000
.   : milestone, 14823000,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.896 s [14.896 s, 14.896 s]	-
appsec	15.192 s [15.192 s, 15.192 s]	296.0 ms (2.0%)
iast	18.657 s [18.657 s, 18.657 s]	3.761 s (25.2%)
iast_GLOBAL	18.047 s [18.047 s, 18.047 s]	3.151 s (21.2%)
profiling	15.079 s [15.079 s, 15.079 s]	183.0 ms (1.2%)
tracing	15.132 s [15.132 s, 15.132 s]	236.0 ms (1.6%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.633 s [15.633 s, 15.633 s]	-
appsec	15.259 s [15.259 s, 15.259 s]	-374.0 ms (-2.4%)
iast	18.842 s [18.842 s, 18.842 s]	3.209 s (20.5%)
iast_GLOBAL	17.736 s [17.736 s, 17.736 s]	2.103 s (13.5%)
profiling	15.572 s [15.572 s, 15.572 s]	-61.0 ms (-0.4%)
tracing	14.823 s [14.823 s, 14.823 s]	-810.0 ms (-5.2%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.47.0-SNAPSHOT~a19d6232dd, baseline=1.47.0-SNAPSHOT~ebdbdd43a2
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.475 ms) : 1463, 1486
.   : milestone, 1475,
appsec (2.384 ms) : 2339, 2428
.   : milestone, 2384,
iast (2.141 ms) : 2084, 2197
.   : milestone, 2141,
iast_GLOBAL (2.179 ms) : 2122, 2236
.   : milestone, 2179,
profiling (1.977 ms) : 1933, 2021
.   : milestone, 1977,
tracing (1.963 ms) : 1919, 2006
.   : milestone, 1963,
section candidate
no_agent (1.477 ms) : 1465, 1488
.   : milestone, 1477,
appsec (2.386 ms) : 2342, 2430
.   : milestone, 2386,
iast (2.13 ms) : 2073, 2186
.   : milestone, 2130,
iast_GLOBAL (2.171 ms) : 2114, 2227
.   : milestone, 2171,
profiling (1.977 ms) : 1932, 2021
.   : milestone, 1977,
tracing (1.98 ms) : 1937, 2024
.   : milestone, 1980,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.475 ms [1.463 ms, 1.486 ms]	-
appsec	2.384 ms [2.339 ms, 2.428 ms]	908.704 µs (61.6%)
iast	2.141 ms [2.084 ms, 2.197 ms]	665.65 µs (45.1%)
iast_GLOBAL	2.179 ms [2.122 ms, 2.236 ms]	704.135 µs (47.7%)
profiling	1.977 ms [1.933 ms, 2.021 ms]	502.224 µs (34.1%)
tracing	1.963 ms [1.919 ms, 2.006 ms]	487.613 µs (33.1%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.477 ms [1.465 ms, 1.488 ms]	-
appsec	2.386 ms [2.342 ms, 2.43 ms]	909.439 µs (61.6%)
iast	2.13 ms [2.073 ms, 2.186 ms]	653.124 µs (44.2%)
iast_GLOBAL	2.171 ms [2.114 ms, 2.227 ms]	693.824 µs (47.0%)
profiling	1.977 ms [1.932 ms, 2.021 ms]	500.2 µs (33.9%)
tracing	1.98 ms [1.937 ms, 2.024 ms]	503.58 µs (34.1%)

| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.46.1` -> `1.47.0` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.46.1` -> `1.47.0` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.33` -> `2.30.34` | | [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.33` -> `2.30.34` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.33` -> `2.30.34` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.33` -> `2.30.34` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.33` -> `2.30.34` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.33` -> `2.30.34` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.33` -> `2.30.34` | --- ### Release Notes <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.47.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.47.0): 1.47.0 ##### Components ##### Application Security Management (IAST) - 🐛 Exclude com.stripe.net.HttpURLConnectionClient to solve IAST SSRF vulnerability false positives ([#8483](DataDog/dd-trace-java#8483) - [@jandro996](https://github.com/jandro996)) - 🐛 Add exclusion to solve IAST weak randomness vulnerability false positives ([#8462](DataDog/dd-trace-java#8462) - [@jandro996](https://github.com/jandro996)) - ✨ Fix weak randomness false positive in Kafka client ([#8408](DataDog/dd-trace-java#8408) - [@smola](https://github.com/smola)) - ✨ Fix location for SSRF with Kong Unirest ([#8407](DataDog/dd-trace-java#8407) - [@smola](https://github.com/smola)) - ✨ Exclude IBM Instana from IAST ([#8406](DataDog/dd-trace-java#8406) - [@smola](https://github.com/smola)) - 🐛 Fix org.json iast instrumentation test for latest dependency ([#8347](DataDog/dd-trace-java#8347) - [@jandro996](https://github.com/jandro996)) - ✨ Configuration to Disable APM Tracing ([#8219](DataDog/dd-trace-java#8219) - [@jandro996](https://github.com/jandro996)) - ✨ Address cookie vulnerability cardinality issues ([#8210](DataDog/dd-trace-java#8210) - [@jandro996](https://github.com/jandro996)) - ✨ Email HTML Injection detection in IAST ([#8205](DataDog/dd-trace-java#8205) - [@sezen-datadog](https://github.com/sezen-datadog)) ##### Application Security Management (WAF) - 🐛✨ Ensure usr.exists tag is not overridden when UsernameNotFoundException is thrown ([#8376](DataDog/dd-trace-java#8376) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - 🐛✨ Ensure usr.exists tag is not overridden by auto instrumentation ([#8374](DataDog/dd-trace-java#8374) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Update appsec metrics with event_rules_version tag ([#8354](DataDog/dd-trace-java#8354) - [@sezen-datadog](https://github.com/sezen-datadog)) - ✨ Update metrics: appsec.waf.requests ([#8353](DataDog/dd-trace-java#8353) - [@Mariovido](https://github.com/Mariovido)) - ✨ Improve ASM support in vert.x 5.0 ([#8285](DataDog/dd-trace-java#8285) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Update metrics: appsec.waf.updates and appsec.waf.init ([#8280](DataDog/dd-trace-java#8280) - [@Mariovido](https://github.com/Mariovido)) - ✨ Configuration to Disable APM Tracing ([#8219](DataDog/dd-trace-java#8219) - [@jandro996](https://github.com/jandro996)) ##### Build & Tooling - 🐛 Do not generate Muzzle references for primitive arrays in method body ([#8361](DataDog/dd-trace-java#8361) - [@amarziali](https://github.com/amarziali)) - 📖 Improve dev env setup documentation for Windows ([#8180](DataDog/dd-trace-java#8180) - [@lucaspimentel](https://github.com/lucaspimentel)) ##### Continuous Integration Visibility - ✨ Add support for skip-EFD tagging ([#8487](DataDog/dd-trace-java#8487) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Fix an NPE in Gradle Android instrumentation ([#8484](DataDog/dd-trace-java#8484) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Consider modified tests when applying fail-fast tests ordering ([#8474](DataDog/dd-trace-java#8474) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Implement tests reordering for TestNG ([#8467](DataDog/dd-trace-java#8467) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Fix Gradle Launcher instrumentation to not interfere with Gradle Test Kit ([#8465](DataDog/dd-trace-java#8465) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Use separate TestEventHandlers per framework in CI Vis instrumentations ([#8451](DataDog/dd-trace-java#8451) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Remove warning log when JUnit 4 test method cannot be retrieved ([#8445](DataDog/dd-trace-java#8445) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Fix Scalatest tracing for tests that are reported asynchronously ([#8444](DataDog/dd-trace-java#8444) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Implement attempt to fix tests ([#8393](DataDog/dd-trace-java#8393) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Implement test disabling ([#8377](DataDog/dd-trace-java#8377) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Update CODEOWNERS parser to not log errors on comments with leading whitespace ([#8349](DataDog/dd-trace-java#8349) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Request Test Management tests list ([#8345](DataDog/dd-trace-java#8345) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Receive test management settings from CIVis settings request ([#8331](DataDog/dd-trace-java#8331) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Implement quarantined tests tagging ([#8326](DataDog/dd-trace-java#8326) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Implement tests quarantining ([#8320](DataDog/dd-trace-java#8320) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add tag to specify if the user is setting DD_SERVICE ([#8318](DataDog/dd-trace-java#8318) - [@daniel-mohedano](https://github.com/daniel-mohedano)) ##### Crash tracking - ✨ Only fork jps when required ([#8419](DataDog/dd-trace-java#8419) - [@mcculls](https://github.com/mcculls)) - 🐛 Use Java home of the crashed process to launch crash uploader ([#8348](DataDog/dd-trace-java#8348) - [@jbachorik](https://github.com/jbachorik)) ##### Data Streams Monitoring - 🐛 Fix error happening when sqs message attributes are readonly ([#8473](DataDog/dd-trace-java#8473) - [@vandonr](https://github.com/vandonr)) - 🐛 Fix bug on proto schema extraction ([#8403](DataDog/dd-trace-java#8403) - [@vandonr](https://github.com/vandonr)) - 🐛 Fix service name overrides in consumers ([#8387](DataDog/dd-trace-java#8387) - [@piochelepiotr](https://github.com/piochelepiotr)) ##### Database Monitoring - ✨ Add DBMTracePreparedStatements to tracer configuration log ([#8508](DataDog/dd-trace-java#8508) - [@cecile75](https://github.com/cecile75)) ##### Dynamic Instrumentation - ✨ Look in another location for grpc service methods ([#8468](DataDog/dd-trace-java#8468) - [@evanchooly](https://github.com/evanchooly)) - 🐛 Fix Exception Replay with Lambda proxy classes ([#8452](DataDog/dd-trace-java#8452) - [@jpbempel](https://github.com/jpbempel)) - ✨ Add code origin support for spring-webmvc ([#8416](DataDog/dd-trace-java#8416) - [@evanchooly](https://github.com/evanchooly)) - ✨ Add support for scanning jar from loaded class ([#8370](DataDog/dd-trace-java#8370) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Disable capture of entry values ([#8369](DataDog/dd-trace-java#8369) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Fix CodeOrigin for `@Trace` annotation ([#8344](DataDog/dd-trace-java#8344) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Fix equals/hashCode for CodeOrigin probe ([#8319](DataDog/dd-trace-java#8319) - [@jpbempel](https://github.com/jpbempel)) - ✨ Add code origin support to kafka message listeners ([#8301](DataDog/dd-trace-java#8301) - [@evanchooly](https://github.com/evanchooly)) ##### Metrics - ✨ Create metric: appsec.waf.error ([#8381](DataDog/dd-trace-java#8381) - [@sezen-datadog](https://github.com/sezen-datadog)) - ✨ Create metric: appsec.rasp.error ([#8364](DataDog/dd-trace-java#8364) - [@sezen-datadog](https://github.com/sezen-datadog)) ##### Profiling - ✨ Bump ddprof library to 1.22.0 ([#8463](DataDog/dd-trace-java#8463) - [@jbachorik](https://github.com/jbachorik)) - IBM J9 8u361 corresponds to OpenJDK 8u362 by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#187 - Fix compatibility with musl libc 1.2.4 by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#189 - Modify version extraction by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#179 - Do not write null values to jvminfo event by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#184 - Productize VMStructs-based stack walker by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#177 - A few minor downport issues by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#180 - Enable ASGCT by default on fairly safe J9 JDK versions by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#181 - 🐛 Exclude OrderedThreadPoolExecutor from queue-time measurements ([#8456](DataDog/dd-trace-java#8456) - [@jbachorik](https://github.com/jbachorik)) - ✨ Record JVM info on JVMs without JFR ([#8431](DataDog/dd-trace-java#8431) - [@jbachorik](https://github.com/jbachorik)) - 🐛 Actually use CleanupTask in TempLocationManager ([#8420](DataDog/dd-trace-java#8420) - [@mcculls](https://github.com/mcculls)) - ✨ Only fork jps when required ([#8419](DataDog/dd-trace-java#8419) - [@mcculls](https://github.com/mcculls)) - 🐛 Adjust JFR checks for J9 ([#8405](DataDog/dd-trace-java#8405) - [@jbachorik](https://github.com/jbachorik)) - 🧹 Disable smap RSS parsing by default ([#8342](DataDog/dd-trace-java#8342) - [@MattAlp](https://github.com/MattAlp)) ##### Telemetry - 🐛 Add support for JBoss jar:file format to DependencyResolver ([#8428](DataDog/dd-trace-java#8428) - [@jandro996](https://github.com/jandro996)) - ✨ Update metrics: appsec.waf.requests ([#8353](DataDog/dd-trace-java#8353) - [@Mariovido](https://github.com/Mariovido)) ##### Trace context propagation - ✨ Introduce tracing propagator ([#8313](DataDog/dd-trace-java#8313) - [@PerfectSlayer](https://github.com/PerfectSlayer)) ##### Tracer core - 🐛 Fix Stable Config telemetry source names ([#8460](DataDog/dd-trace-java#8460) - [@BaptisteFoy](https://github.com/BaptisteFoy)) - ✨ Probe trace endpoints with a valid payload of empty arrays ([#8414](DataDog/dd-trace-java#8414) - [@mcculls](https://github.com/mcculls)) - ✨ Add 1 minute fail-safe to JUL/JMX class-loading callback ([#8399](DataDog/dd-trace-java#8399) - [@mcculls](https://github.com/mcculls)) - ✨ Migrate DSM injection calls to context-first APIs ([#8383](DataDog/dd-trace-java#8383) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - 🧹 Move continuation capture methods from scope to tracer ([#8371](DataDog/dd-trace-java#8371) - [@mcculls](https://github.com/mcculls)) - ✨ Migrate context extraction calls to context-first APIs ([#8368](DataDog/dd-trace-java#8368) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - 🧹 Migrate context injection calls to context-first APIs ([#8358](DataDog/dd-trace-java#8358) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - 💡 Support reading configurations from files ([#8338](DataDog/dd-trace-java#8338) - [@mtoffl01](https://github.com/mtoffl01)) - 💡 Implementation of BaggagePropagator and BaggageContext ([#8330](DataDog/dd-trace-java#8330) - [@mhlidd](https://github.com/mhlidd)) - 🧹 Combine continuation implementations into one which supports multiple activations ([#8324](DataDog/dd-trace-java#8324) - [@mcculls](https://github.com/mcculls)) - ✨ Introduce tracing propagator ([#8313](DataDog/dd-trace-java#8313) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨ Remove old context propagation API ([#8271](DataDog/dd-trace-java#8271) - [@PerfectSlayer](https://github.com/PerfectSlayer)) ##### Instrumentations ##### AWS Lambda instrumentation - 🐛 Send error message and stack to Lambda extension ([#8417](DataDog/dd-trace-java#8417) - [@nhulston](https://github.com/nhulston)) ##### AWS SDK instrumentation - 🐛 Fix error happening when sqs message attributes are readonly ([#8473](DataDog/dd-trace-java#8473) - [@vandonr](https://github.com/vandonr)) - 💡 Inject trace context into AWS Step Functions input ([#7585](DataDog/dd-trace-java#7585) - [@DylanLovesCoffee](https://github.com/DylanLovesCoffee)) ##### Core Java language instrumentation - ✨ Look in another location for grpc service methods ([#8468](DataDog/dd-trace-java#8468) - [@evanchooly](https://github.com/evanchooly)) - ✨ Add code origin support for spring-webmvc ([#8416](DataDog/dd-trace-java#8416) - [@evanchooly](https://github.com/evanchooly)) - 💡 Implementation of BaggagePropagator and BaggageContext ([#8330](DataDog/dd-trace-java#8330) - [@mhlidd](https://github.com/mhlidd)) - ✨ Add code origin support to kafka message listeners ([#8301](DataDog/dd-trace-java#8301) - [@evanchooly](https://github.com/evanchooly)) ##### gRPC instrumentation - ✨ Look in another location for grpc service methods ([#8468](DataDog/dd-trace-java#8468) - [@evanchooly](https://github.com/evanchooly)) ##### Kafka instrumentation - ✨ Add messaging.destination.name tag to kafka integrations ([#8366](DataDog/dd-trace-java#8366) - [@rarguelloF](https://github.com/rarguelloF)) ##### Protocol Buffer instrumentation - 🐛 Fix bug on proto schema extraction ([#8403](DataDog/dd-trace-java#8403) - [@vandonr](https://github.com/vandonr)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 108a0f86aa59ab4c938cbac0688dd4c19cb301fa

Exclude IBM Instana from IAST

637a72b

smola added type: enhancement comp: asm iast Application Security Management (IAST) labels Feb 17, 2025

smola requested a review from a team as a code owner February 17, 2025 18:28

smola requested review from manuel-alvarez-alvarez and sezen-datadog February 17, 2025 18:28

manuel-alvarez-alvarez approved these changes Feb 18, 2025

View reviewed changes

Merge branch 'master' into smola/exclude-instana

a19d623

smola enabled auto-merge (squash) February 18, 2025 10:53

Merge branch 'master' into smola/exclude-instana

03fa78b

smola merged commit a8709ee into master Feb 18, 2025
200 of 201 checks passed

smola deleted the smola/exclude-instana branch February 18, 2025 17:21

github-actions bot added this to the 1.47.0 milestone Feb 18, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Exclude IBM Instana from IAST #8406

Exclude IBM Instana from IAST #8406

Uh oh!

smola commented Feb 17, 2025 •

edited by jira bot

Loading

Uh oh!

pr-commenter bot commented Feb 17, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Exclude IBM Instana from IAST #8406

Exclude IBM Instana from IAST #8406

Uh oh!

Conversation

smola commented Feb 17, 2025 • edited by jira bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What Does This Do

Motivation

Additional Notes

Contributor Checklist

Uh oh!

pr-commenter bot commented Feb 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Benchmarks

Startup

Parameters

Summary

Load

Parameters

Summary

Dacapo

Parameters

Summary

Uh oh!

Uh oh!

Uh oh!

smola commented Feb 17, 2025 •

edited by jira bot

Loading

pr-commenter bot commented Feb 17, 2025 •

edited

Loading