Enforce size limit on application_monitoring.yaml files #8789

mtoffl01 · 2025-05-08T19:31:34Z

What Does This Do

Introduces a file size limit (256 KB) to limit the maximum "hands off" configuration file size that we will read.

Motivation

Protection against corrupted files and maintain performance.
See: RFC

The value (256 KB) was determined by taking the size of a sample "hands off" configuration file with both apm_configuration_default and apm_configuration_rules (phase 1 and phase 2 inputs, respectively), multiplying it by 100 * 2. This value may change, or may become configurable, in the future depending on where phase 2 specifications land.

Additional Notes

Contributor Checklist

Format the title according the contribution guidelines
Assign the type: and (comp: or inst:) labels in addition to any usefull labels
Don't use close, fix or any linking keywords when referencing an issue.
Use solves instead, and assign the PR milestone to the issue
Update the public documentation in case of new configuration flag or behavior

Jira ticket: [PROJ-IDENT]

…rying key-vals

…ith tests

…values in template variable

pr-commenter · 2025-05-08T20:25:10Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	mtoff/scfg_file_size_limit
git_commit_date	1746789389	1748617096
git_commit_sha	`ad6d5fe`	`4ee6d5e`
release_version	1.50.0-SNAPSHOT~ad6d5fef42	1.50.0-SNAPSHOT~4ee6d5ed12

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1748619555	1748619555
ci_job_id	961182915	961182915
ci_pipeline_id	66540723	66540723
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-x3kj13mk-project-304-concurrent-1-egpokg4o 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-x3kj13mk-project-304-concurrent-1-egpokg4o 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 3 performance improvements and 3 performance regressions! Performance is the same for 50 metrics, 15 unstable metrics.

scenario	Δ mean execution_time	candidate mean execution_time	baseline mean execution_time
scenario:startup:insecure-bank:tracing:Remote Config	worse [+28.819µs; +78.816µs] or [+4.231%; +11.572%]	734.902µs	681.084µs
scenario:startup:petclinic:profiling:ProfilingAgent	better [-7.781ms; -3.174ms] or [-7.111%; -2.900%]	103.951ms	109.428ms
scenario:startup:petclinic:profiling:GlobalTracer	better [-22.689ms; -18.502ms] or [-5.976%; -4.873%]	359.104ms	379.700ms
scenario:startup:petclinic:profiling:AppSec	worse [+5.525ms; +8.614ms] or [+10.124%; +15.785%]	61.639ms	54.570ms
scenario:startup:petclinic:profiling:Profiling	better [-7.782ms; -3.175ms] or [-7.110%; -2.901%]	103.975ms	109.454ms
scenario:startup:petclinic:tracing:Remote Config	worse [+39.025µs; +87.162µs] or [+5.730%; +12.798%]	744.157µs	681.064µs

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.50.0-SNAPSHOT~4ee6d5ed12, baseline=1.50.0-SNAPSHOT~ad6d5fef42

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.02 s) : 0, 1020130
Total [baseline] (8.684 s) : 0, 8684216
Agent [candidate] (1.028 s) : 0, 1027748
Total [candidate] (8.686 s) : 0, 8685559
section iast
Agent [baseline] (1.165 s) : 0, 1164607
Total [baseline] (9.283 s) : 0, 9283029
Agent [candidate] (1.151 s) : 0, 1151392
Total [candidate] (9.243 s) : 0, 9242982
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.176 s) : 0, 1176176
Total [baseline] (9.259 s) : 0, 9259329
Agent [candidate] (1.153 s) : 0, 1152939
Total [candidate] (9.221 s) : 0, 9220520
section iast_TELEMETRY_OFF
Agent [baseline] (1.147 s) : 0, 1147438
Total [baseline] (9.237 s) : 0, 9237298
Agent [candidate] (1.147 s) : 0, 1146751
Total [candidate] (9.242 s) : 0, 9241591

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.02 s	-
Agent	iast	1.165 s	144.477 ms (14.2%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.176 s	156.046 ms (15.3%)
Agent	iast_TELEMETRY_OFF	1.147 s	127.308 ms (12.5%)
Total	tracing	8.684 s	-
Total	iast	9.283 s	598.813 ms (6.9%)
Total	iast_HARDCODED_SECRET_DISABLED	9.259 s	575.114 ms (6.6%)
Total	iast_TELEMETRY_OFF	9.237 s	553.082 ms (6.4%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.028 s	-
Agent	iast	1.151 s	123.643 ms (12.0%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.153 s	125.19 ms (12.2%)
Agent	iast_TELEMETRY_OFF	1.147 s	119.003 ms (11.6%)
Total	tracing	8.686 s	-
Total	iast	9.243 s	557.423 ms (6.4%)
Total	iast_HARDCODED_SECRET_DISABLED	9.221 s	534.961 ms (6.2%)
Total	iast_TELEMETRY_OFF	9.242 s	556.032 ms (6.4%)

gantt
    title insecure-bank - break down per module: candidate=1.50.0-SNAPSHOT~4ee6d5ed12, baseline=1.50.0-SNAPSHOT~ad6d5fef42

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (682.353 ms) : 0, 682353
BytebuddyAgent [candidate] (685.153 ms) : 0, 685153
GlobalTracer [baseline] (240.225 ms) : 0, 240225
GlobalTracer [candidate] (242.72 ms) : 0, 242720
AppSec [baseline] (54.515 ms) : 0, 54515
AppSec [candidate] (57.588 ms) : 0, 57588
Debugger [baseline] (9.83 ms) : 0, 9830
Debugger [candidate] (6.239 ms) : 0, 6239
Remote Config [baseline] (681.084 µs) : 0, 681
Remote Config [candidate] (734.902 µs) : 0, 735
Telemetry [baseline] (8.945 ms) : 0, 8945
Telemetry [candidate] (11.851 ms) : 0, 11851
section iast
BytebuddyAgent [baseline] (813.935 ms) : 0, 813935
BytebuddyAgent [candidate] (803.063 ms) : 0, 803063
GlobalTracer [baseline] (233.136 ms) : 0, 233136
GlobalTracer [candidate] (231.356 ms) : 0, 231356
IAST [baseline] (30.302 ms) : 0, 30302
IAST [candidate] (27.647 ms) : 0, 27647
AppSec [baseline] (48.926 ms) : 0, 48926
AppSec [candidate] (51.316 ms) : 0, 51316
Debugger [baseline] (5.965 ms) : 0, 5965
Debugger [candidate] (5.942 ms) : 0, 5942
Remote Config [baseline] (629.752 µs) : 0, 630
Remote Config [candidate] (594.358 µs) : 0, 594
Telemetry [baseline] (7.996 ms) : 0, 7996
Telemetry [candidate] (7.93 ms) : 0, 7930
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (821.464 ms) : 0, 821464
BytebuddyAgent [candidate] (804.228 ms) : 0, 804228
GlobalTracer [baseline] (235.36 ms) : 0, 235360
GlobalTracer [candidate] (231.885 ms) : 0, 231885
IAST [baseline] (30.926 ms) : 0, 30926
IAST [candidate] (26.793 ms) : 0, 26793
AppSec [baseline] (49.74 ms) : 0, 49740
AppSec [candidate] (52.07 ms) : 0, 52070
Debugger [baseline] (6.039 ms) : 0, 6039
Debugger [candidate] (5.922 ms) : 0, 5922
Remote Config [baseline] (604.602 µs) : 0, 605
Remote Config [candidate] (597.417 µs) : 0, 597
Telemetry [baseline] (8.161 ms) : 0, 8161
Telemetry [candidate] (7.852 ms) : 0, 7852
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (800.059 ms) : 0, 800059
BytebuddyAgent [candidate] (799.639 ms) : 0, 799639
GlobalTracer [baseline] (231.095 ms) : 0, 231095
GlobalTracer [candidate] (231.294 ms) : 0, 231294
IAST [baseline] (23.04 ms) : 0, 23040
IAST [candidate] (28.523 ms) : 0, 28523
AppSec [baseline] (55.29 ms) : 0, 55290
AppSec [candidate] (49.443 ms) : 0, 49443
Debugger [baseline] (5.948 ms) : 0, 5948
Debugger [candidate] (5.931 ms) : 0, 5931
Remote Config [baseline] (607.324 µs) : 0, 607
Remote Config [candidate] (585.717 µs) : 0, 586
Telemetry [baseline] (7.883 ms) : 0, 7883
Telemetry [candidate] (7.853 ms) : 0, 7853

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.50.0-SNAPSHOT~4ee6d5ed12, baseline=1.50.0-SNAPSHOT~ad6d5fef42

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.024 s) : 0, 1023841
Total [baseline] (10.489 s) : 0, 10489083
Agent [candidate] (1.033 s) : 0, 1033283
Total [candidate] (10.461 s) : 0, 10460788
section appsec
Agent [baseline] (1.168 s) : 0, 1167665
Total [baseline] (10.676 s) : 0, 10676173
Agent [candidate] (1.173 s) : 0, 1172624
Total [candidate] (10.707 s) : 0, 10706588
section iast
Agent [baseline] (1.157 s) : 0, 1157288
Total [baseline] (10.921 s) : 0, 10921335
Agent [candidate] (1.155 s) : 0, 1154873
Total [candidate] (10.926 s) : 0, 10925931
section profiling
Agent [baseline] (1.288 s) : 0, 1287675
Total [baseline] (10.884 s) : 0, 10884083
Agent [candidate] (1.264 s) : 0, 1263571
Total [candidate] (10.859 s) : 0, 10859133

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.024 s	-
Agent	appsec	1.168 s	143.825 ms (14.0%)
Agent	iast	1.157 s	133.447 ms (13.0%)
Agent	profiling	1.288 s	263.834 ms (25.8%)
Total	tracing	10.489 s	-
Total	appsec	10.676 s	187.09 ms (1.8%)
Total	iast	10.921 s	432.252 ms (4.1%)
Total	profiling	10.884 s	395.0 ms (3.8%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.033 s	-
Agent	appsec	1.173 s	139.341 ms (13.5%)
Agent	iast	1.155 s	121.591 ms (11.8%)
Agent	profiling	1.264 s	230.288 ms (22.3%)
Total	tracing	10.461 s	-
Total	appsec	10.707 s	245.8 ms (2.3%)
Total	iast	10.926 s	465.143 ms (4.4%)
Total	profiling	10.859 s	398.345 ms (3.8%)

gantt
    title petclinic - break down per module: candidate=1.50.0-SNAPSHOT~4ee6d5ed12, baseline=1.50.0-SNAPSHOT~ad6d5fef42

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (685.191 ms) : 0, 685191
BytebuddyAgent [candidate] (690.93 ms) : 0, 690930
GlobalTracer [baseline] (240.921 ms) : 0, 240921
GlobalTracer [candidate] (243.118 ms) : 0, 243118
AppSec [baseline] (55.956 ms) : 0, 55956
AppSec [candidate] (55.797 ms) : 0, 55797
Debugger [baseline] (7.657 ms) : 0, 7657
Debugger [candidate] (6.257 ms) : 0, 6257
Remote Config [baseline] (681.064 µs) : 0, 681
Remote Config [candidate] (744.157 µs) : 0, 744
Telemetry [baseline] (9.83 ms) : 0, 9830
Telemetry [candidate] (12.725 ms) : 0, 12725
section appsec
BytebuddyAgent [baseline] (705.096 ms) : 0, 705096
BytebuddyAgent [candidate] (706.928 ms) : 0, 706928
GlobalTracer [baseline] (238.109 ms) : 0, 238109
GlobalTracer [candidate] (239.833 ms) : 0, 239833
IAST [baseline] (21.914 ms) : 0, 21914
IAST [candidate] (21.678 ms) : 0, 21678
AppSec [baseline] (175.102 ms) : 0, 175102
AppSec [candidate] (176.903 ms) : 0, 176903
Debugger [baseline] (5.964 ms) : 0, 5964
Debugger [candidate] (6.042 ms) : 0, 6042
Remote Config [baseline] (622.957 µs) : 0, 623
Remote Config [candidate] (640.328 µs) : 0, 640
Telemetry [baseline] (8.171 ms) : 0, 8171
Telemetry [candidate] (7.732 ms) : 0, 7732
section iast
BytebuddyAgent [baseline] (808.172 ms) : 0, 808172
BytebuddyAgent [candidate] (806.484 ms) : 0, 806484
GlobalTracer [baseline] (232.159 ms) : 0, 232159
GlobalTracer [candidate] (231.83 ms) : 0, 231830
IAST [baseline] (28.468 ms) : 0, 28468
IAST [candidate] (26.935 ms) : 0, 26935
AppSec [baseline] (50.477 ms) : 0, 50477
AppSec [candidate] (50.953 ms) : 0, 50953
Debugger [baseline] (5.962 ms) : 0, 5962
Debugger [candidate] (5.909 ms) : 0, 5909
Remote Config [baseline] (609.015 µs) : 0, 609
Remote Config [candidate] (594.719 µs) : 0, 595
Telemetry [baseline] (7.927 ms) : 0, 7927
Telemetry [candidate] (7.878 ms) : 0, 7878
section profiling
BytebuddyAgent [baseline] (678.473 ms) : 0, 678473
BytebuddyAgent [candidate] (673.153 ms) : 0, 673153
GlobalTracer [baseline] (379.7 ms) : 0, 379700
GlobalTracer [candidate] (359.104 ms) : 0, 359104
AppSec [baseline] (54.57 ms) : 0, 54570
AppSec [candidate] (61.639 ms) : 0, 61639
Debugger [baseline] (6.101 ms) : 0, 6101
Debugger [candidate] (6.139 ms) : 0, 6139
Remote Config [baseline] (646.358 µs) : 0, 646
Remote Config [candidate] (658.987 µs) : 0, 659
Telemetry [baseline] (8.11 ms) : 0, 8110
Telemetry [candidate] (8.188 ms) : 0, 8188
ProfilingAgent [baseline] (109.428 ms) : 0, 109428
ProfilingAgent [candidate] (103.951 ms) : 0, 103951
Profiling [baseline] (109.454 ms) : 0, 109454
Profiling [candidate] (103.975 ms) : 0, 103975

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2025-05-30T15:09:34	2025-05-30T15:17:18
git_branch	master	mtoff/scfg_file_size_limit
git_commit_date	1746789389	1748617096
git_commit_sha	`ad6d5fe`	`4ee6d5e`
release_version	1.50.0-SNAPSHOT~ad6d5fef42	1.50.0-SNAPSHOT~4ee6d5ed12
start_time	2025-05-30T15:09:19	2025-05-30T15:17:04

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1748618636	1748618636
ci_job_id	961182917	961182917
ci_pipeline_id	66540723	66540723
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-x3kj13mk-project-304-concurrent-2-qjbgowbn 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-x3kj13mk-project-304-concurrent-2-qjbgowbn 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 18 unstable metrics.

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.50.0-SNAPSHOT~4ee6d5ed12, baseline=1.50.0-SNAPSHOT~ad6d5fef42
    dateFormat X
    axisFormat %s
section baseline
no_agent (384.425 µs) : 365, 404
.   : milestone, 384,
iast (521.806 µs) : 499, 545
.   : milestone, 522,
iast_FULL (742.943 µs) : 721, 765
.   : milestone, 743,
iast_GLOBAL (554.77 µs) : 533, 576
.   : milestone, 555,
iast_HARDCODED_SECRET_DISABLED (519.807 µs) : 496, 544
.   : milestone, 520,
iast_INACTIVE (465.449 µs) : 443, 488
.   : milestone, 465,
iast_TELEMETRY_OFF (517.327 µs) : 494, 540
.   : milestone, 517,
tracing (458.468 µs) : 436, 481
.   : milestone, 458,
section candidate
no_agent (387.469 µs) : 367, 408
.   : milestone, 387,
iast (525.404 µs) : 504, 547
.   : milestone, 525,
iast_FULL (738.754 µs) : 715, 762
.   : milestone, 739,
iast_GLOBAL (558.782 µs) : 537, 580
.   : milestone, 559,
iast_HARDCODED_SECRET_DISABLED (521.023 µs) : 499, 543
.   : milestone, 521,
iast_INACTIVE (468.608 µs) : 446, 491
.   : milestone, 469,
iast_TELEMETRY_OFF (504.201 µs) : 481, 528
.   : milestone, 504,
tracing (460.298 µs) : 438, 482
.   : milestone, 460,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	384.425 µs [364.687 µs, 404.163 µs]	-
iast	521.806 µs [498.845 µs, 544.767 µs]	137.381 µs (35.7%)
iast_FULL	742.943 µs [720.97 µs, 764.917 µs]	358.518 µs (93.3%)
iast_GLOBAL	554.77 µs [533.377 µs, 576.163 µs]	170.345 µs (44.3%)
iast_HARDCODED_SECRET_DISABLED	519.807 µs [496.022 µs, 543.591 µs]	135.381 µs (35.2%)
iast_INACTIVE	465.449 µs [442.581 µs, 488.317 µs]	81.023 µs (21.1%)
iast_TELEMETRY_OFF	517.327 µs [494.275 µs, 540.38 µs]	132.902 µs (34.6%)
tracing	458.468 µs [436.246 µs, 480.69 µs]	74.042 µs (19.3%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	387.469 µs [367.263 µs, 407.674 µs]	-
iast	525.404 µs [503.586 µs, 547.223 µs]	137.936 µs (35.6%)
iast_FULL	738.754 µs [715.17 µs, 762.337 µs]	351.285 µs (90.7%)
iast_GLOBAL	558.782 µs [537.21 µs, 580.353 µs]	171.313 µs (44.2%)
iast_HARDCODED_SECRET_DISABLED	521.023 µs [499.456 µs, 542.59 µs]	133.554 µs (34.5%)
iast_INACTIVE	468.608 µs [445.865 µs, 491.351 µs]	81.14 µs (20.9%)
iast_TELEMETRY_OFF	504.201 µs [480.879 µs, 527.524 µs]	116.733 µs (30.1%)
tracing	460.298 µs [438.366 µs, 482.231 µs]	72.83 µs (18.8%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.50.0-SNAPSHOT~4ee6d5ed12, baseline=1.50.0-SNAPSHOT~ad6d5fef42
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.366 ms) : 1345, 1386
.   : milestone, 1366,
appsec (1.725 ms) : 1701, 1749
.   : milestone, 1725,
appsec_no_iast (1.722 ms) : 1698, 1746
.   : milestone, 1722,
code_origins (1.664 ms) : 1637, 1691
.   : milestone, 1664,
iast (1.505 ms) : 1481, 1530
.   : milestone, 1505,
profiling (1.548 ms) : 1523, 1573
.   : milestone, 1548,
tracing (1.502 ms) : 1478, 1526
.   : milestone, 1502,
section candidate
no_agent (1.361 ms) : 1343, 1380
.   : milestone, 1361,
appsec (1.738 ms) : 1715, 1761
.   : milestone, 1738,
appsec_no_iast (1.728 ms) : 1705, 1751
.   : milestone, 1728,
code_origins (1.688 ms) : 1661, 1715
.   : milestone, 1688,
iast (1.543 ms) : 1518, 1569
.   : milestone, 1543,
profiling (1.507 ms) : 1483, 1531
.   : milestone, 1507,
tracing (1.487 ms) : 1463, 1511
.   : milestone, 1487,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.366 ms [1.345 ms, 1.386 ms]	-
appsec	1.725 ms [1.701 ms, 1.749 ms]	359.449 µs (26.3%)
appsec_no_iast	1.722 ms [1.698 ms, 1.746 ms]	356.308 µs (26.1%)
code_origins	1.664 ms [1.637 ms, 1.691 ms]	298.352 µs (21.8%)
iast	1.505 ms [1.481 ms, 1.53 ms]	139.555 µs (10.2%)
profiling	1.548 ms [1.523 ms, 1.573 ms]	182.203 µs (13.3%)
tracing	1.502 ms [1.478 ms, 1.526 ms]	136.047 µs (10.0%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.361 ms [1.343 ms, 1.38 ms]	-
appsec	1.738 ms [1.715 ms, 1.761 ms]	376.51 µs (27.7%)
appsec_no_iast	1.728 ms [1.705 ms, 1.751 ms]	366.707 µs (26.9%)
code_origins	1.688 ms [1.661 ms, 1.715 ms]	326.471 µs (24.0%)
iast	1.543 ms [1.518 ms, 1.569 ms]	181.989 µs (13.4%)
profiling	1.507 ms [1.483 ms, 1.531 ms]	145.616 µs (10.7%)
tracing	1.487 ms [1.463 ms, 1.511 ms]	125.094 µs (9.2%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	mtoff/scfg_file_size_limit
git_commit_date	1746789389	1748617096
git_commit_sha	`ad6d5fe`	`4ee6d5e`
release_version	1.50.0-SNAPSHOT~ad6d5fef42	1.50.0-SNAPSHOT~4ee6d5ed12

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1748619157	1748619157
ci_job_id	961182919	961182919
ci_pipeline_id	66540723	66540723
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-x3kj13mk-project-304-concurrent-3-84ctls07 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-x3kj13mk-project-304-concurrent-3-84ctls07 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~4ee6d5ed12, baseline=1.50.0-SNAPSHOT~ad6d5fef42
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.477 ms) : 1466, 1489
.   : milestone, 1477,
appsec (2.397 ms) : 2349, 2446
.   : milestone, 2397,
iast (2.177 ms) : 2117, 2238
.   : milestone, 2177,
iast_GLOBAL (2.219 ms) : 2158, 2280
.   : milestone, 2219,
profiling (2.037 ms) : 1988, 2086
.   : milestone, 2037,
tracing (1.995 ms) : 1948, 2041
.   : milestone, 1995,
section candidate
no_agent (1.479 ms) : 1468, 1491
.   : milestone, 1479,
appsec (2.41 ms) : 2362, 2459
.   : milestone, 2410,
iast (2.175 ms) : 2114, 2236
.   : milestone, 2175,
iast_GLOBAL (2.219 ms) : 2158, 2280
.   : milestone, 2219,
profiling (2.051 ms) : 2001, 2101
.   : milestone, 2051,
tracing (2.007 ms) : 1960, 2054
.   : milestone, 2007,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.477 ms [1.466 ms, 1.489 ms]	-
appsec	2.397 ms [2.349 ms, 2.446 ms]	920.38 µs (62.3%)
iast	2.177 ms [2.117 ms, 2.238 ms]	700.305 µs (47.4%)
iast_GLOBAL	2.219 ms [2.158 ms, 2.28 ms]	742.192 µs (50.2%)
profiling	2.037 ms [1.988 ms, 2.086 ms]	559.802 µs (37.9%)
tracing	1.995 ms [1.948 ms, 2.041 ms]	517.531 µs (35.0%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.479 ms [1.468 ms, 1.491 ms]	-
appsec	2.41 ms [2.362 ms, 2.459 ms]	931.138 µs (62.9%)
iast	2.175 ms [2.114 ms, 2.236 ms]	695.763 µs (47.0%)
iast_GLOBAL	2.219 ms [2.158 ms, 2.28 ms]	739.496 µs (50.0%)
profiling	2.051 ms [2.001 ms, 2.101 ms]	571.831 µs (38.7%)
tracing	2.007 ms [1.96 ms, 2.054 ms]	527.662 µs (35.7%)

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~4ee6d5ed12, baseline=1.50.0-SNAPSHOT~ad6d5fef42
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.497 s) : 15497000, 15497000
.   : milestone, 15497000,
appsec (15.038 s) : 15038000, 15038000
.   : milestone, 15038000,
iast (18.895 s) : 18895000, 18895000
.   : milestone, 18895000,
iast_GLOBAL (17.787 s) : 17787000, 17787000
.   : milestone, 17787000,
profiling (14.74 s) : 14740000, 14740000
.   : milestone, 14740000,
tracing (15.055 s) : 15055000, 15055000
.   : milestone, 15055000,
section candidate
no_agent (15.511 s) : 15511000, 15511000
.   : milestone, 15511000,
appsec (14.99 s) : 14990000, 14990000
.   : milestone, 14990000,
iast (18.809 s) : 18809000, 18809000
.   : milestone, 18809000,
iast_GLOBAL (18.193 s) : 18193000, 18193000
.   : milestone, 18193000,
profiling (15.015 s) : 15015000, 15015000
.   : milestone, 15015000,
tracing (15.004 s) : 15004000, 15004000
.   : milestone, 15004000,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.497 s [15.497 s, 15.497 s]	-
appsec	15.038 s [15.038 s, 15.038 s]	-459.0 ms (-3.0%)
iast	18.895 s [18.895 s, 18.895 s]	3.398 s (21.9%)
iast_GLOBAL	17.787 s [17.787 s, 17.787 s]	2.29 s (14.8%)
profiling	14.74 s [14.74 s, 14.74 s]	-757.0 ms (-4.9%)
tracing	15.055 s [15.055 s, 15.055 s]	-442.0 ms (-2.9%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.511 s [15.511 s, 15.511 s]	-
appsec	14.99 s [14.99 s, 14.99 s]	-521.0 ms (-3.4%)
iast	18.809 s [18.809 s, 18.809 s]	3.298 s (21.3%)
iast_GLOBAL	18.193 s [18.193 s, 18.193 s]	2.682 s (17.3%)
profiling	15.015 s [15.015 s, 15.015 s]	-496.0 ms (-3.2%)
tracing	15.004 s [15.004 s, 15.004 s]	-507.0 ms (-3.3%)

…BYTES default access

…ace-java into mtoff/scfg_file_size_limit

PerfectSlayer

Looking good 👍

| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.49.0` -> `1.50.0` | --- ### Release Notes <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.50.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.50.0): 1.50.0 ### Deprecation Notice > \[!NOTE] > `DD_RUNTIME_ID_ENABLED` has been deprecated and will be removed in future releases. Please use `DD_RUNTIME_METRICS_RUNTIME_ID_ENABLED` instead. ### Components #### Application Security Management (WAF) - 🐛 Add String length truncation limit to ObjectIntrospector and update truncation metrics ([#8825](DataDog/dd-trace-java#8825) - [@jandro996](https://github.com/jandro996)) - 🐛 Adapt standalone ASM to support API Security ([#8804](DataDog/dd-trace-java#8804) - [@jandro996](https://github.com/jandro996)) - ✨ Add appsec.waf.input\_truncated metric ([#8791](DataDog/dd-trace-java#8791) - [@jandro996](https://github.com/jandro996)) - ✨ Extended appsec request body collection ([#8748](DataDog/dd-trace-java#8748) - [@jandro996](https://github.com/jandro996)) - ✨ Extended appsec request/response headers collection ([#8724](DataDog/dd-trace-java#8724) - [@jandro996](https://github.com/jandro996)) #### Build & Tooling - ✨ Add artifacts to public s3 bucket ([#8947](DataDog/dd-trace-java#8947) - [@randomanderson](https://github.com/randomanderson)) #### Continuous Integration Visibility - ✨ Improve PR information building ([#8908](DataDog/dd-trace-java#8908) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Truncate span stack traces when Test Optimization is enabled ([#8903](DataDog/dd-trace-java#8903) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Ensure auto-detected service name is the same for every process in the same build ([#8902](DataDog/dd-trace-java#8902) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Use tag as fallback in api requests if no branch is available ([#8876](DataDog/dd-trace-java#8876) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Add support for JUnit 5.13-RC1 ([#8865](DataDog/dd-trace-java#8865), [#8871](DataDog/dd-trace-java#8871) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Implement attempt to fix v3 and v4 and bump capability version ([#8824](DataDog/dd-trace-java#8824) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - 🧹 Align retry logic for all test framework instrumentations ([#8803](DataDog/dd-trace-java#8803) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - 🐛 Always build ci workspace without trailing separator ([#8788](DataDog/dd-trace-java#8788) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Add commit discrepancies telemetry when building repository git information ([#8763](DataDog/dd-trace-java#8763) - [@daniel-mohedano](https://github.com/daniel-mohedano)) #### Data Streams Monitoring - 💡 Surface process tags in dsm payloads and use them for base hash calculation ([#8836](DataDog/dd-trace-java#8836) - [@amarziali](https://github.com/amarziali)) #### Dynamic Instrumentation - ✨ Optimized allocations for collection filter functions ([#8896](DataDog/dd-trace-java#8896) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Fix SymDB upload size check ([#8887](DataDog/dd-trace-java#8887) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Add support for Set in filter function ([#8873](DataDog/dd-trace-java#8873) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Add support for isDefined in log template ([#8859](DataDog/dd-trace-java#8859) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Fix Max captured frames for Exception Replay ([#8856](DataDog/dd-trace-java#8856) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Remove static inherited fields collection ([#8832](DataDog/dd-trace-java#8832) - [@jpbempel](https://github.com/jpbempel)) - 💡 Add process tags to dynamic instrumentation intake payload ([#8779](DataDog/dd-trace-java#8779) - [@amarziali](https://github.com/amarziali)) #### GraalVM native-image - ✨ Add support for GraalVM Native GC metrics ([#8913](DataDog/dd-trace-java#8913) - [@ygree](https://github.com/ygree)) - ✨ Add JMXFetch support for GraalVM Native ([#8569](DataDog/dd-trace-java#8569) - [@ygree](https://github.com/ygree)) #### JMX fetch - ✨ Add support for GraalVM Native GC metrics ([#8913](DataDog/dd-trace-java#8913) - [@ygree](https://github.com/ygree)) #### Library Injection - ✨ Deny oracle db jvm based tools ([#8909](DataDog/dd-trace-java#8909) - [@bric3](https://github.com/bric3)) #### OpenTracing - 🐛 Fix OT packaging for exception replay ([#8912](DataDog/dd-trace-java#8912) - [@jpbempel](https://github.com/jpbempel)) #### Profiling - ✨ Bump ddprof to 1.27.0 ([#8893](DataDog/dd-trace-java#8893) - [@jbachorik](https://github.com/jbachorik)) - Properly handle the adaptive sampling interval overflow by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#213 - Fix [#200](DataDog/dd-trace-java#200) Crash related to aligned\_alloc and free in context by [@yanglong1010](https://github.com/yanglong1010) in DataDog/java-profiler#208 - Explicitly initialize empty context page by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#210 - Re-connect crash recursion protection with VM stackwalker by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#214 - ✨ Enable ZSTD compression for profiling ([#8862](DataDog/dd-trace-java#8862) - [@MattAlp](https://github.com/MattAlp)) - ✨ Extend JPS re-implementation to J9 family ([#8813](DataDog/dd-trace-java#8813) - [@MattAlp](https://github.com/MattAlp)) - 💡 Collect process tags for profiling upload requests ([#8780](DataDog/dd-trace-java#8780) - [@amarziali](https://github.com/amarziali)) #### Telemetry - 💡 Surface process tags on telemetry payloads ([#8837](DataDog/dd-trace-java#8837) - [@amarziali](https://github.com/amarziali)) #### Trace context propagation - ✨ Migrating all HttpClient Instrumentations to Inject Full Context ([#8826](DataDog/dd-trace-java#8826) - [@mhlidd](https://github.com/mhlidd)) - ✨ Migrating all HttpServer Instrumentations to Extract full Context ([#8820](DataDog/dd-trace-java#8820) - [@mhlidd](https://github.com/mhlidd)) - ✨ Add context API support OTel propagators ([#8770](DataDog/dd-trace-java#8770) - [@PerfectSlayer](https://github.com/PerfectSlayer)) #### Tracer core - ✨⚡ Skip JAXB generated classes classloader ([#9003](DataDog/dd-trace-java#9003) - [@bric3](https://github.com/bric3)) - ✨ Add DD\_RUNTIME\_METRICS\_RUNTIME\_ID\_ENABLED alias for runtime id generation ([#8981](DataDog/dd-trace-java#8981) - [@amarziali](https://github.com/amarziali)) - 🐛 Use resolved address for peer.hostname when available without hitting the cache ([#8915](DataDog/dd-trace-java#8915) - [@amarziali](https://github.com/amarziali)) - 💡 Surface server name process tag for tomcat ([#8894](DataDog/dd-trace-java#8894) - [@amarziali](https://github.com/amarziali)) - 💡 Surface websphere cell and server name on process tags ([#8880](DataDog/dd-trace-java#8880) - [@amarziali](https://github.com/amarziali)) - ✨ Added special lightweight pre-main class that skips installation on incompatible JVMs. ([#8855](DataDog/dd-trace-java#8855) - [@AlexeyKuznetsov-DD](https://github.com/AlexeyKuznetsov-DD)) - 💡 Add entrypoint type to process tags ([#8839](DataDog/dd-trace-java#8839) - [@amarziali](https://github.com/amarziali)) - ✨ Extend JPS re-implementation to J9 family ([#8813](DataDog/dd-trace-java#8813) - [@MattAlp](https://github.com/MattAlp)) - ✨ Notify listeners when the scope top changes after switching scope stacks ([#8797](DataDog/dd-trace-java#8797) - [@mcculls](https://github.com/mcculls)) - ✨ Read hsperfdata for Java PIDs if jvmstat is unavailable ([#8792](DataDog/dd-trace-java#8792) - [@MattAlp](https://github.com/MattAlp)) - 🐛 Turn JDK socket support on by default ([#8752](DataDog/dd-trace-java#8752) - [@sarahchen6](https://github.com/sarahchen6)) - ✨ Simplify context propagation ([#8719](DataDog/dd-trace-java#8719) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨ Add JSON parsing support ([#8579](DataDog/dd-trace-java#8579) - [@PerfectSlayer](https://github.com/PerfectSlayer)) #### Tracer internal logging - ✨ Fix printing format of span identifiers ([#8897](DataDog/dd-trace-java#8897) - [@vandonr](https://github.com/vandonr)) #### Tracer public API - 💡 Track the source of installation ([#8956](DataDog/dd-trace-java#8956) - [@mabdinur](https://github.com/mabdinur)) - ✨ Enforce size limit on application\_monitoring.yaml files ([#8789](DataDog/dd-trace-java#8789) - [@mtoffl01](https://github.com/mtoffl01)) - ✨ Enabling baggage cache to support limits and non-ascii characters ([#8713](DataDog/dd-trace-java#8713) - [@mhlidd](https://github.com/mhlidd)) ### Instrumentations #### AWS Lambda instrumentation - ✨ Pass Lambda Request ID to Extension ([#8814](DataDog/dd-trace-java#8814) - [@nhulston](https://github.com/nhulston)) #### Core Java language instrumentation - ✨ Ensure ClassloadingInstrumentation is always applied even with `DD_TRACE_ENABLED=false` ([#8863](DataDog/dd-trace-java#8863) - [@mcculls](https://github.com/mcculls)) #### Eclipse Vert.x instrumentation - 🐛 Do not override route with / in vertx instrumentation ([#8881](DataDog/dd-trace-java#8881) - [@vandonr](https://github.com/vandonr)) #### IBM Liberty - 🐛 Fix error mark on http status for IBM liberty ([#8822](DataDog/dd-trace-java#8822) - [@amarziali](https://github.com/amarziali)) #### JDBC instrumentation - 🐛 Do not prepend DBM <> APM trace comment in SQLCommenter if there is a pg plan hint ([#8864](DataDog/dd-trace-java#8864) - [@edengorevoy](https://github.com/edengorevoy)) #### JMS instrumentation - ✨ Add jms as an extra integration name where there is JMS involved ([#8933](DataDog/dd-trace-java#8933) - [@vandonr](https://github.com/vandonr)) #### Kotlin instrumentation - ✨ Enable kotlin\_coroutine integration by default ([#8848](DataDog/dd-trace-java#8848) - [@mcculls](https://github.com/mcculls)) - 🧹 Rework Kotlin coroutines instrumentation around coroutine context ([#8774](DataDog/dd-trace-java#8774) - [@mcculls](https://github.com/mcculls)) #### OpenTelemetry instrumentation - 🐛 Support WithSpan inheritContext attribute ([#8858](DataDog/dd-trace-java#8858) - [@amarziali](https://github.com/amarziali)) - ✨ Add context API support OTel propagators ([#8770](DataDog/dd-trace-java#8770) - [@PerfectSlayer](https://github.com/PerfectSlayer)) #### Play Framework instrumentation - 🐛 Fix the Play Framework's span resource name priority so that the client JAX-RS 404 cannot override it ([#8591](DataDog/dd-trace-java#8591) - [@ygree](https://github.com/ygree)) #### Quarkus Instrumentation - 🐛 Ignore quarkus jaxrs stubs and cdi wrapper proxies ([#8891](DataDog/dd-trace-java#8891) - [@amarziali](https://github.com/amarziali)) #### ServiceTalk - ✨ Improve ServiceTalk Captured Context API Instrumentation for v0.42.56+ ([#8821](DataDog/dd-trace-java#8821) - [@ygree](https://github.com/ygree)) #### Spring instrumentation - ✨ Supporting Baggage for Instrumentations used in Weblog Tests ([#8773](DataDog/dd-trace-java#8773) - [@mhlidd](https://github.com/mhlidd)) #### WebSocket Instrumentation - 💡 Trace websocket for spring webflux reactive handlers ([#8831](DataDog/dd-trace-java#8831) - [@amarziali](https://github.com/amarziali)) - 💡:test\_tube: WebSocket support for Netty ([#8632](DataDog/dd-trace-java#8632) - [@ValentinZakharov](https://github.com/ValentinZakharov)) #### Zio Instrumentation - 🧹 Cleanup Zio fiber instrumentation to avoid repeated activation of continuation ([#8798](DataDog/dd-trace-java#8798) - [@mcculls](https://github.com/mcculls)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 9207366cdb6a1bd098082305d354a0a3c4622d7a

mtoffl01 and others added 22 commits April 10, 2025 12:38

migrate CLIHelper to use a Map, parse system properties in key-vals

d112dc7

Fix processTemplateVar logic to remove superfluous ':'

3ba99af

nits: javadocs

9caeb5d

Move writeFileRaw helper to testutils

d0f194b

Add YamlParser tests

457c288

Revert CLIHelper to use List<String>; lazily load a Map cache for que…

06ae9ac

…rying key-vals

reuse logic for adding to the vm args cache

06712dc

apply github suggestions

0a1da8f

Move processTemplate yaml helper fns into StableConfigParser, along w…

e106416

…ith tests

Remove changes to CLIHelper; rely on System.getProperty instead

48adeaa

optimize: return from processTemplate early if no {{ found

24b8615

Add more test coverage to StableConfigParserTest

cc76954

Merge branch 'master' into mtoff/scfg_fix

afddf95

Optimize template processing to reduce use of substrings

fc4652c

Introduce constants for repeated strings

e633f26

Change UNDEFINED_VALUE to empty string

b5deffd

Add log messages for empty environment_variable and process_argument …

9104f0d

…values in template variable

Remove FileUtils and all its references

ecb5a15

initial file size limit implementation: phase 1 limit only

62388b3

Implement file size limit + tests

7b7dbdd

merge wth main, resolve conflicts

b7f224b

remove unrelated changes

6bcada2

mtoffl01 changed the title ~~Mtoff/scfg file size limit~~ Enforce size limit on application_monitoring.yaml files May 8, 2025

mtoffl01 and others added 4 commits May 21, 2025 11:09

Merge branch 'master' into mtoff/scfg_file_size_limit

b5bcc49

Merge branch 'master' into mtoff/scfg_file_size_limit

8cf6193

Merge master & remove getMaxFileSizeBytes helper; give MAX_FILE_SIZE_…

fed6b9d

…BYTES default access

Merge branch 'mtoff/scfg_file_size_limit' of github.com:DataDog/dd-tr…

0f77a40

…ace-java into mtoff/scfg_file_size_limit

mtoffl01 added type: enhancement comp: api Tracer public API labels May 28, 2025

mtoffl01 marked this pull request as ready for review May 28, 2025 17:44

mtoffl01 requested a review from a team as a code owner May 28, 2025 17:45

mtoffl01 requested a review from PerfectSlayer May 28, 2025 17:45

mtoffl01 added 2 commits May 28, 2025 13:45

Merge branch 'master' into mtoff/scfg_file_size_limit

863576a

Merge branch 'master' into mtoff/scfg_file_size_limit

410d1e0

PerfectSlayer approved these changes May 30, 2025

View reviewed changes

mtoffl01 enabled auto-merge (squash) May 30, 2025 14:58

Merge branch 'master' into mtoff/scfg_file_size_limit

4ee6d5e

mtoffl01 merged commit ec92625 into master Jun 3, 2025
506 of 507 checks passed

mtoffl01 deleted the mtoff/scfg_file_size_limit branch June 3, 2025 16:27

github-actions bot added this to the 1.50.0 milestone Jun 3, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Enforce size limit on application_monitoring.yaml files #8789

Enforce size limit on application_monitoring.yaml files #8789

Uh oh!

mtoffl01 commented May 8, 2025 •

edited

Loading

Uh oh!

pr-commenter bot commented May 8, 2025 •

edited

Loading

Uh oh!

PerfectSlayer left a comment

Uh oh!

Uh oh!

Uh oh!

Enforce size limit on application_monitoring.yaml files #8789

Enforce size limit on application_monitoring.yaml files #8789

Uh oh!

Conversation

mtoffl01 commented May 8, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What Does This Do

Motivation

Additional Notes

Contributor Checklist

Uh oh!

pr-commenter bot commented May 8, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Benchmarks

Startup

Parameters

Summary

Load

Parameters

Summary

Dacapo

Parameters

Summary

Uh oh!

PerfectSlayer left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

mtoffl01 commented May 8, 2025 •

edited

Loading

pr-commenter bot commented May 8, 2025 •

edited

Loading