Added special lightweight pre-main class that skips installation on incompatible JVMs. #8855

AlexeyKuznetsov-DD · 2025-05-20T19:40:31Z

What Does This Do

A lightweight pre-main class, compiled with Java 6, has been added to enable SSI injection for Java 6. This new entry point is designed solely to check the Java version and report an injection telemetry failure if the version is incompatible.

Motivation

In certain cases, SSI can still inject into Java 6, so it’s important not to disrupt customer services in such cases.

Additional Notes

How to test on CI? Java 6 is almost abandoned. Was able to test manually on personal Windows laptop.

Contributor Checklist

Format the title according the contribution guidelines
Assign the type: and (comp: or inst:) labels in addition to any usefull labels
Don't use close, fix or any linking keywords when referencing an issue.
Use solves instead, and assign the PR milestone to the issue
Update the CODEOWNERS file on source file addition, move, or deletion
Update the public documentation in case of new configuration flag or behavior

Jira ticket: [PROJ-IDENT]

…a 6.

pr-commenter · 2025-05-20T20:12:27Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	ssi-inject-java-6
git_commit_date	1746789389	1748443043
git_commit_sha	`ad6d5fe`	`e1df6fe`
release_version	1.50.0-SNAPSHOT~ad6d5fef42	1.50.0-SNAPSHOT~e1df6fe273

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1748445520	1748445520
ci_job_id	957760558	957760558
ci_pipeline_id	66327272	66327272
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-a5ynt5bs-project-304-concurrent-1-4zfv9b3i 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-a5ynt5bs-project-304-concurrent-1-4zfv9b3i 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 3 performance improvements and 3 performance regressions! Performance is the same for 51 metrics, 14 unstable metrics.

scenario	Δ mean execution_time	candidate mean execution_time	baseline mean execution_time
scenario:startup:insecure-bank:tracing:Remote Config	worse [+17.026µs; +62.424µs] or [+2.478%; +9.084%]	726.909µs	687.183µs
scenario:startup:petclinic:profiling:ProfilingAgent	better [-8.083ms; -4.455ms] or [-7.359%; -4.056%]	103.570ms	109.839ms
scenario:startup:petclinic:profiling:GlobalTracer	better [-18.777ms; -15.293ms] or [-4.963%; -4.042%]	361.340ms	378.374ms
scenario:startup:petclinic:profiling:AppSec	worse [+5.191ms; +9.368ms] or [+9.488%; +17.121%]	61.992ms	54.713ms
scenario:startup:petclinic:profiling:Profiling	better [-8.085ms; -4.457ms] or [-7.359%; -4.057%]	103.595ms	109.866ms
scenario:startup:petclinic:tracing:Remote Config	worse [+26.610µs; +95.282µs] or [+3.830%; +13.714%]	755.745µs	694.799µs

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.50.0-SNAPSHOT~e1df6fe273, baseline=1.50.0-SNAPSHOT~ad6d5fef42

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.021 s) : 0, 1021460
Total [baseline] (8.667 s) : 0, 8667468
Agent [candidate] (1.029 s) : 0, 1029199
Total [candidate] (8.696 s) : 0, 8696317
section iast
Agent [baseline] (1.152 s) : 0, 1152319
Total [baseline] (9.248 s) : 0, 9247579
Agent [candidate] (1.159 s) : 0, 1159428
Total [candidate] (9.267 s) : 0, 9267251
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.147 s) : 0, 1146861
Total [baseline] (9.187 s) : 0, 9186623
Agent [candidate] (1.17 s) : 0, 1169720
Total [candidate] (9.264 s) : 0, 9263974
section iast_TELEMETRY_OFF
Agent [baseline] (1.146 s) : 0, 1145798
Total [baseline] (9.285 s) : 0, 9285106
Agent [candidate] (1.148 s) : 0, 1147836
Total [candidate] (9.284 s) : 0, 9283522

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.021 s	-
Agent	iast	1.152 s	130.859 ms (12.8%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.147 s	125.402 ms (12.3%)
Agent	iast_TELEMETRY_OFF	1.146 s	124.338 ms (12.2%)
Total	tracing	8.667 s	-
Total	iast	9.248 s	580.111 ms (6.7%)
Total	iast_HARDCODED_SECRET_DISABLED	9.187 s	519.155 ms (6.0%)
Total	iast_TELEMETRY_OFF	9.285 s	617.638 ms (7.1%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.029 s	-
Agent	iast	1.159 s	130.229 ms (12.7%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.17 s	140.521 ms (13.7%)
Agent	iast_TELEMETRY_OFF	1.148 s	118.637 ms (11.5%)
Total	tracing	8.696 s	-
Total	iast	9.267 s	570.934 ms (6.6%)
Total	iast_HARDCODED_SECRET_DISABLED	9.264 s	567.657 ms (6.5%)
Total	iast_TELEMETRY_OFF	9.284 s	587.205 ms (6.8%)

gantt
    title insecure-bank - break down per module: candidate=1.50.0-SNAPSHOT~e1df6fe273, baseline=1.50.0-SNAPSHOT~ad6d5fef42

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (683.373 ms) : 0, 683373
BytebuddyAgent [candidate] (685.346 ms) : 0, 685346
GlobalTracer [baseline] (240.144 ms) : 0, 240144
GlobalTracer [candidate] (242.769 ms) : 0, 242769
AppSec [baseline] (55.813 ms) : 0, 55813
AppSec [candidate] (57.941 ms) : 0, 57941
Debugger [baseline] (9.753 ms) : 0, 9753
Debugger [candidate] (6.193 ms) : 0, 6193
Remote Config [baseline] (687.183 µs) : 0, 687
Remote Config [candidate] (726.909 µs) : 0, 727
Telemetry [baseline] (8.2 ms) : 0, 8200
Telemetry [candidate] (12.598 ms) : 0, 12598
section iast
BytebuddyAgent [baseline] (805.137 ms) : 0, 805137
BytebuddyAgent [candidate] (809.383 ms) : 0, 809383
GlobalTracer [baseline] (230.036 ms) : 0, 230036
GlobalTracer [candidate] (232.464 ms) : 0, 232464
IAST [baseline] (25.962 ms) : 0, 25962
IAST [candidate] (26.989 ms) : 0, 26989
AppSec [baseline] (52.365 ms) : 0, 52365
AppSec [candidate] (52.368 ms) : 0, 52368
Debugger [baseline] (5.938 ms) : 0, 5938
Debugger [candidate] (5.948 ms) : 0, 5948
Remote Config [baseline] (600.465 µs) : 0, 600
Remote Config [candidate] (593.895 µs) : 0, 594
Telemetry [baseline] (7.952 ms) : 0, 7952
Telemetry [candidate] (7.949 ms) : 0, 7949
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (800.583 ms) : 0, 800583
BytebuddyAgent [candidate] (815.981 ms) : 0, 815981
GlobalTracer [baseline] (230.095 ms) : 0, 230095
GlobalTracer [candidate] (234.912 ms) : 0, 234912
IAST [baseline] (28.22 ms) : 0, 28220
IAST [candidate] (25.886 ms) : 0, 25886
AppSec [baseline] (49.349 ms) : 0, 49349
AppSec [candidate] (54.256 ms) : 0, 54256
Debugger [baseline] (5.875 ms) : 0, 5875
Debugger [candidate] (6.085 ms) : 0, 6085
Remote Config [baseline] (587.048 µs) : 0, 587
Remote Config [candidate] (619.133 µs) : 0, 619
Telemetry [baseline] (7.901 ms) : 0, 7901
Telemetry [candidate] (8.108 ms) : 0, 8108
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (798.478 ms) : 0, 798478
BytebuddyAgent [candidate] (800.093 ms) : 0, 800093
GlobalTracer [baseline] (231.012 ms) : 0, 231012
GlobalTracer [candidate] (231.984 ms) : 0, 231984
IAST [baseline] (23.159 ms) : 0, 23159
IAST [candidate] (28.676 ms) : 0, 28676
AppSec [baseline] (55.23 ms) : 0, 55230
AppSec [candidate] (49.276 ms) : 0, 49276
Debugger [baseline] (5.98 ms) : 0, 5980
Debugger [candidate] (5.895 ms) : 0, 5895
Remote Config [baseline] (617.071 µs) : 0, 617
Remote Config [candidate] (593.849 µs) : 0, 594
Telemetry [baseline] (7.804 ms) : 0, 7804
Telemetry [candidate] (7.887 ms) : 0, 7887

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.50.0-SNAPSHOT~e1df6fe273, baseline=1.50.0-SNAPSHOT~ad6d5fef42

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.019 s) : 0, 1018525
Total [baseline] (10.587 s) : 0, 10587075
Agent [candidate] (1.032 s) : 0, 1032160
Total [candidate] (10.655 s) : 0, 10654933
section appsec
Agent [baseline] (1.166 s) : 0, 1166161
Total [baseline] (10.717 s) : 0, 10716650
Agent [candidate] (1.169 s) : 0, 1168533
Total [candidate] (10.766 s) : 0, 10765808
section iast
Agent [baseline] (1.15 s) : 0, 1149644
Total [baseline] (10.89 s) : 0, 10890274
Agent [candidate] (1.154 s) : 0, 1154030
Total [candidate] (11.001 s) : 0, 11000907
section profiling
Agent [baseline] (1.283 s) : 0, 1282594
Total [baseline] (10.889 s) : 0, 10888932
Agent [candidate] (1.269 s) : 0, 1269170
Total [candidate] (10.902 s) : 0, 10901601

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.019 s	-
Agent	appsec	1.166 s	147.636 ms (14.5%)
Agent	iast	1.15 s	131.119 ms (12.9%)
Agent	profiling	1.283 s	264.069 ms (25.9%)
Total	tracing	10.587 s	-
Total	appsec	10.717 s	129.576 ms (1.2%)
Total	iast	10.89 s	303.2 ms (2.9%)
Total	profiling	10.889 s	301.858 ms (2.9%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.032 s	-
Agent	appsec	1.169 s	136.373 ms (13.2%)
Agent	iast	1.154 s	121.87 ms (11.8%)
Agent	profiling	1.269 s	237.01 ms (23.0%)
Total	tracing	10.655 s	-
Total	appsec	10.766 s	110.875 ms (1.0%)
Total	iast	11.001 s	345.973 ms (3.2%)
Total	profiling	10.902 s	246.668 ms (2.3%)

gantt
    title petclinic - break down per module: candidate=1.50.0-SNAPSHOT~e1df6fe273, baseline=1.50.0-SNAPSHOT~ad6d5fef42

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (682.584 ms) : 0, 682584
BytebuddyAgent [candidate] (689.331 ms) : 0, 689331
GlobalTracer [baseline] (239.886 ms) : 0, 239886
GlobalTracer [candidate] (242.842 ms) : 0, 242842
AppSec [baseline] (55.867 ms) : 0, 55867
AppSec [candidate] (58.05 ms) : 0, 58050
Debugger [baseline] (6.901 ms) : 0, 6901
Debugger [candidate] (8.507 ms) : 0, 8507
Remote Config [baseline] (694.799 µs) : 0, 695
Remote Config [candidate] (755.745 µs) : 0, 756
Telemetry [baseline] (9.135 ms) : 0, 9135
Telemetry [candidate] (8.997 ms) : 0, 8997
section appsec
BytebuddyAgent [baseline] (703.166 ms) : 0, 703166
BytebuddyAgent [candidate] (703.696 ms) : 0, 703696
GlobalTracer [baseline] (237.842 ms) : 0, 237842
GlobalTracer [candidate] (239.412 ms) : 0, 239412
AppSec [baseline] (176.587 ms) : 0, 176587
AppSec [candidate] (176.906 ms) : 0, 176906
Debugger [baseline] (5.97 ms) : 0, 5970
Debugger [candidate] (6.005 ms) : 0, 6005
Remote Config [baseline] (618.873 µs) : 0, 619
Remote Config [candidate] (652.559 µs) : 0, 653
Telemetry [baseline] (7.418 ms) : 0, 7418
Telemetry [candidate] (7.384 ms) : 0, 7384
IAST [baseline] (21.827 ms) : 0, 21827
IAST [candidate] (21.719 ms) : 0, 21719
section iast
BytebuddyAgent [baseline] (802.23 ms) : 0, 802230
BytebuddyAgent [candidate] (804.762 ms) : 0, 804762
GlobalTracer [baseline] (230.49 ms) : 0, 230490
GlobalTracer [candidate] (232.662 ms) : 0, 232662
AppSec [baseline] (50.479 ms) : 0, 50479
AppSec [candidate] (52.783 ms) : 0, 52783
Debugger [baseline] (5.968 ms) : 0, 5968
Debugger [candidate] (5.846 ms) : 0, 5846
Remote Config [baseline] (602.019 µs) : 0, 602
Remote Config [candidate] (581.668 µs) : 0, 582
Telemetry [baseline] (7.922 ms) : 0, 7922
Telemetry [candidate] (7.87 ms) : 0, 7870
IAST [baseline] (27.561 ms) : 0, 27561
IAST [candidate] (26.098 ms) : 0, 26098
section profiling
ProfilingAgent [baseline] (109.839 ms) : 0, 109839
ProfilingAgent [candidate] (103.57 ms) : 0, 103570
BytebuddyAgent [baseline] (674.117 ms) : 0, 674117
BytebuddyAgent [candidate] (676.489 ms) : 0, 676489
GlobalTracer [baseline] (378.374 ms) : 0, 378374
GlobalTracer [candidate] (361.34 ms) : 0, 361340
AppSec [baseline] (54.713 ms) : 0, 54713
AppSec [candidate] (61.992 ms) : 0, 61992
Debugger [baseline] (6.177 ms) : 0, 6177
Debugger [candidate] (6.115 ms) : 0, 6115
Remote Config [baseline] (656.228 µs) : 0, 656
Remote Config [candidate] (651.506 µs) : 0, 652
Telemetry [baseline] (8.114 ms) : 0, 8114
Telemetry [candidate] (8.135 ms) : 0, 8135
Profiling [baseline] (109.866 ms) : 0, 109866
Profiling [candidate] (103.595 ms) : 0, 103595

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2025-05-28T14:49:07	2025-05-28T14:56:53
git_branch	master	ssi-inject-java-6
git_commit_date	1746789389	1748443043
git_commit_sha	`ad6d5fe`	`e1df6fe`
release_version	1.50.0-SNAPSHOT~ad6d5fef42	1.50.0-SNAPSHOT~e1df6fe273
start_time	2025-05-28T14:48:53	2025-05-28T14:56:39

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1748444613	1748444613
ci_job_id	957760560	957760560
ci_pipeline_id	66327272	66327272
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-uzswx31h-project-304-concurrent-0-ff226swv 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-uzswx31h-project-304-concurrent-0-ff226swv 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 18 unstable metrics.

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.50.0-SNAPSHOT~e1df6fe273, baseline=1.50.0-SNAPSHOT~ad6d5fef42
    dateFormat X
    axisFormat %s
section baseline
no_agent (380.818 µs) : 360, 402
.   : milestone, 381,
iast (525.365 µs) : 502, 548
.   : milestone, 525,
iast_FULL (742.417 µs) : 720, 765
.   : milestone, 742,
iast_GLOBAL (574.332 µs) : 552, 597
.   : milestone, 574,
iast_HARDCODED_SECRET_DISABLED (518.996 µs) : 496, 542
.   : milestone, 519,
iast_INACTIVE (465.432 µs) : 443, 488
.   : milestone, 465,
iast_TELEMETRY_OFF (513.833 µs) : 491, 537
.   : milestone, 514,
tracing (465.559 µs) : 443, 488
.   : milestone, 466,
section candidate
no_agent (384.262 µs) : 363, 406
.   : milestone, 384,
iast (519.664 µs) : 498, 541
.   : milestone, 520,
iast_FULL (735.239 µs) : 713, 757
.   : milestone, 735,
iast_GLOBAL (567.329 µs) : 546, 589
.   : milestone, 567,
iast_HARDCODED_SECRET_DISABLED (520.084 µs) : 498, 542
.   : milestone, 520,
iast_INACTIVE (469.706 µs) : 446, 493
.   : milestone, 470,
iast_TELEMETRY_OFF (520.099 µs) : 497, 543
.   : milestone, 520,
tracing (459.194 µs) : 437, 481
.   : milestone, 459,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	380.818 µs [359.824 µs, 401.813 µs]	-
iast	525.365 µs [502.319 µs, 548.411 µs]	144.547 µs (38.0%)
iast_FULL	742.417 µs [720.248 µs, 764.587 µs]	361.599 µs (95.0%)
iast_GLOBAL	574.332 µs [552.092 µs, 596.573 µs]	193.514 µs (50.8%)
iast_HARDCODED_SECRET_DISABLED	518.996 µs [495.9 µs, 542.092 µs]	138.178 µs (36.3%)
iast_INACTIVE	465.432 µs [443.163 µs, 487.701 µs]	84.614 µs (22.2%)
iast_TELEMETRY_OFF	513.833 µs [490.782 µs, 536.884 µs]	133.015 µs (34.9%)
tracing	465.559 µs [443.04 µs, 488.079 µs]	84.741 µs (22.3%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	384.262 µs [362.969 µs, 405.555 µs]	-
iast	519.664 µs [497.838 µs, 541.489 µs]	135.402 µs (35.2%)
iast_FULL	735.239 µs [713.282 µs, 757.197 µs]	350.977 µs (91.3%)
iast_GLOBAL	567.329 µs [545.849 µs, 588.808 µs]	183.067 µs (47.6%)
iast_HARDCODED_SECRET_DISABLED	520.084 µs [498.105 µs, 542.064 µs]	135.822 µs (35.3%)
iast_INACTIVE	469.706 µs [446.318 µs, 493.095 µs]	85.445 µs (22.2%)
iast_TELEMETRY_OFF	520.099 µs [497.001 µs, 543.196 µs]	135.837 µs (35.4%)
tracing	459.194 µs [437.372 µs, 481.016 µs]	74.932 µs (19.5%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.50.0-SNAPSHOT~e1df6fe273, baseline=1.50.0-SNAPSHOT~ad6d5fef42
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.379 ms) : 1359, 1399
.   : milestone, 1379,
appsec (1.726 ms) : 1702, 1749
.   : milestone, 1726,
appsec_no_iast (1.743 ms) : 1720, 1767
.   : milestone, 1743,
code_origins (1.675 ms) : 1648, 1702
.   : milestone, 1675,
iast (1.521 ms) : 1497, 1546
.   : milestone, 1521,
profiling (1.514 ms) : 1491, 1537
.   : milestone, 1514,
tracing (1.499 ms) : 1474, 1524
.   : milestone, 1499,
section candidate
no_agent (1.362 ms) : 1343, 1382
.   : milestone, 1362,
appsec (1.736 ms) : 1712, 1760
.   : milestone, 1736,
appsec_no_iast (1.729 ms) : 1706, 1753
.   : milestone, 1729,
code_origins (1.685 ms) : 1658, 1712
.   : milestone, 1685,
iast (1.531 ms) : 1507, 1555
.   : milestone, 1531,
profiling (1.513 ms) : 1489, 1537
.   : milestone, 1513,
tracing (1.493 ms) : 1468, 1517
.   : milestone, 1493,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.379 ms [1.359 ms, 1.399 ms]	-
appsec	1.726 ms [1.702 ms, 1.749 ms]	346.785 µs (25.2%)
appsec_no_iast	1.743 ms [1.72 ms, 1.767 ms]	364.62 µs (26.4%)
code_origins	1.675 ms [1.648 ms, 1.702 ms]	296.023 µs (21.5%)
iast	1.521 ms [1.497 ms, 1.546 ms]	142.442 µs (10.3%)
profiling	1.514 ms [1.491 ms, 1.537 ms]	135.222 µs (9.8%)
tracing	1.499 ms [1.474 ms, 1.524 ms]	120.522 µs (8.7%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.362 ms [1.343 ms, 1.382 ms]	-
appsec	1.736 ms [1.712 ms, 1.76 ms]	373.914 µs (27.4%)
appsec_no_iast	1.729 ms [1.706 ms, 1.753 ms]	367.184 µs (27.0%)
code_origins	1.685 ms [1.658 ms, 1.712 ms]	322.689 µs (23.7%)
iast	1.531 ms [1.507 ms, 1.555 ms]	168.351 µs (12.4%)
profiling	1.513 ms [1.489 ms, 1.537 ms]	150.795 µs (11.1%)
tracing	1.493 ms [1.468 ms, 1.517 ms]	130.453 µs (9.6%)

Dacapo

PerfectSlayer

General question: I wonder if this should be done at source VS ASM / bytecode level. What made you pick one over the other?

dd-java-agent/build.gradle

dd-java-agent/src/main/java6/datadog/trace/bootstrap/AgentBootstrapJava6.java

… JVM.

bric3 · 2025-05-26T07:22:18Z

dd-java-agent/src/main/java6/datadog/trace/bootstrap/AgentPreCheck.java

            + javaVersion
-            + " and will not be installed.");
+            + " in '"
+            + javaHome


question: Would it make sense to report that java.version / java.home cannot be accessed due to SecurityManager ?

@bric3 Not entirely sure — I followed the existing pattern used in the AgentBootstrap class, where we catch and ignore SecurityException and simply return null. I'm leaning toward keeping it consistent with the rest of the codebase unless we decide to update the pattern across the board.

That said, it's not a big change to explicitly log the reason, so I'm open to it if we think it adds value. In practice, a null value in the output would usually imply that access was blocked by the SecurityManager.
@dougqh WDYT?

I have no well formed opinion on this. My reasoning was to log this for support folk, if this situation ever happens.

Another thought came to mind about the telemetry, this was there before: what is the effect of sending null for the java version ?

dd-java-agent/src/test/groovy/datadog/trace/bootstrap/AgentPreCheckTest.groovy

dd-java-agent/src/main/java6/datadog/trace/bootstrap/AgentPreCheck.java

dougqh · 2025-05-28T12:42:10Z

dd-java-agent/src/main/java6/datadog/trace/bootstrap/AgentPreCheck.java

+            + "\"runtime_name\":\"jvm\","
+            + "\"language_name\":\"jvm\","
+            + "\"runtime_version\":\""
+            + javaVersion


Part of me doesn't like that these aren't escaped properly, but I suppose for this use case it is okay.

…heck.java Co-authored-by: Brice Dutheil <brice.dutheil@gmail.com>

| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.49.0` -> `1.50.0` | --- ### Release Notes <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.50.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.50.0): 1.50.0 ### Deprecation Notice > \[!NOTE] > `DD_RUNTIME_ID_ENABLED` has been deprecated and will be removed in future releases. Please use `DD_RUNTIME_METRICS_RUNTIME_ID_ENABLED` instead. ### Components #### Application Security Management (WAF) - 🐛 Add String length truncation limit to ObjectIntrospector and update truncation metrics ([#8825](DataDog/dd-trace-java#8825) - [@jandro996](https://github.com/jandro996)) - 🐛 Adapt standalone ASM to support API Security ([#8804](DataDog/dd-trace-java#8804) - [@jandro996](https://github.com/jandro996)) - ✨ Add appsec.waf.input\_truncated metric ([#8791](DataDog/dd-trace-java#8791) - [@jandro996](https://github.com/jandro996)) - ✨ Extended appsec request body collection ([#8748](DataDog/dd-trace-java#8748) - [@jandro996](https://github.com/jandro996)) - ✨ Extended appsec request/response headers collection ([#8724](DataDog/dd-trace-java#8724) - [@jandro996](https://github.com/jandro996)) #### Build & Tooling - ✨ Add artifacts to public s3 bucket ([#8947](DataDog/dd-trace-java#8947) - [@randomanderson](https://github.com/randomanderson)) #### Continuous Integration Visibility - ✨ Improve PR information building ([#8908](DataDog/dd-trace-java#8908) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Truncate span stack traces when Test Optimization is enabled ([#8903](DataDog/dd-trace-java#8903) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Ensure auto-detected service name is the same for every process in the same build ([#8902](DataDog/dd-trace-java#8902) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Use tag as fallback in api requests if no branch is available ([#8876](DataDog/dd-trace-java#8876) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Add support for JUnit 5.13-RC1 ([#8865](DataDog/dd-trace-java#8865), [#8871](DataDog/dd-trace-java#8871) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Implement attempt to fix v3 and v4 and bump capability version ([#8824](DataDog/dd-trace-java#8824) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - 🧹 Align retry logic for all test framework instrumentations ([#8803](DataDog/dd-trace-java#8803) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - 🐛 Always build ci workspace without trailing separator ([#8788](DataDog/dd-trace-java#8788) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Add commit discrepancies telemetry when building repository git information ([#8763](DataDog/dd-trace-java#8763) - [@daniel-mohedano](https://github.com/daniel-mohedano)) #### Data Streams Monitoring - 💡 Surface process tags in dsm payloads and use them for base hash calculation ([#8836](DataDog/dd-trace-java#8836) - [@amarziali](https://github.com/amarziali)) #### Dynamic Instrumentation - ✨ Optimized allocations for collection filter functions ([#8896](DataDog/dd-trace-java#8896) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Fix SymDB upload size check ([#8887](DataDog/dd-trace-java#8887) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Add support for Set in filter function ([#8873](DataDog/dd-trace-java#8873) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Add support for isDefined in log template ([#8859](DataDog/dd-trace-java#8859) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Fix Max captured frames for Exception Replay ([#8856](DataDog/dd-trace-java#8856) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Remove static inherited fields collection ([#8832](DataDog/dd-trace-java#8832) - [@jpbempel](https://github.com/jpbempel)) - 💡 Add process tags to dynamic instrumentation intake payload ([#8779](DataDog/dd-trace-java#8779) - [@amarziali](https://github.com/amarziali)) #### GraalVM native-image - ✨ Add support for GraalVM Native GC metrics ([#8913](DataDog/dd-trace-java#8913) - [@ygree](https://github.com/ygree)) - ✨ Add JMXFetch support for GraalVM Native ([#8569](DataDog/dd-trace-java#8569) - [@ygree](https://github.com/ygree)) #### JMX fetch - ✨ Add support for GraalVM Native GC metrics ([#8913](DataDog/dd-trace-java#8913) - [@ygree](https://github.com/ygree)) #### Library Injection - ✨ Deny oracle db jvm based tools ([#8909](DataDog/dd-trace-java#8909) - [@bric3](https://github.com/bric3)) #### OpenTracing - 🐛 Fix OT packaging for exception replay ([#8912](DataDog/dd-trace-java#8912) - [@jpbempel](https://github.com/jpbempel)) #### Profiling - ✨ Bump ddprof to 1.27.0 ([#8893](DataDog/dd-trace-java#8893) - [@jbachorik](https://github.com/jbachorik)) - Properly handle the adaptive sampling interval overflow by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#213 - Fix [#200](DataDog/dd-trace-java#200) Crash related to aligned\_alloc and free in context by [@yanglong1010](https://github.com/yanglong1010) in DataDog/java-profiler#208 - Explicitly initialize empty context page by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#210 - Re-connect crash recursion protection with VM stackwalker by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#214 - ✨ Enable ZSTD compression for profiling ([#8862](DataDog/dd-trace-java#8862) - [@MattAlp](https://github.com/MattAlp)) - ✨ Extend JPS re-implementation to J9 family ([#8813](DataDog/dd-trace-java#8813) - [@MattAlp](https://github.com/MattAlp)) - 💡 Collect process tags for profiling upload requests ([#8780](DataDog/dd-trace-java#8780) - [@amarziali](https://github.com/amarziali)) #### Telemetry - 💡 Surface process tags on telemetry payloads ([#8837](DataDog/dd-trace-java#8837) - [@amarziali](https://github.com/amarziali)) #### Trace context propagation - ✨ Migrating all HttpClient Instrumentations to Inject Full Context ([#8826](DataDog/dd-trace-java#8826) - [@mhlidd](https://github.com/mhlidd)) - ✨ Migrating all HttpServer Instrumentations to Extract full Context ([#8820](DataDog/dd-trace-java#8820) - [@mhlidd](https://github.com/mhlidd)) - ✨ Add context API support OTel propagators ([#8770](DataDog/dd-trace-java#8770) - [@PerfectSlayer](https://github.com/PerfectSlayer)) #### Tracer core - ✨⚡ Skip JAXB generated classes classloader ([#9003](DataDog/dd-trace-java#9003) - [@bric3](https://github.com/bric3)) - ✨ Add DD\_RUNTIME\_METRICS\_RUNTIME\_ID\_ENABLED alias for runtime id generation ([#8981](DataDog/dd-trace-java#8981) - [@amarziali](https://github.com/amarziali)) - 🐛 Use resolved address for peer.hostname when available without hitting the cache ([#8915](DataDog/dd-trace-java#8915) - [@amarziali](https://github.com/amarziali)) - 💡 Surface server name process tag for tomcat ([#8894](DataDog/dd-trace-java#8894) - [@amarziali](https://github.com/amarziali)) - 💡 Surface websphere cell and server name on process tags ([#8880](DataDog/dd-trace-java#8880) - [@amarziali](https://github.com/amarziali)) - ✨ Added special lightweight pre-main class that skips installation on incompatible JVMs. ([#8855](DataDog/dd-trace-java#8855) - [@AlexeyKuznetsov-DD](https://github.com/AlexeyKuznetsov-DD)) - 💡 Add entrypoint type to process tags ([#8839](DataDog/dd-trace-java#8839) - [@amarziali](https://github.com/amarziali)) - ✨ Extend JPS re-implementation to J9 family ([#8813](DataDog/dd-trace-java#8813) - [@MattAlp](https://github.com/MattAlp)) - ✨ Notify listeners when the scope top changes after switching scope stacks ([#8797](DataDog/dd-trace-java#8797) - [@mcculls](https://github.com/mcculls)) - ✨ Read hsperfdata for Java PIDs if jvmstat is unavailable ([#8792](DataDog/dd-trace-java#8792) - [@MattAlp](https://github.com/MattAlp)) - 🐛 Turn JDK socket support on by default ([#8752](DataDog/dd-trace-java#8752) - [@sarahchen6](https://github.com/sarahchen6)) - ✨ Simplify context propagation ([#8719](DataDog/dd-trace-java#8719) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨ Add JSON parsing support ([#8579](DataDog/dd-trace-java#8579) - [@PerfectSlayer](https://github.com/PerfectSlayer)) #### Tracer internal logging - ✨ Fix printing format of span identifiers ([#8897](DataDog/dd-trace-java#8897) - [@vandonr](https://github.com/vandonr)) #### Tracer public API - 💡 Track the source of installation ([#8956](DataDog/dd-trace-java#8956) - [@mabdinur](https://github.com/mabdinur)) - ✨ Enforce size limit on application\_monitoring.yaml files ([#8789](DataDog/dd-trace-java#8789) - [@mtoffl01](https://github.com/mtoffl01)) - ✨ Enabling baggage cache to support limits and non-ascii characters ([#8713](DataDog/dd-trace-java#8713) - [@mhlidd](https://github.com/mhlidd)) ### Instrumentations #### AWS Lambda instrumentation - ✨ Pass Lambda Request ID to Extension ([#8814](DataDog/dd-trace-java#8814) - [@nhulston](https://github.com/nhulston)) #### Core Java language instrumentation - ✨ Ensure ClassloadingInstrumentation is always applied even with `DD_TRACE_ENABLED=false` ([#8863](DataDog/dd-trace-java#8863) - [@mcculls](https://github.com/mcculls)) #### Eclipse Vert.x instrumentation - 🐛 Do not override route with / in vertx instrumentation ([#8881](DataDog/dd-trace-java#8881) - [@vandonr](https://github.com/vandonr)) #### IBM Liberty - 🐛 Fix error mark on http status for IBM liberty ([#8822](DataDog/dd-trace-java#8822) - [@amarziali](https://github.com/amarziali)) #### JDBC instrumentation - 🐛 Do not prepend DBM <> APM trace comment in SQLCommenter if there is a pg plan hint ([#8864](DataDog/dd-trace-java#8864) - [@edengorevoy](https://github.com/edengorevoy)) #### JMS instrumentation - ✨ Add jms as an extra integration name where there is JMS involved ([#8933](DataDog/dd-trace-java#8933) - [@vandonr](https://github.com/vandonr)) #### Kotlin instrumentation - ✨ Enable kotlin\_coroutine integration by default ([#8848](DataDog/dd-trace-java#8848) - [@mcculls](https://github.com/mcculls)) - 🧹 Rework Kotlin coroutines instrumentation around coroutine context ([#8774](DataDog/dd-trace-java#8774) - [@mcculls](https://github.com/mcculls)) #### OpenTelemetry instrumentation - 🐛 Support WithSpan inheritContext attribute ([#8858](DataDog/dd-trace-java#8858) - [@amarziali](https://github.com/amarziali)) - ✨ Add context API support OTel propagators ([#8770](DataDog/dd-trace-java#8770) - [@PerfectSlayer](https://github.com/PerfectSlayer)) #### Play Framework instrumentation - 🐛 Fix the Play Framework's span resource name priority so that the client JAX-RS 404 cannot override it ([#8591](DataDog/dd-trace-java#8591) - [@ygree](https://github.com/ygree)) #### Quarkus Instrumentation - 🐛 Ignore quarkus jaxrs stubs and cdi wrapper proxies ([#8891](DataDog/dd-trace-java#8891) - [@amarziali](https://github.com/amarziali)) #### ServiceTalk - ✨ Improve ServiceTalk Captured Context API Instrumentation for v0.42.56+ ([#8821](DataDog/dd-trace-java#8821) - [@ygree](https://github.com/ygree)) #### Spring instrumentation - ✨ Supporting Baggage for Instrumentations used in Weblog Tests ([#8773](DataDog/dd-trace-java#8773) - [@mhlidd](https://github.com/mhlidd)) #### WebSocket Instrumentation - 💡 Trace websocket for spring webflux reactive handlers ([#8831](DataDog/dd-trace-java#8831) - [@amarziali](https://github.com/amarziali)) - 💡:test\_tube: WebSocket support for Netty ([#8632](DataDog/dd-trace-java#8632) - [@ValentinZakharov](https://github.com/ValentinZakharov)) #### Zio Instrumentation - 🧹 Cleanup Zio fiber instrumentation to avoid repeated activation of continuation ([#8798](DataDog/dd-trace-java#8798) - [@mcculls](https://github.com/mcculls)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 9207366cdb6a1bd098082305d354a0a3c4622d7a

Added special lightweight pre-main class to enable SSI inject for Jav…

5e9b6ba

…a 6.

AlexeyKuznetsov-DD added type: enhancement comp: core Tracer core labels May 20, 2025

Fixed SuppressForbidden test.

c40db79

PerfectSlayer reviewed May 21, 2025

View reviewed changes

dd-java-agent/build.gradle Show resolved Hide resolved