Skip to content

Introduce environment component #9071

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 3, 2025
Merged

Introduce environment component #9071

merged 1 commit into from
Jul 3, 2025

Conversation

PerfectSlayer
Copy link
Contributor

@PerfectSlayer PerfectSlayer commented Jul 1, 2025
edited by jira bot
Loading

What Does This Do

This PR introduces a new platform component dedicated to the interactions with the underlying OS and JVM.

Motivation

The goal is to gather a collection of helper related to environment query as a consistent and tested API.
So far, the environment API provides:

  • Safe environment variable access (security manager handling, default values)
  • Safe system properties access (security manager handling, default values)
  • JVM information:
    • Version
    • Vendor
    • VM options
    • MainClass or jar file
    • Command arguments
  • OS detection:
    • Linux / Windows / MacOS
    • arch64
    • musl

JVM information will now take into account:

Additional Notes

The JVM argument --disable-@files is not supported. It is supposed to work since Java 9 but was only fixed in some Java 20 update for some vendor. I does not seem to be used at all.

This PR is the first of many stacked PRs to come.

Contributor Checklist

Jira ticket: LANGPLAT-458

@PerfectSlayer PerfectSlayer added type: enhancement Enhancements and improvements comp: platform Platform components labels Jul 1, 2025
@PerfectSlayer PerfectSlayer force-pushed the bbujon/environment-step1 branch from 7b74889 to c835b69 Compare July 1, 2025 04:24
@PerfectSlayer PerfectSlayer marked this pull request as ready for review July 1, 2025 04:24
@PerfectSlayer PerfectSlayer requested review from a team as code owners July 1, 2025 04:24
@PerfectSlayer PerfectSlayer requested review from dougqh and removed request for a team July 1, 2025 04:24
@pr-commenter
Copy link

pr-commenter bot commented Jul 1, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master bbujon/environment-step1
git_commit_date 1751437988 1751448575
git_commit_sha 40561cd a96389e
release_version 1.51.0-SNAPSHOT~40561cd093 1.51.0-SNAPSHOT~a96389ec94
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1751450376 1751450376
ci_job_id 1009307289 1009307289
ci_pipeline_id 69403387 69403387
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-3oh8--wc-project-304-concurrent-0-8wdvub18 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-3oh8--wc-project-304-concurrent-0-8wdvub18 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 47 metrics, 6 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.51.0-SNAPSHOT~a96389ec94, baseline=1.51.0-SNAPSHOT~40561cd093

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (997.731 ms) : 0, 997731
Total [baseline] (8.577 s) : 0, 8576570
Agent [candidate] (997.898 ms) : 0, 997898
Total [candidate] (8.577 s) : 0, 8576756
section iast
Agent [baseline] (1.14 s) : 0, 1139569
Total [baseline] (9.297 s) : 0, 9297177
Agent [candidate] (1.134 s) : 0, 1133608
Total [candidate] (9.295 s) : 0, 9294588
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 997.731 ms -
Agent iast 1.14 s 141.838 ms (14.2%)
Total tracing 8.577 s -
Total iast 9.297 s 720.608 ms (8.4%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 997.898 ms -
Agent iast 1.134 s 135.711 ms (13.6%)
Total tracing 8.577 s -
Total iast 9.295 s 717.832 ms (8.4%) 
gantt
    title insecure-bank - break down per module: candidate=1.51.0-SNAPSHOT~a96389ec94, baseline=1.51.0-SNAPSHOT~40561cd093

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (688.966 ms) : 0, 688966
BytebuddyAgent [candidate] (688.983 ms) : 0, 688983
GlobalTracer [baseline] (242.723 ms) : 0, 242723
GlobalTracer [candidate] (242.816 ms) : 0, 242816
AppSec [baseline] (30.378 ms) : 0, 30378
AppSec [candidate] (30.319 ms) : 0, 30319
Debugger [baseline] (6.053 ms) : 0, 6053
Debugger [candidate] (6.032 ms) : 0, 6032
Remote Config [baseline] (679.41 µs) : 0, 679
Remote Config [candidate] (678.654 µs) : 0, 679
Telemetry [baseline] (8.193 ms) : 0, 8193
Telemetry [candidate] (8.275 ms) : 0, 8275
section iast
BytebuddyAgent [baseline] (814.059 ms) : 0, 814059
BytebuddyAgent [candidate] (809.596 ms) : 0, 809596
GlobalTracer [baseline] (234.388 ms) : 0, 234388
GlobalTracer [candidate] (233.656 ms) : 0, 233656
IAST [baseline] (28.114 ms) : 0, 28114
IAST [candidate] (28.56 ms) : 0, 28560
AppSec [baseline] (27.772 ms) : 0, 27772
AppSec [candidate] (26.721 ms) : 0, 26721
Debugger [baseline] (5.857 ms) : 0, 5857
Debugger [candidate] (5.791 ms) : 0, 5791
Remote Config [baseline] (581.791 µs) : 0, 582
Remote Config [candidate] (574.361 µs) : 0, 574
Telemetry [baseline] (7.967 ms) : 0, 7967
Telemetry [candidate] (7.92 ms) : 0, 7920
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.51.0-SNAPSHOT~a96389ec94, baseline=1.51.0-SNAPSHOT~40561cd093

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (997.797 ms) : 0, 997797
Total [baseline] (10.64 s) : 0, 10640162
Agent [candidate] (1.004 s) : 0, 1004012
Total [candidate] (10.617 s) : 0, 10617069
section appsec
Agent [baseline] (1.185 s) : 0, 1184644
Total [baseline] (10.811 s) : 0, 10810584
Agent [candidate] (1.175 s) : 0, 1174508
Total [candidate] (10.694 s) : 0, 10693749
section iast
Agent [baseline] (1.136 s) : 0, 1136138
Total [baseline] (10.857 s) : 0, 10856722
Agent [candidate] (1.133 s) : 0, 1133457
Total [candidate] (10.859 s) : 0, 10859011
section profiling
Agent [baseline] (1.246 s) : 0, 1245739
Total [baseline] (10.977 s) : 0, 10977102
Agent [candidate] (1.246 s) : 0, 1246413
Total [candidate] (11.027 s) : 0, 11026633
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 997.797 ms -
Agent appsec 1.185 s 186.847 ms (18.7%)
Agent iast 1.136 s 138.341 ms (13.9%)
Agent profiling 1.246 s 247.942 ms (24.8%)
Total tracing 10.64 s -
Total appsec 10.811 s 170.421 ms (1.6%)
Total iast 10.857 s 216.56 ms (2.0%)
Total profiling 10.977 s 336.939 ms (3.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.004 s -
Agent appsec 1.175 s 170.495 ms (17.0%)
Agent iast 1.133 s 129.445 ms (12.9%)
Agent profiling 1.246 s 242.401 ms (24.1%)
Total tracing 10.617 s -
Total appsec 10.694 s 76.68 ms (0.7%)
Total iast 10.859 s 241.942 ms (2.3%)
Total profiling 11.027 s 409.564 ms (3.9%) 
gantt
    title petclinic - break down per module: candidate=1.51.0-SNAPSHOT~a96389ec94, baseline=1.51.0-SNAPSHOT~40561cd093

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (689.011 ms) : 0, 689011
BytebuddyAgent [candidate] (693.473 ms) : 0, 693473
GlobalTracer [baseline] (242.859 ms) : 0, 242859
GlobalTracer [candidate] (244.157 ms) : 0, 244157
AppSec [baseline] (30.25 ms) : 0, 30250
AppSec [candidate] (30.406 ms) : 0, 30406
Debugger [baseline] (6.028 ms) : 0, 6028
Debugger [candidate] (6.045 ms) : 0, 6045
Remote Config [baseline] (675.447 µs) : 0, 675
Remote Config [candidate] (683.054 µs) : 0, 683
Telemetry [baseline] (8.22 ms) : 0, 8220
Telemetry [candidate] (8.251 ms) : 0, 8251
section appsec
BytebuddyAgent [baseline] (717.448 ms) : 0, 717448
BytebuddyAgent [candidate] (710.518 ms) : 0, 710518
GlobalTracer [baseline] (237.798 ms) : 0, 237798
GlobalTracer [candidate] (235.788 ms) : 0, 235788
AppSec [baseline] (171.599 ms) : 0, 171599
AppSec [candidate] (170.898 ms) : 0, 170898
Debugger [baseline] (5.785 ms) : 0, 5785
Debugger [candidate] (5.81 ms) : 0, 5810
Remote Config [baseline] (609.646 µs) : 0, 610
Remote Config [candidate] (612.566 µs) : 0, 613
Telemetry [baseline] (8.095 ms) : 0, 8095
Telemetry [candidate] (8.102 ms) : 0, 8102
IAST [baseline] (22.378 ms) : 0, 22378
IAST [candidate] (21.996 ms) : 0, 21996
section iast
BytebuddyAgent [baseline] (812.289 ms) : 0, 812289
BytebuddyAgent [candidate] (809.013 ms) : 0, 809013
GlobalTracer [baseline] (232.907 ms) : 0, 232907
GlobalTracer [candidate] (233.417 ms) : 0, 233417
AppSec [baseline] (27.606 ms) : 0, 27606
AppSec [candidate] (28.554 ms) : 0, 28554
Debugger [baseline] (5.849 ms) : 0, 5849
Debugger [candidate] (5.847 ms) : 0, 5847
Remote Config [baseline] (575.991 µs) : 0, 576
Remote Config [candidate] (589.282 µs) : 0, 589
Telemetry [baseline] (7.964 ms) : 0, 7964
Telemetry [candidate] (8.04 ms) : 0, 8040
IAST [baseline] (28.04 ms) : 0, 28040
IAST [candidate] (27.151 ms) : 0, 27151
section profiling
ProfilingAgent [baseline] (103.15 ms) : 0, 103150
ProfilingAgent [candidate] (102.824 ms) : 0, 102824
BytebuddyAgent [baseline] (678.479 ms) : 0, 678479
BytebuddyAgent [candidate] (679.631 ms) : 0, 679631
GlobalTracer [baseline] (362.387 ms) : 0, 362387
GlobalTracer [candidate] (362.155 ms) : 0, 362155
AppSec [baseline] (30.923 ms) : 0, 30923
AppSec [candidate] (30.866 ms) : 0, 30866
Debugger [baseline] (12.823 ms) : 0, 12823
Debugger [candidate] (10.674 ms) : 0, 10674
Remote Config [baseline] (660.886 µs) : 0, 661
Remote Config [candidate] (693.105 µs) : 0, 693
Telemetry [baseline] (8.716 ms) : 0, 8716
Telemetry [candidate] (10.242 ms) : 0, 10242
Profiling [baseline] (103.174 ms) : 0, 103174
Profiling [candidate] (102.849 ms) : 0, 102849
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master bbujon/environment-step1
git_commit_date 1751437988 1751448575
git_commit_sha 40561cd a96389e
release_version 1.51.0-SNAPSHOT~40561cd093 1.51.0-SNAPSHOT~a96389ec94
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1751450054 1751450054
ci_job_id 1009307290 1009307290
ci_pipeline_id 69403387 69403387
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-3oh8:wc-project-304-concurrent-1-lwgaaoiv 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-3oh8:wc-project-304-concurrent-1-lwgaaoiv 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 12 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:petclinic:iast:high_load better
[-2.788ms; -1.948ms] or [-6.039%; -4.220%]		 unstable
[-2.211op/s; +13.111op/s] or [-2.181%; +12.935%]		 43.803ms 106.812op/s 46.171ms 101.362op/s
scenario:load:petclinic:no_agent:high_load better
[-2.117ms; -1.492ms] or [-5.618%; -3.960%]		 unstable
[-3.028op/s; +15.328op/s] or [-2.439%; +12.346%]		 35.878ms 130.300op/s 37.683ms 124.150op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~a96389ec94, baseline=1.51.0-SNAPSHOT~40561cd093
    dateFormat X
    axisFormat %s
section baseline
no_agent (37.683 ms) : 37387, 37979
.   : milestone, 37683,
appsec (47.725 ms) : 47295, 48155
.   : milestone, 47725,
code_origins (44.86 ms) : 44476, 45245
.   : milestone, 44860,
iast (46.171 ms) : 45778, 46564
.   : milestone, 46171,
profiling (49.153 ms) : 48672, 49634
.   : milestone, 49153,
tracing (45.312 ms) : 44936, 45688
.   : milestone, 45312,
section candidate
no_agent (35.878 ms) : 35594, 36163
.   : milestone, 35878,
appsec (47.953 ms) : 47528, 48379
.   : milestone, 47953,
code_origins (44.785 ms) : 44376, 45193
.   : milestone, 44785,
iast (43.803 ms) : 43415, 44190
.   : milestone, 43803,
profiling (47.989 ms) : 47526, 48452
.   : milestone, 47989,
tracing (45.21 ms) : 44823, 45597
.   : milestone, 45210,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 37.683 ms [37.387 ms, 37.979 ms] -
appsec 47.725 ms [47.295 ms, 48.155 ms] 10.042 ms (26.6%)
code_origins 44.86 ms [44.476 ms, 45.245 ms] 7.178 ms (19.0%)
iast 46.171 ms [45.778 ms, 46.564 ms] 8.488 ms (22.5%)
profiling 49.153 ms [48.672 ms, 49.634 ms] 11.47 ms (30.4%)
tracing 45.312 ms [44.936 ms, 45.688 ms] 7.629 ms (20.2%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 35.878 ms [35.594 ms, 36.163 ms] -
appsec 47.953 ms [47.528 ms, 48.379 ms] 12.075 ms (33.7%)
code_origins 44.785 ms [44.376 ms, 45.193 ms] 8.906 ms (24.8%)
iast 43.803 ms [43.415 ms, 44.19 ms] 7.924 ms (22.1%)
profiling 47.989 ms [47.526 ms, 48.452 ms] 12.111 ms (33.8%)
tracing 45.21 ms [44.823 ms, 45.597 ms] 9.332 ms (26.0%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~a96389ec94, baseline=1.51.0-SNAPSHOT~40561cd093
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.433 ms) : 4383, 4482
.   : milestone, 4433,
iast (9.032 ms) : 8885, 9179
.   : milestone, 9032,
iast_FULL (14.242 ms) : 13959, 14524
.   : milestone, 14242,
iast_GLOBAL (10.092 ms) : 9909, 10275
.   : milestone, 10092,
profiling (8.911 ms) : 8772, 9049
.   : milestone, 8911,
tracing (7.576 ms) : 7472, 7681
.   : milestone, 7576,
section candidate
no_agent (4.359 ms) : 4309, 4408
.   : milestone, 4359,
iast (9.198 ms) : 9051, 9345
.   : milestone, 9198,
iast_FULL (13.878 ms) : 13601, 14155
.   : milestone, 13878,
iast_GLOBAL (10.089 ms) : 9905, 10273
.   : milestone, 10089,
profiling (8.625 ms) : 8490, 8760
.   : milestone, 8625,
tracing (7.604 ms) : 7489, 7718
.   : milestone, 7604,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.433 ms [4.383 ms, 4.482 ms] -
iast 9.032 ms [8.885 ms, 9.179 ms] 4.599 ms (103.8%)
iast_FULL 14.242 ms [13.959 ms, 14.524 ms] 9.809 ms (221.3%)
iast_GLOBAL 10.092 ms [9.909 ms, 10.275 ms] 5.659 ms (127.7%)
profiling 8.911 ms [8.772 ms, 9.049 ms] 4.478 ms (101.0%)
tracing 7.576 ms [7.472 ms, 7.681 ms] 3.144 ms (70.9%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.359 ms [4.309 ms, 4.408 ms] -
iast 9.198 ms [9.051 ms, 9.345 ms] 4.839 ms (111.0%)
iast_FULL 13.878 ms [13.601 ms, 14.155 ms] 9.519 ms (218.4%)
iast_GLOBAL 10.089 ms [9.905 ms, 10.273 ms] 5.731 ms (131.5%)
profiling 8.625 ms [8.49 ms, 8.76 ms] 4.266 ms (97.9%)
tracing 7.604 ms [7.489 ms, 7.718 ms] 3.245 ms (74.4%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master bbujon/environment-step1
git_commit_date 1751437988 1751448575
git_commit_sha 40561cd a96389e
release_version 1.51.0-SNAPSHOT~40561cd093 1.51.0-SNAPSHOT~a96389ec94
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1751450624 1751450624
ci_job_id 1009307291 1009307291
ci_pipeline_id 69403387 69403387
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-3m8ntkv1-project-304-concurrent-0-1v0ns1cs 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-3m8ntkv1-project-304-concurrent-0-1v0ns1cs 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~a96389ec94, baseline=1.51.0-SNAPSHOT~40561cd093
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.476 ms) : 1464, 1488
.   : milestone, 1476,
appsec (2.415 ms) : 2366, 2465
.   : milestone, 2415,
iast (2.201 ms) : 2138, 2263
.   : milestone, 2201,
iast_GLOBAL (2.249 ms) : 2186, 2312
.   : milestone, 2249,
profiling (2.052 ms) : 2001, 2103
.   : milestone, 2052,
tracing (2.023 ms) : 1975, 2072
.   : milestone, 2023,
section candidate
no_agent (1.476 ms) : 1464, 1487
.   : milestone, 1476,
appsec (2.408 ms) : 2358, 2457
.   : milestone, 2408,
iast (2.198 ms) : 2136, 2261
.   : milestone, 2198,
iast_GLOBAL (2.237 ms) : 2174, 2299
.   : milestone, 2237,
profiling (2.054 ms) : 2002, 2105
.   : milestone, 2054,
tracing (2.013 ms) : 1965, 2062
.   : milestone, 2013,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.476 ms [1.464 ms, 1.488 ms] -
appsec 2.415 ms [2.366 ms, 2.465 ms] 939.509 µs (63.7%)
iast 2.201 ms [2.138 ms, 2.263 ms] 724.775 µs (49.1%)
iast_GLOBAL 2.249 ms [2.186 ms, 2.312 ms] 772.859 µs (52.4%)
profiling 2.052 ms [2.001 ms, 2.103 ms] 576.142 µs (39.0%)
tracing 2.023 ms [1.975 ms, 2.072 ms] 547.259 µs (37.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.476 ms [1.464 ms, 1.487 ms] -
appsec 2.408 ms [2.358 ms, 2.457 ms] 931.611 µs (63.1%)
iast 2.198 ms [2.136 ms, 2.261 ms] 722.489 µs (49.0%)
iast_GLOBAL 2.237 ms [2.174 ms, 2.299 ms] 760.898 µs (51.6%)
profiling 2.054 ms [2.002 ms, 2.105 ms] 577.761 µs (39.1%)
tracing 2.013 ms [1.965 ms, 2.062 ms] 537.521 µs (36.4%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~a96389ec94, baseline=1.51.0-SNAPSHOT~40561cd093
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.897 s) : 14897000, 14897000
.   : milestone, 14897000,
appsec (14.774 s) : 14774000, 14774000
.   : milestone, 14774000,
iast (18.418 s) : 18418000, 18418000
.   : milestone, 18418000,
iast_GLOBAL (17.881 s) : 17881000, 17881000
.   : milestone, 17881000,
profiling (15.248 s) : 15248000, 15248000
.   : milestone, 15248000,
tracing (15.018 s) : 15018000, 15018000
.   : milestone, 15018000,
section candidate
no_agent (15.655 s) : 15655000, 15655000
.   : milestone, 15655000,
appsec (14.966 s) : 14966000, 14966000
.   : milestone, 14966000,
iast (18.574 s) : 18574000, 18574000
.   : milestone, 18574000,
iast_GLOBAL (17.822 s) : 17822000, 17822000
.   : milestone, 17822000,
profiling (15.914 s) : 15914000, 15914000
.   : milestone, 15914000,
tracing (14.813 s) : 14813000, 14813000
.   : milestone, 14813000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.897 s [14.897 s, 14.897 s] -
appsec 14.774 s [14.774 s, 14.774 s] -123.0 ms (-0.8%)
iast 18.418 s [18.418 s, 18.418 s] 3.521 s (23.6%)
iast_GLOBAL 17.881 s [17.881 s, 17.881 s] 2.984 s (20.0%)
profiling 15.248 s [15.248 s, 15.248 s] 351.0 ms (2.4%)
tracing 15.018 s [15.018 s, 15.018 s] 121.0 ms (0.8%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.655 s [15.655 s, 15.655 s] -
appsec 14.966 s [14.966 s, 14.966 s] -689.0 ms (-4.4%)
iast 18.574 s [18.574 s, 18.574 s] 2.919 s (18.6%)
iast_GLOBAL 17.822 s [17.822 s, 17.822 s] 2.167 s (13.8%)
profiling 15.914 s [15.914 s, 15.914 s] 259.0 ms (1.7%)
tracing 14.813 s [14.813 s, 14.813 s] -842.0 ms (-5.4%)

@PerfectSlayer PerfectSlayer force-pushed the bbujon/environment-step1 branch 2 times, most recently from c3f935d to fa4ca74 Compare July 1, 2025 14:28
bric3
bric3 reviewed Jul 1, 2025
View reviewed changes
components/environment/src/main/java/datadog/environment/CommandLine.java
@SuppressForbidden // split on single-character uses fast path
private List<String> findFullCommand() {
String command = SystemProperties.getOrDefault(SUN_JAVA_COMMAND_PROPERTY, "").trim();
return command.isEmpty() ? emptyList() : Arrays.asList(command.split(" "));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this work if args have spaces ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

full command might be problematic to parse properly. I'm thinking about windows in particular.

/ # cat Cmd.java
public class Cmd {
    public static void main(String... args) {
        System.out.println(System.getProperty("sun.java.command"));
    }
}
/ # java Cmd.java "foo bar"
jdk.compiler/com.sun.tools.javac.launcher.Main Cmd.java foo bar

...

/ # java -jar /tmp/foo\ bar/cmd.jar "foo bar"
/tmp/foo bar/cmd.jar foo bar

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think that would work well. But that is the current behavior:

dd-trace-java/internal-api/src/main/java/datadog/trace/api/env/CapturedEnvironment.java

Lines 22 to 43 in 0f41106

public ProcessInfo() {
// Besides "sun.java.command" property is not an standard, all main JDKs has set this
// property.
// Tested on:
// - OracleJDK, OpenJDK, AdoptOpenJDK, IBM JDK, Azul Zulu JDK, Amazon Coretto JDK
final String command = System.getProperty("sun.java.command");
if (command == null || command.isEmpty()) {
return;
}
final String[] split = command.trim().split(" ");
if (split.length == 0 || split[0].isEmpty()) {
return;
}
final String candidate = split[0];
if (candidate.toLowerCase(Locale.ROOT).endsWith(".jar")) {
jarFile = new File(candidate);
} else {
mainClass = candidate;
}
}

So far, I would be in favor to keep it as is, document the limitation, and revisit it later when I will finally have time to do LP work (this dev is mostly based of R&D week and overnight time). WDYT?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes OK.

Eventually this can be a good call as a future improvement to leverage ProcessHandle when the JVM is at least Java 9.

@PerfectSlayer PerfectSlayer force-pushed the bbujon/environment-step1 branch from fa4ca74 to cf7e701 Compare July 1, 2025 15:52
@PerfectSlayer PerfectSlayer force-pushed the bbujon/environment-step1 branch from cf7e701 to c99f499 Compare July 2, 2025 07:19
@PerfectSlayer PerfectSlayer force-pushed the bbujon/environment-step1 branch from c99f499 to a96389e Compare July 2, 2025 09:30
@PerfectSlayer PerfectSlayer requested review from bric3 and amarziali July 2, 2025 15:59
bric3
bric3 approved these changes Jul 2, 2025
View reviewed changes
components/environment/src/main/java/datadog/environment/JvmOptions.java
Comment on lines +81 to +103
// Try Oracle-based
// IBM Semeru Runtime 1.8.0_345-b01 will throw UnsatisfiedLinkError here.
try {
final Class<?> managementFactoryHelperClass =
Class.forName("sun.management.ManagementFactoryHelper");
final Class<?> vmManagementClass = Class.forName("sun.management.VMManagement");

Object vmManagement;
try {
vmManagement =
managementFactoryHelperClass.getDeclaredMethod("getVMManagement").invoke(null);
} catch (final Throwable e) {
// Older vm before getVMManagement() existed
final Field field = managementFactoryHelperClass.getDeclaredField("jvm");
field.setAccessible(true);
vmManagement = field.get(null);
field.setAccessible(false);
}
//noinspection unchecked
return (List<String>) vmManagementClass.getMethod("getVmArguments").invoke(vmManagement);
} catch (final Throwable ignored) {
// Ignored exception
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it makes sense to do a simpler check like if (JavaVirtualMachine.isOracle()) { ... } ?

Same for IBM

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the idea is to try it even if the system properties do not match so you get a chance to capture the data whenever it's available and improve the detection overall. But you would have to ask the original implementer if you would like the reasoning behind.

@PerfectSlayer PerfectSlayer merged commit 036f8f1 into master Jul 3, 2025
509 of 511 checks passed
@PerfectSlayer PerfectSlayer deleted the bbujon/environment-step1 branch July 3, 2025 05:33
@github-actions github-actions bot added this to the 1.51.0 milestone Jul 3, 2025
@bric3 bric3 mentioned this pull request Jul 3, 2025
Merged
This was referenced Jul 3, 2025
Merged
Merged
Merged
@PerfectSlayer PerfectSlayer mentioned this pull request Jul 4, 2025
Merged
svc-squareup-copybara pushed a commit to cashapp/misk that referenced this pull request Jul 10, 2025
@github-cash-renovate-jvm-2 @svc-squareup-copybara
This PR contains the following updates:
48e635d 
| Package | Type | Package file | Manager | Update | Change |
|---|---|---|---|---|---|
|
[com.google.errorprone:error_prone_annotations](https://errorprone.info)
([source](https://github.com/google/error-prone)) | dependencies |
misk/gradle/libs.versions.toml | gradle | minor | `2.39.0` -> `2.40.0` |
|
[org.apache.commons:commons-lang3](https://commons.apache.org/proper/commons-lang/)
([source](https://gitbox.apache.org/repos/asf/commons-lang.git)) |
dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`3.17.0` -> `3.18.0` |
|
[org.jetbrains.kotlinx.binary-compatibility-validator](https://github.com/Kotlin/binary-compatibility-validator)
| plugin | misk/gradle/libs.versions.toml | gradle | patch | `0.18.0` ->
`0.18.1` |
| [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`1.50.1` -> `1.51.0` |
| [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
|
[software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava)
| dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |

---

### Release Notes

<details>
<summary>google/error-prone
(com.google.errorprone:error_prone_annotations)</summary>

###
[`v2.40.0`](https://github.com/google/error-prone/releases/tag/v2.40.0):
Error Prone 2.40.0

Changes:

- Bug fixes and improvements
- Releases (including snapshots) have migrated from [OSSRH to the
Central Publisher
Portal](https://central.sonatype.org/pages/ossrh-eol/#process-to-migrate)

Full changelog:
google/error-prone@v2.39.0...v2.40.0

</details>

<details>
<summary>Kotlin/binary-compatibility-validator
(org.jetbrains.kotlinx.binary-compatibility-validator)</summary>

###
[`v0.18.1`](https://github.com/Kotlin/binary-compatibility-validator/releases/tag/0.18.1)

[Compare
Source](Kotlin/binary-compatibility-validator@0.18.0...0.18.1)

#### What's Changed

- Fixed a bug preventing use of cross-compilation support during KLIB
dump validation
\[[#&#8203;304](https://github.com/Kotlin/binary-compatibility-validator/issues/304)]\[[#&#8203;306](https://github.com/Kotlin/binary-compatibility-validator/issues/306)]

</details>

<details>
<summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary>

###
[`v1.51.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.51.0):
1.51.0

### Components

#### Application Security Management (IAST)

- 🐛 Fix verify error when ctor params are used after a call site
([#&#8203;9083](DataDog/dd-trace-java#9083) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- 🐛 Limit the maximum size of the location path in IAST
vulnerabilities
([#&#8203;9028](DataDog/dd-trace-java#9028) -
[@&#8203;jandro996](https://github.com/jandro996))
- 🐛 Fix IAST gRPC handler with null superclass
([#&#8203;8984](DataDog/dd-trace-java#8984) -
[@&#8203;smola](https://github.com/smola))
- ✨ Optimize IAST Vulnerability Detection
([#&#8203;8885](DataDog/dd-trace-java#8885) -
[@&#8203;jandro996](https://github.com/jandro996))

#### Application Security Management (WAF)

- ✨ Upgrade libddwaf-java to 15.0.0
([#&#8203;9022](DataDog/dd-trace-java#9022) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))
- ✨ Extract RestEasy json body response schemas
([#&#8203;9015](DataDog/dd-trace-java#9015) -
[@&#8203;jandro996](https://github.com/jandro996))
- ✨ Extract Jersey json body response schemas
([#&#8203;9014](DataDog/dd-trace-java#9014) -
[@&#8203;jandro996](https://github.com/jandro996))
- ✨ Extract Ratpack json body response schemas
([#&#8203;9013](DataDog/dd-trace-java#9013) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Enable API Security by default and make it lazy loading
([#&#8203;9009](DataDog/dd-trace-java#9009) -
[@&#8203;smola](https://github.com/smola))
- ✨ Extract Vert.x json body response schemas
([#&#8203;9001](DataDog/dd-trace-java#9001) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Extract Play json body response schemas
([#&#8203;8995](DataDog/dd-trace-java#8995) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- 🐛 Fix Jackson nodes introspection for request/response schema
extraction
([#&#8203;8980](DataDog/dd-trace-java#8980) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Extract Spring json body response schemas
([#&#8203;8938](DataDog/dd-trace-java#8938) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))
- ✨ Default obfuscation regexp update
([#&#8203;8937](DataDog/dd-trace-java#8937) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

#### Build & Tooling

- ✨ Cancel GitLab running pipeline on new PR push
([#&#8203;9023](DataDog/dd-trace-java#9023) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer))
- ✨ Migrate publishing to Maven Central Portal
([#&#8203;8807](DataDog/dd-trace-java#8807) -
[@&#8203;sarahchen6](https://github.com/sarahchen6))

#### Continuous Integration Visibility

- 🐛 Fix Test Optimization to work with JDK 24
([#&#8203;9114](DataDog/dd-trace-java#9114) -
[@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog))
- ✨ Add repo root as safe directory on git client creation
([#&#8203;9033](DataDog/dd-trace-java#9033) -
[@&#8203;daniel-mohedano](https://github.com/daniel-mohedano))
- ✨ Add PR number tag and improve PR information building
([#&#8203;8990](DataDog/dd-trace-java#8990) -
[@&#8203;daniel-mohedano](https://github.com/daniel-mohedano))
- ✨ Update impacted tests logic
([#&#8203;8923](DataDog/dd-trace-java#8923) -
[@&#8203;daniel-mohedano](https://github.com/daniel-mohedano))

#### Data Streams Monitoring

- 🧹 Clean up DSM context injection
([#&#8203;8776](DataDog/dd-trace-java#8776) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer))

#### Database Monitoring

- 🐛 Set trace\_injected in try block
([#&#8203;9025](DataDog/dd-trace-java#9025) -
[@&#8203;natashadada](https://github.com/natashadada))

#### Dynamic Instrumentation

- 🐛 Add source file tracking enable option
([#&#8203;9115](DataDog/dd-trace-java#9115) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ Add java.util.Date support
([#&#8203;9111](DataDog/dd-trace-java#9111) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ Update file probe format
([#&#8203;9047](DataDog/dd-trace-java#9047) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ add safe local var hoisting
([#&#8203;9034](DataDog/dd-trace-java#9034) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- 🧹 Add new config for debugger upload interval
([#&#8203;8959](DataDog/dd-trace-java#8959) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ Enable Code Origin with Dynamic instrumentation
([#&#8203;8940](DataDog/dd-trace-java#8940) -
[@&#8203;jpbempel](https://github.com/jpbempel))

#### ML Observability (LLMObs)

- 💡 LLM Observability SDK
([#&#8203;8781](DataDog/dd-trace-java#8781) -
[@&#8203;gary-huang](https://github.com/gary-huang),
[@&#8203;nayeem-kamal](https://github.com/nayeem-kamal))

#### Metrics

- 🐛 Ensure client stat reporter is started when the agent is not
available at bootstrap
([#&#8203;9082](DataDog/dd-trace-java#9082) -
[@&#8203;amarziali](https://github.com/amarziali))
- ✨ Create metric: appsec.waf.config\_errors
([#&#8203;8394](DataDog/dd-trace-java#8394) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

#### Platform components

- ✨ Introduce environment component
([#&#8203;9071](DataDog/dd-trace-java#9071) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer))

#### Profiling

- 🐛 Remove annoying warning for smap event parsing
([#&#8203;9119](DataDog/dd-trace-java#9119) -
[@&#8203;jbachorik](https://github.com/jbachorik))
- 🐛 Fix ByteCountingInputStream when reading past EOF
([#&#8203;8988](DataDog/dd-trace-java#8988) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### Realtime User Monitoring

- ✨ Add RUM SDK injection for servlet based web servers
([#&#8203;9110](DataDog/dd-trace-java#9110) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer)
[@&#8203;amarziali](https://github.com/amarziali))

#### Telemetry

- ✨ Update the config origin metric to match what it's mapping
([#&#8203;9045](DataDog/dd-trace-java#9045) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

#### Testing

- ✨ Add testing for latest stable version (JDK 24)
([#&#8203;8875](DataDog/dd-trace-java#8875) -
[@&#8203;sarahchen6](https://github.com/sarahchen6))

#### Trace context propagation

- 🐛 Fix bug with dropping baggage when
`TracePropagationBehaviorExtract=IGNORE`
([#&#8203;9037](DataDog/dd-trace-java#9037) -
[@&#8203;mhlidd](https://github.com/mhlidd))
- 🐛 Fix ArrayIndexOutOfBoundsException in PercentEscaper
([#&#8203;9032](DataDog/dd-trace-java#9032) -
[@&#8203;mhlidd](https://github.com/mhlidd))

#### Tracer core

- 🐛 Fix `Error` handling for trace interceptors
([#&#8203;9097](DataDog/dd-trace-java#9097) -
[@&#8203;AlexeyKuznetsov-DD](https://github.com/AlexeyKuznetsov-DD))
- 💡 Add wildcard feature for `DD_TRACE_HEADER_TAGS` and enabling
for Http Response headers
([#&#8203;9067](DataDog/dd-trace-java#9067) -
[@&#8203;mhlidd](https://github.com/mhlidd))

#### Tracer public API

- 💡 Add LLM Observability SDK
([#&#8203;8781](DataDog/dd-trace-java#8781) -
[@&#8203;gary-huang](https://github.com/gary-huang))

### Instrumentations

#### Akka instrumentation

- 🐛 Fix NPE in akka-http and pekko-http integrations
([#&#8203;9019](DataDog/dd-trace-java#9019) -
[@&#8203;mcculls](https://github.com/mcculls))

#### Eclipse Vert.x instrumentation

- ✨ Extract Vert.x json body response schemas
([#&#8203;9001](DataDog/dd-trace-java#9001) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Write http.route tag as soon as possible in vert.x
([#&#8203;8952](DataDog/dd-trace-java#8952) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### JAX-WS instrumentation

- 💡⚠️ Enable jax-ws integration by default
([#&#8203;9030](DataDog/dd-trace-java#9030) -
[@&#8203;bm1549](https://github.com/bm1549))
- ✨ Extract Jersey json body response schemas
([#&#8203;9014](DataDog/dd-trace-java#9014) -
[@&#8203;jandro996](https://github.com/jandro996))

#### Mule instrumentation

- 🐛 Propagate grizzly http span in filters if nothing is active
([#&#8203;9016](DataDog/dd-trace-java#9016) -
[@&#8203;amarziali](https://github.com/amarziali))

#### Play Framework instrumentation

- ✨ Extract Play json body response schemas
([#&#8203;8995](DataDog/dd-trace-java#8995) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### Ratpack instrumentation

- ✨ Extract Ratpack json body response schemas
([#&#8203;9013](DataDog/dd-trace-java#9013) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### Spring instrumentation

- ✨ Extract Spring json body response schemas
([#&#8203;8938](DataDog/dd-trace-java#8938) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am
every weekday" in timezone Australia/Melbourne, Automerge - At any time
(no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://github.com/renovatebot/renovate).

GitOrigin-RevId: 649b690d4c9d7dcb572c457f0802b42b8e3e682e
This was referenced Jul 17, 2025
Merged
Merged
Merged
This was referenced Aug 1, 2025
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bric3 bric3 bric3 approved these changes

@dougqh dougqh Awaiting requested review from dougqh dougqh is a code owner automatically assigned from DataDog/apm-lang-platform-java

@amarziali amarziali Awaiting requested review from amarziali

Assignees
No one assigned
Labels
comp: platform Platform components type: enhancement Enhancements and improvements
Projects
None yet
Milestone
1.51.0
Development

Successfully merging this pull request may close these issues.
3 participants
@PerfectSlayer @bric3 @amarziali