Add support for session tracking in Vertx #8167

manuel-alvarez-alvarez · 2025-01-08T09:50:14Z

What Does This Do

Adds support for session tracking in vert.x 3.x and 4.x

Motivation

Additional Notes

Contributor Checklist

Format the title according the contribution guidelines
Assign the type: and (comp: or inst:) labels in addition to any usefull labels
Don't use close, fix or any linking keywords when referencing an issue.
Use solves instead, and assign the PR milestone to the issue
Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-56332

pr-commenter · 2025-01-08T10:29:35Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/waf-vertx-session
git_commit_date	1736835932	1736844948
git_commit_sha	`866fc61`	`8dc5857`
release_version	1.46.0-SNAPSHOT~866fc61571	1.46.0-SNAPSHOT~8dc5857982

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1736847466	1736847466
ci_job_id	765034078	765034078
ci_pipeline_id	52906607	52906607
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 60 metrics, 3 unstable metrics.

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.46.0-SNAPSHOT~8dc5857982, baseline=1.46.0-SNAPSHOT~866fc61571

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.056 s) : 0, 1056294
Total [baseline] (8.683 s) : 0, 8682948
Agent [candidate] (1.068 s) : 0, 1068186
Total [candidate] (8.673 s) : 0, 8673413
section iast
Agent [baseline] (1.182 s) : 0, 1181959
Total [baseline] (9.218 s) : 0, 9218359
Agent [candidate] (1.184 s) : 0, 1184167
Total [candidate] (9.31 s) : 0, 9309908
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.189 s) : 0, 1188822
Total [baseline] (9.199 s) : 0, 9198648
Agent [candidate] (1.197 s) : 0, 1196982
Total [candidate] (9.212 s) : 0, 9211781
section iast_TELEMETRY_OFF
Agent [baseline] (1.188 s) : 0, 1187708
Total [baseline] (9.213 s) : 0, 9212796
Agent [candidate] (1.183 s) : 0, 1182687
Total [candidate] (9.247 s) : 0, 9247222

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.056 s	-
Agent	iast	1.182 s	125.665 ms (11.9%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.189 s	132.528 ms (12.5%)
Agent	iast_TELEMETRY_OFF	1.188 s	131.415 ms (12.4%)
Total	tracing	8.683 s	-
Total	iast	9.218 s	535.411 ms (6.2%)
Total	iast_HARDCODED_SECRET_DISABLED	9.199 s	515.7 ms (5.9%)
Total	iast_TELEMETRY_OFF	9.213 s	529.848 ms (6.1%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.068 s	-
Agent	iast	1.184 s	115.98 ms (10.9%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.197 s	128.796 ms (12.1%)
Agent	iast_TELEMETRY_OFF	1.183 s	114.501 ms (10.7%)
Total	tracing	8.673 s	-
Total	iast	9.31 s	636.495 ms (7.3%)
Total	iast_HARDCODED_SECRET_DISABLED	9.212 s	538.369 ms (6.2%)
Total	iast_TELEMETRY_OFF	9.247 s	573.809 ms (6.6%)

gantt
    title insecure-bank - break down per module: candidate=1.46.0-SNAPSHOT~8dc5857982, baseline=1.46.0-SNAPSHOT~866fc61571

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (714.744 ms) : 0, 714744
BytebuddyAgent [candidate] (723.755 ms) : 0, 723755
GlobalTracer [baseline] (256.405 ms) : 0, 256405
GlobalTracer [candidate] (259.346 ms) : 0, 259346
AppSec [baseline] (56.399 ms) : 0, 56399
AppSec [candidate] (56.57 ms) : 0, 56570
Remote Config [baseline] (733.599 µs) : 0, 734
Remote Config [candidate] (742.496 µs) : 0, 742
Telemetry [baseline] (12.989 ms) : 0, 12989
Telemetry [candidate] (12.61 ms) : 0, 12610
section iast
BytebuddyAgent [baseline] (831.308 ms) : 0, 831308
BytebuddyAgent [candidate] (832.552 ms) : 0, 832552
GlobalTracer [baseline] (246.627 ms) : 0, 246627
GlobalTracer [candidate] (247.153 ms) : 0, 247153
AppSec [baseline] (58.266 ms) : 0, 58266
AppSec [candidate] (58.328 ms) : 0, 58328
IAST [baseline] (21.335 ms) : 0, 21335
IAST [candidate] (21.464 ms) : 0, 21464
Remote Config [baseline] (674.377 µs) : 0, 674
Remote Config [candidate] (683.716 µs) : 0, 684
Telemetry [baseline] (8.759 ms) : 0, 8759
Telemetry [candidate] (8.89 ms) : 0, 8890
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (836.321 ms) : 0, 836321
BytebuddyAgent [candidate] (841.91 ms) : 0, 841910
GlobalTracer [baseline] (248.229 ms) : 0, 248229
GlobalTracer [candidate] (249.802 ms) : 0, 249802
AppSec [baseline] (58.256 ms) : 0, 58256
AppSec [candidate] (58.728 ms) : 0, 58728
IAST [baseline] (21.469 ms) : 0, 21469
IAST [candidate] (21.726 ms) : 0, 21726
Remote Config [baseline] (704.583 µs) : 0, 705
Remote Config [candidate] (695.562 µs) : 0, 696
Telemetry [baseline] (8.769 ms) : 0, 8769
Telemetry [candidate] (8.913 ms) : 0, 8913
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (835.328 ms) : 0, 835328
BytebuddyAgent [candidate] (831.825 ms) : 0, 831825
GlobalTracer [baseline] (248.662 ms) : 0, 248662
GlobalTracer [candidate] (247.872 ms) : 0, 247872
AppSec [baseline] (58.213 ms) : 0, 58213
AppSec [candidate] (57.868 ms) : 0, 57868
IAST [baseline] (21.024 ms) : 0, 21024
IAST [candidate] (20.686 ms) : 0, 20686
Remote Config [baseline] (665.615 µs) : 0, 666
Remote Config [candidate] (663.328 µs) : 0, 663
Telemetry [baseline] (8.769 ms) : 0, 8769
Telemetry [candidate] (8.663 ms) : 0, 8663

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.46.0-SNAPSHOT~8dc5857982, baseline=1.46.0-SNAPSHOT~866fc61571

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.058 s) : 0, 1057939
Total [baseline] (10.454 s) : 0, 10453669
Agent [candidate] (1.059 s) : 0, 1058665
Total [candidate] (10.535 s) : 0, 10534666
section appsec
Agent [baseline] (1.194 s) : 0, 1194282
Total [baseline] (10.744 s) : 0, 10743661
Agent [candidate] (1.198 s) : 0, 1198320
Total [candidate] (10.75 s) : 0, 10749594
section iast
Agent [baseline] (1.185 s) : 0, 1185471
Total [baseline] (11.025 s) : 0, 11024913
Agent [candidate] (1.188 s) : 0, 1187828
Total [candidate] (11.075 s) : 0, 11074856
section profiling
Agent [baseline] (1.276 s) : 0, 1276345
Total [baseline] (10.977 s) : 0, 10977020
Agent [candidate] (1.286 s) : 0, 1285673
Total [candidate] (10.979 s) : 0, 10979320

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.058 s	-
Agent	appsec	1.194 s	136.342 ms (12.9%)
Agent	iast	1.185 s	127.532 ms (12.1%)
Agent	profiling	1.276 s	218.406 ms (20.6%)
Total	tracing	10.454 s	-
Total	appsec	10.744 s	289.992 ms (2.8%)
Total	iast	11.025 s	571.244 ms (5.5%)
Total	profiling	10.977 s	523.351 ms (5.0%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.059 s	-
Agent	appsec	1.198 s	139.654 ms (13.2%)
Agent	iast	1.188 s	129.163 ms (12.2%)
Agent	profiling	1.286 s	227.008 ms (21.4%)
Total	tracing	10.535 s	-
Total	appsec	10.75 s	214.928 ms (2.0%)
Total	iast	11.075 s	540.191 ms (5.1%)
Total	profiling	10.979 s	444.654 ms (4.2%)

gantt
    title petclinic - break down per module: candidate=1.46.0-SNAPSHOT~8dc5857982, baseline=1.46.0-SNAPSHOT~866fc61571

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (714.809 ms) : 0, 714809
BytebuddyAgent [candidate] (714.776 ms) : 0, 714776
GlobalTracer [baseline] (256.925 ms) : 0, 256925
GlobalTracer [candidate] (257.02 ms) : 0, 257020
AppSec [baseline] (56.855 ms) : 0, 56855
AppSec [candidate] (56.068 ms) : 0, 56068
Remote Config [baseline] (721.751 µs) : 0, 722
Remote Config [candidate] (723.574 µs) : 0, 724
Telemetry [baseline] (13.649 ms) : 0, 13649
Telemetry [candidate] (15.036 ms) : 0, 15036
section appsec
BytebuddyAgent [baseline] (734.689 ms) : 0, 734689
BytebuddyAgent [candidate] (736.818 ms) : 0, 736818
GlobalTracer [baseline] (254.589 ms) : 0, 254589
GlobalTracer [candidate] (255.384 ms) : 0, 255384
AppSec [baseline] (171.318 ms) : 0, 171318
AppSec [candidate] (172.182 ms) : 0, 172182
IAST [baseline] (19.38 ms) : 0, 19380
IAST [candidate] (19.655 ms) : 0, 19655
Remote Config [baseline] (671.682 µs) : 0, 672
Remote Config [candidate] (677.882 µs) : 0, 678
Telemetry [baseline] (8.239 ms) : 0, 8239
Telemetry [candidate] (8.301 ms) : 0, 8301
section iast
BytebuddyAgent [baseline] (833.95 ms) : 0, 833950
BytebuddyAgent [candidate] (834.274 ms) : 0, 834274
GlobalTracer [baseline] (247.814 ms) : 0, 247814
GlobalTracer [candidate] (249.087 ms) : 0, 249087
AppSec [baseline] (58.046 ms) : 0, 58046
AppSec [candidate] (58.553 ms) : 0, 58553
IAST [baseline] (21.204 ms) : 0, 21204
IAST [candidate] (21.304 ms) : 0, 21304
Remote Config [baseline] (674.016 µs) : 0, 674
Remote Config [candidate] (677.534 µs) : 0, 678
Telemetry [baseline] (8.696 ms) : 0, 8696
Telemetry [candidate] (8.865 ms) : 0, 8865
section profiling
BytebuddyAgent [baseline] (706.263 ms) : 0, 706263
BytebuddyAgent [candidate] (709.468 ms) : 0, 709468
GlobalTracer [baseline] (368.052 ms) : 0, 368052
GlobalTracer [candidate] (371.834 ms) : 0, 371834
AppSec [baseline] (54.157 ms) : 0, 54157
AppSec [candidate] (54.601 ms) : 0, 54601
Remote Config [baseline] (700.448 µs) : 0, 700
Remote Config [candidate] (712.131 µs) : 0, 712
Telemetry [baseline] (8.874 ms) : 0, 8874
Telemetry [candidate] (8.932 ms) : 0, 8932
ProfilingAgent [baseline] (96.094 ms) : 0, 96094
ProfilingAgent [candidate] (97.773 ms) : 0, 97773
Profiling [baseline] (96.118 ms) : 0, 96118
Profiling [candidate] (97.797 ms) : 0, 97797

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2025-01-14T09:08:01	2025-01-14T09:15:02
git_branch	master	malvarez/waf-vertx-session
git_commit_date	1736835932	1736844948
git_commit_sha	`866fc61`	`8dc5857`
release_version	1.46.0-SNAPSHOT~866fc61571	1.46.0-SNAPSHOT~8dc5857982
start_time	2025-01-14T09:07:48	2025-01-14T09:14:48

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1736846455	1736846455
ci_job_id	765034079	765034079
ci_pipeline_id	52906607	52906607
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 13 metrics, 15 unstable metrics.

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.46.0-SNAPSHOT~8dc5857982, baseline=1.46.0-SNAPSHOT~866fc61571
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.361 ms) : 1342, 1380
.   : milestone, 1361,
appsec (1.756 ms) : 1732, 1781
.   : milestone, 1756,
appsec_no_iast (1.77 ms) : 1745, 1796
.   : milestone, 1770,
iast (1.509 ms) : 1486, 1532
.   : milestone, 1509,
profiling (1.551 ms) : 1527, 1576
.   : milestone, 1551,
tracing (1.489 ms) : 1464, 1514
.   : milestone, 1489,
section candidate
no_agent (1.365 ms) : 1345, 1385
.   : milestone, 1365,
appsec (1.759 ms) : 1736, 1783
.   : milestone, 1759,
appsec_no_iast (1.776 ms) : 1752, 1800
.   : milestone, 1776,
iast (1.487 ms) : 1464, 1510
.   : milestone, 1487,
profiling (1.495 ms) : 1471, 1518
.   : milestone, 1495,
tracing (1.495 ms) : 1470, 1520
.   : milestone, 1495,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.361 ms [1.342 ms, 1.38 ms]	-
appsec	1.756 ms [1.732 ms, 1.781 ms]	395.198 µs (29.0%)
appsec_no_iast	1.77 ms [1.745 ms, 1.796 ms]	409.524 µs (30.1%)
iast	1.509 ms [1.486 ms, 1.532 ms]	148.071 µs (10.9%)
profiling	1.551 ms [1.527 ms, 1.576 ms]	190.513 µs (14.0%)
tracing	1.489 ms [1.464 ms, 1.514 ms]	128.204 µs (9.4%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.365 ms [1.345 ms, 1.385 ms]	-
appsec	1.759 ms [1.736 ms, 1.783 ms]	394.733 µs (28.9%)
appsec_no_iast	1.776 ms [1.752 ms, 1.8 ms]	411.612 µs (30.2%)
iast	1.487 ms [1.464 ms, 1.51 ms]	122.481 µs (9.0%)
profiling	1.495 ms [1.471 ms, 1.518 ms]	130.064 µs (9.5%)
tracing	1.495 ms [1.47 ms, 1.52 ms]	130.217 µs (9.5%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.46.0-SNAPSHOT~8dc5857982, baseline=1.46.0-SNAPSHOT~866fc61571
    dateFormat X
    axisFormat %s
section baseline
no_agent (385.531 µs) : 365, 406
.   : milestone, 386,
iast (495.773 µs) : 474, 517
.   : milestone, 496,
iast_FULL (656.216 µs) : 635, 678
.   : milestone, 656,
iast_GLOBAL (527.055 µs) : 505, 549
.   : milestone, 527,
iast_HARDCODED_SECRET_DISABLED (500.62 µs) : 479, 522
.   : milestone, 501,
iast_INACTIVE (455.184 µs) : 434, 476
.   : milestone, 455,
iast_TELEMETRY_OFF (479.209 µs) : 458, 500
.   : milestone, 479,
tracing (457.936 µs) : 437, 479
.   : milestone, 458,
section candidate
no_agent (380.535 µs) : 361, 400
.   : milestone, 381,
iast (494.401 µs) : 473, 516
.   : milestone, 494,
iast_FULL (659.298 µs) : 637, 681
.   : milestone, 659,
iast_GLOBAL (517.214 µs) : 496, 539
.   : milestone, 517,
iast_HARDCODED_SECRET_DISABLED (496.559 µs) : 475, 518
.   : milestone, 497,
iast_INACTIVE (459.015 µs) : 438, 480
.   : milestone, 459,
iast_TELEMETRY_OFF (491.204 µs) : 469, 513
.   : milestone, 491,
tracing (452.825 µs) : 432, 473
.   : milestone, 453,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	385.531 µs [364.568 µs, 406.494 µs]	-
iast	495.773 µs [474.122 µs, 517.424 µs]	110.242 µs (28.6%)
iast_FULL	656.216 µs [634.567 µs, 677.865 µs]	270.685 µs (70.2%)
iast_GLOBAL	527.055 µs [504.733 µs, 549.378 µs]	141.524 µs (36.7%)
iast_HARDCODED_SECRET_DISABLED	500.62 µs [479.135 µs, 522.104 µs]	115.089 µs (29.9%)
iast_INACTIVE	455.184 µs [434.458 µs, 475.911 µs]	69.653 µs (18.1%)
iast_TELEMETRY_OFF	479.209 µs [457.999 µs, 500.419 µs]	93.678 µs (24.3%)
tracing	457.936 µs [436.747 µs, 479.125 µs]	72.405 µs (18.8%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	380.535 µs [360.858 µs, 400.212 µs]	-
iast	494.401 µs [472.988 µs, 515.815 µs]	113.866 µs (29.9%)
iast_FULL	659.298 µs [637.426 µs, 681.169 µs]	278.763 µs (73.3%)
iast_GLOBAL	517.214 µs [495.923 µs, 538.505 µs]	136.679 µs (35.9%)
iast_HARDCODED_SECRET_DISABLED	496.559 µs [474.858 µs, 518.26 µs]	116.024 µs (30.5%)
iast_INACTIVE	459.015 µs [437.998 µs, 480.033 µs]	78.48 µs (20.6%)
iast_TELEMETRY_OFF	491.204 µs [469.401 µs, 513.007 µs]	110.669 µs (29.1%)
tracing	452.825 µs [432.419 µs, 473.231 µs]	72.291 µs (19.0%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/waf-vertx-session
git_commit_date	1736835932	1736844948
git_commit_sha	`866fc61`	`8dc5857`
release_version	1.46.0-SNAPSHOT~866fc61571	1.46.0-SNAPSHOT~8dc5857982

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1736847080	1736847080
ci_job_id	765034080	765034080
ci_pipeline_id	52906607	52906607
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.46.0-SNAPSHOT~8dc5857982, baseline=1.46.0-SNAPSHOT~866fc61571
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.47 ms) : 1458, 1481
.   : milestone, 1470,
appsec (2.355 ms) : 2312, 2398
.   : milestone, 2355,
iast (2.099 ms) : 2045, 2153
.   : milestone, 2099,
iast_GLOBAL (2.141 ms) : 2087, 2196
.   : milestone, 2141,
profiling (1.972 ms) : 1927, 2017
.   : milestone, 1972,
tracing (1.945 ms) : 1903, 1987
.   : milestone, 1945,
section candidate
no_agent (1.474 ms) : 1462, 1485
.   : milestone, 1474,
appsec (2.354 ms) : 2311, 2398
.   : milestone, 2354,
iast (2.097 ms) : 2043, 2151
.   : milestone, 2097,
iast_GLOBAL (2.154 ms) : 2098, 2209
.   : milestone, 2154,
profiling (1.985 ms) : 1940, 2030
.   : milestone, 1985,
tracing (1.949 ms) : 1907, 1991
.   : milestone, 1949,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.47 ms [1.458 ms, 1.481 ms]	-
appsec	2.355 ms [2.312 ms, 2.398 ms]	885.491 µs (60.2%)
iast	2.099 ms [2.045 ms, 2.153 ms]	629.004 µs (42.8%)
iast_GLOBAL	2.141 ms [2.087 ms, 2.196 ms]	671.306 µs (45.7%)
profiling	1.972 ms [1.927 ms, 2.017 ms]	502.045 µs (34.2%)
tracing	1.945 ms [1.903 ms, 1.987 ms]	475.085 µs (32.3%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.474 ms [1.462 ms, 1.485 ms]	-
appsec	2.354 ms [2.311 ms, 2.398 ms]	880.655 µs (59.8%)
iast	2.097 ms [2.043 ms, 2.151 ms]	623.042 µs (42.3%)
iast_GLOBAL	2.154 ms [2.098 ms, 2.209 ms]	679.711 µs (46.1%)
profiling	1.985 ms [1.94 ms, 2.03 ms]	511.361 µs (34.7%)
tracing	1.949 ms [1.907 ms, 1.991 ms]	475.024 µs (32.2%)

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.46.0-SNAPSHOT~8dc5857982, baseline=1.46.0-SNAPSHOT~866fc61571
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.873 s) : 14873000, 14873000
.   : milestone, 14873000,
appsec (15.067 s) : 15067000, 15067000
.   : milestone, 15067000,
iast (18.748 s) : 18748000, 18748000
.   : milestone, 18748000,
iast_GLOBAL (17.71 s) : 17710000, 17710000
.   : milestone, 17710000,
profiling (14.985 s) : 14985000, 14985000
.   : milestone, 14985000,
tracing (14.873 s) : 14873000, 14873000
.   : milestone, 14873000,
section candidate
no_agent (14.867 s) : 14867000, 14867000
.   : milestone, 14867000,
appsec (15.138 s) : 15138000, 15138000
.   : milestone, 15138000,
iast (18.897 s) : 18897000, 18897000
.   : milestone, 18897000,
iast_GLOBAL (17.667 s) : 17667000, 17667000
.   : milestone, 17667000,
profiling (15.167 s) : 15167000, 15167000
.   : milestone, 15167000,
tracing (15.386 s) : 15386000, 15386000
.   : milestone, 15386000,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.873 s [14.873 s, 14.873 s]	-
appsec	15.067 s [15.067 s, 15.067 s]	194.0 ms (1.3%)
iast	18.748 s [18.748 s, 18.748 s]	3.875 s (26.1%)
iast_GLOBAL	17.71 s [17.71 s, 17.71 s]	2.837 s (19.1%)
profiling	14.985 s [14.985 s, 14.985 s]	112.0 ms (0.8%)
tracing	14.873 s [14.873 s, 14.873 s]	0.0 µs (0.0%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.867 s [14.867 s, 14.867 s]	-
appsec	15.138 s [15.138 s, 15.138 s]	271.0 ms (1.8%)
iast	18.897 s [18.897 s, 18.897 s]	4.03 s (27.1%)
iast_GLOBAL	17.667 s [17.667 s, 17.667 s]	2.8 s (18.8%)
profiling	15.167 s [15.167 s, 15.167 s]	300.0 ms (2.0%)
tracing	15.386 s [15.386 s, 15.386 s]	519.0 ms (3.5%)

github-actions · 2025-01-09T09:31:53Z

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

jandro996

LGTM! not for this PR but I wonder if all the logic done into the instrumentations could be reused as seems to be pretty similar for each library that needs this support

manuel-alvarez-alvarez · 2025-01-14T09:52:27Z

LGTM! not for this PR but I wonder if all the logic done into the instrumentations could be reused as seems to be pretty similar for each library that needs this support

We could try to reuse datadog.appsec.api.blocking.Blocking or something similar (as this is a public API for customers) to remove all the boilerplate required to call the gateway and do the blocking.

| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [com.google.cloud:google-cloud-datastore](https://github.com/googleapis/java-datastore) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.25.4` -> `2.26.0` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.45.2` -> `1.46.0` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.45.2` -> `1.46.0` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | --- ### Release Notes <details> <summary>googleapis/java-datastore (com.google.cloud:google-cloud-datastore)</summary> ### [`v2.26.0`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2260-2025-01-29) ##### Features - Add firestoreInDatastoreMode for datastore emulator ([#1698](googleapis/java-datastore#1698)) ([50f106d](googleapis/java-datastore@50f106d)) ##### Dependencies - Update dependency com.google.cloud:sdk-platform-java-config to v3.42.0 ([#1725](googleapis/java-datastore#1725)) ([1cbaf22](googleapis/java-datastore@1cbaf22)) </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.46.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.46.0): 1.46.0 ##### Breaking Changes > \[!WARNING] > jnr-unixsocket is now an external dependency of dd-trace-ot and must be included when deploying dd-trace-ot. > \[!NOTE] > The API `TracerScope.setAsync(boolean)`, used to manually control asynchronous span propagation, does no more apply to the scope instance but to the active span scope. ##### Components ##### Application Security Management (IAST) - 🐛 Fix String.replace instrumentation for IAST ([#8281](DataDog/dd-trace-java#8281) - [@Mariovido](https://github.com/Mariovido)) - ✨ Apply the standard nomenclature to the stacktrace configs ([#8244](DataDog/dd-trace-java#8244) - [@jandro996](https://github.com/jandro996)) - 🐛 Exclude false positive weak randomness ([#8232](DataDog/dd-trace-java#8232) - [@jandro996](https://github.com/jandro996)) - ✨ Propagation of translateEscapes of String class ([#8186](DataDog/dd-trace-java#8186) - [@sezen-datadog](https://github.com/sezen-datadog)) - ✨ Add security control metrics ([#8175](DataDog/dd-trace-java#8175) - [@jandro996](https://github.com/jandro996)) - ✨ Increase IAST propagation to StringBuffer setLength ([#8128](DataDog/dd-trace-java#8128) - [@Mariovido](https://github.com/Mariovido)) - ✨ Add IAST taint tracking for DB values ([#8072](DataDog/dd-trace-java#8072) - [@Mariovido](https://github.com/Mariovido)) ##### Application Security Management (WAF) - 🐛 Prevents a NPE when there is no subscriber for user events ([#8258](DataDog/dd-trace-java#8258) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Apply the standard nomenclature to the stacktrace configs ([#8244](DataDog/dd-trace-java#8244) - [@jandro996](https://github.com/jandro996)) - 🐛 Ensure cached subscriptions are cleared on reconfiguration via RC ([#8229](DataDog/dd-trace-java#8229) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Add support for session tracking in Vertx ([#8167](DataDog/dd-trace-java#8167) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Create span tag: \_dd.appsec.rasp.timeout ([#8269](DataDog/dd-trace-java#8269) - [@Mariovido](https://github.com/Mariovido)) ##### Build & Tooling - 🐛 Ensure shaded helpers have unique names when injected into class-loaders ([#8192](DataDog/dd-trace-java#8192) - [@mcculls](https://github.com/mcculls)) ##### Configuration at Runtime - 🐛 Remove filtering of `DD_SERVICE` and `DD_ENV` from the tracer ([#8176](DataDog/dd-trace-java#8176) - [@mhlidd](https://github.com/mhlidd)) ##### Continuous Integration Visibility - 🧹 Generalize TestRetryPolicy to TestExecutionPolicy ([#8302](DataDog/dd-trace-java#8302) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Parallelize CI Visibility settings requests ([#8299](DataDog/dd-trace-java#8299) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Generalize test retry logic ([#8289](DataDog/dd-trace-java#8289) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Generalize tests skipping logic ([#8288](DataDog/dd-trace-java#8288) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Remove skip and shouldBeSkipped methods from TestEventsHandler in favor of isSkippable ([#8286](DataDog/dd-trace-java#8286) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨⚡ Optimize Git repository information computation ([#8270](DataDog/dd-trace-java#8270) - [@dougqh](https://github.com/dougqh)) - ✨ Always request known tests from the backend ([#8268](DataDog/dd-trace-java#8268) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Fix NPE when trying to get retry analyzer in Test NG ([#8253](DataDog/dd-trace-java#8253) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Set test framework and test framework version tags atomically ([#8252](DataDog/dd-trace-java#8252) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add debug logging to Android Gradle module layout logic ([#8251](DataDog/dd-trace-java#8251) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Fix source and destination folders computation for Android Gradle projects ([#8190](DataDog/dd-trace-java#8190) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add basic Scala Weaver sbt support ([#8189](DataDog/dd-trace-java#8189) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Implement impacted tests detection ([#8188](DataDog/dd-trace-java#8188) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) ##### Data Streams Monitoring - ✨ Change hash computation for protobuf to better represent impacting changes + save proto number in schema ([#8201](DataDog/dd-trace-java#8201) - [@vandonr](https://github.com/vandonr)) ##### Database Monitoring - Add peer service tag in dbm sql commenter ([#7913](DataDog/dd-trace-java#7913) - [@jordan-wong](https://github.com/jordan-wong)) ##### Dynamic Instrumentation - ✨ Add support for SymDB to scan directories ([#8306](DataDog/dd-trace-java#8306) - [@jpbempel](https://github.com/jpbempel)) - ✨ Add SymDB report for any jar scanning failures ([#8300](DataDog/dd-trace-java#8300) - [@jpbempel](https://github.com/jpbempel)) - ✨ Use two budgets depending on type ([#8283](DataDog/dd-trace-java#8283) - [@evanchooly](https://github.com/evanchooly)) - ✨ Institute a 10 snapshot per probe per trace budget ([#8277](DataDog/dd-trace-java#8277) - [@evanchooly](https://github.com/evanchooly)) - 🐛 Avoid double snapshots for Exception Replay ([#8273](DataDog/dd-trace-java#8273) - [@jpbempel](https://github.com/jpbempel)) - ✨ Simplify code origins. Separate out snapshot generation. ([#8263](DataDog/dd-trace-java#8263) - [@evanchooly](https://github.com/evanchooly)) - ✨ Add Exception probe custom instrumentation ([#8230](DataDog/dd-trace-java#8230) - [@jpbempel](https://github.com/jpbempel)) - ✨ Enhance log probes to honor debug session tags ([#8215](DataDog/dd-trace-java#8215) - [@evanchooly](https://github.com/evanchooly)) - 🐛 Don't redact env tokens from debugger probe snapshots ([#8211](DataDog/dd-trace-java#8211) - [@watson](https://github.com/watson)) - ✨⚡ Move Trace/SpanId capture at commit time ([#8184](DataDog/dd-trace-java#8184) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Capture values at entry for method probe ([#8169](DataDog/dd-trace-java#8169) - [@jpbempel](https://github.com/jpbempel)) ##### JMX fetch - 🐛 Mute JMXFetch Shutdown in progress error ([#8068](DataDog/dd-trace-java#8068) - [@ygree](https://github.com/ygree)) ##### OpenTracing - ⚠️🧹 Make jnr-unixsocket an explicit dependency of dd-trace-ot ([#8307](DataDog/dd-trace-java#8307) - [@mcculls](https://github.com/mcculls)) ##### Profiling - 🐛 Avoid unsupported API call for creating folders on windows ([#8304](DataDog/dd-trace-java#8304) - [@jbachorik](https://github.com/jbachorik)) - ✨ Tag profiles for serverless ([#8279](DataDog/dd-trace-java#8279) - [@jbachorik](https://github.com/jbachorik)) - ✨ add queue type and length to queue events ([#8242](DataDog/dd-trace-java#8242) - [@richardstartin](https://github.com/richardstartin)) - 🐛 TempLocationManager Fixes and Improvements ([#8191](DataDog/dd-trace-java#8191) - [@jbachorik](https://github.com/jbachorik)) - ✨ Bump ddprof to 1.18.0 ([#8173](DataDog/dd-trace-java#8173) - [@jbachorik](https://github.com/jbachorik)) - ✨ Report profiler initialization and configuration errors to telemetry ([#8171](DataDog/dd-trace-java#8171) - [@jbachorik](https://github.com/jbachorik)) ##### Telemetry - ✨ Add pending traces report in tracer flares ([#8053](DataDog/dd-trace-java#8053) - [@mhlidd](https://github.com/mhlidd)) ##### Testing - ✨ Test http server requests in parallel ([#8222](DataDog/dd-trace-java#8222) - [@amarziali](https://github.com/amarziali)) ##### Trace context propagation - ✨ Add non default propagator registration ([#8310](DataDog/dd-trace-java#8310) - [@PerfectSlayer](https://github.com/PerfectSlayer)) ##### Tracer core - ✨ Probe for existence of IBMSASL or ACCP security providers ([#8276](DataDog/dd-trace-java#8276) - [@mcculls](https://github.com/mcculls)) - ✨⚡ Overhead improvement to agent feedback based sampling ([#8265](DataDog/dd-trace-java#8265) - [@dougqh](https://github.com/dougqh)) - 🧹 Move async propagation API from scope to tracer ([#8231](DataDog/dd-trace-java#8231) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨ Introduce context propagation API ([#8161](DataDog/dd-trace-java#8161) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨🧪 Use env-entry to add tags per webapp deployment ([#8138](DataDog/dd-trace-java#8138) - [@amarziali](https://github.com/amarziali)) - ✨ Introduce context helpers API ([#8134](DataDog/dd-trace-java#8134) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨ Support IPv6 values for `DD_AGENT_HOST` and `DD_TRACE_AGENT_URL` ([#7984](DataDog/dd-trace-java#7984) - [@mhlidd](https://github.com/mhlidd)) ##### Instrumentations ##### Apache HttpComponents - 🐛 Properly finish spans and support latest apache httpclient5 ([#8272](DataDog/dd-trace-java#8272) - [@amarziali](https://github.com/amarziali)) ##### AWS Lambda instrumentation - 🐛 Properly capture lambda payloads for all handler types. ([#8264](DataDog/dd-trace-java#8264) - [@purple4reina](https://github.com/purple4reina)) ##### AWS S3 instrumentation - 💡 Create S3 instrumentation + add span pointers ([#8075](DataDog/dd-trace-java#8075) - [@nhulston](https://github.com/nhulston)) ##### AWS SDK instrumentation - 🐛 Revert "Add avoid double instrumenting lambda non-streaming handlers." ([#8247](DataDog/dd-trace-java#8247) - [@nhulston](https://github.com/nhulston)) ##### Cassandra - ✨ Allow extracting keyspace from statement result ([#8239](DataDog/dd-trace-java#8239) - [@amarziali](https://github.com/amarziali)) ##### Core Java language instrumentation - ✨ Propagation of translateEscapes of String class ([#8186](DataDog/dd-trace-java#8186) - [@sezen-datadog](https://github.com/sezen-datadog)) ##### Eclipse Vert.x instrumentation - 🐛 Fix vertx worker propagation and error handling ([#8237](DataDog/dd-trace-java#8237) - [@amarziali](https://github.com/amarziali)) - ✨ Support vertx 5 ([#8220](DataDog/dd-trace-java#8220) - [@amarziali](https://github.com/amarziali)) - ✨ Add support for session tracking in Vertx ([#8167](DataDog/dd-trace-java#8167) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) ##### Kafka instrumentation - 🐛 Prevent possible NPE calculating Kafka record header size ([#8292](DataDog/dd-trace-java#8292) - [@ygree](https://github.com/ygree)) ##### Mule instrumentation - 🐛 Fix crash using Mule with JPMS ([#8187](DataDog/dd-trace-java#8187) - [@amarziali](https://github.com/amarziali)) ##### Protocol Buffer instrumentation - ✨ Change hash computation for protobuf to better represent impacting changes + save proto number in schema ([#8201](DataDog/dd-trace-java#8201) - [@vandonr](https://github.com/vandonr)) ##### Spring instrumentation - 🐛 Preserve getQualifier from spring scheduling runnables ([#8293](DataDog/dd-trace-java#8293) - [@amarziali](https://github.com/amarziali)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: bb09d47e4eed77a003f630273b4d0a84003eb899

manuel-alvarez-alvarez added comp: asm waf Application Security Management (WAF) inst: vertx Eclipse Vert.x instrumentation labels Jan 8, 2025

manuel-alvarez-alvarez force-pushed the malvarez/waf-vertx-session branch from da10dd8 to 5eb9fbd Compare January 8, 2025 12:47

manuel-alvarez-alvarez marked this pull request as ready for review January 9, 2025 09:31

manuel-alvarez-alvarez requested a review from a team as a code owner January 9, 2025 09:31

manuel-alvarez-alvarez added inst: vertx Eclipse Vert.x instrumentation type: enhancement and removed inst: vertx Eclipse Vert.x instrumentation labels Jan 9, 2025

Add support for session tracking in Vertx

8dc5857

manuel-alvarez-alvarez force-pushed the malvarez/waf-vertx-session branch from 5eb9fbd to 8dc5857 Compare January 14, 2025 08:56

manuel-alvarez-alvarez requested review from jandro996 and smola January 14, 2025 08:56

smola approved these changes Jan 14, 2025

View reviewed changes

jandro996 approved these changes Jan 14, 2025

View reviewed changes

manuel-alvarez-alvarez merged commit f3fd311 into master Jan 14, 2025
173 of 174 checks passed

manuel-alvarez-alvarez deleted the malvarez/waf-vertx-session branch January 14, 2025 09:52

github-actions bot added this to the 1.46.0 milestone Jan 14, 2025

manuel-alvarez-alvarez mentioned this pull request Jan 15, 2025

Add session tracking support to vert.x 3/4 #7953

Closed

5 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support for session tracking in Vertx #8167

Add support for session tracking in Vertx #8167

manuel-alvarez-alvarez commented Jan 8, 2025 •

edited by jira bot

Loading

pr-commenter bot commented Jan 8, 2025 •

edited

Loading

github-actions bot commented Jan 9, 2025 •

edited

Loading

jandro996 left a comment

manuel-alvarez-alvarez commented Jan 14, 2025

Add support for session tracking in Vertx #8167

Add support for session tracking in Vertx #8167

Conversation

manuel-alvarez-alvarez commented Jan 8, 2025 • edited by jira bot Loading

What Does This Do

Motivation

Additional Notes

Contributor Checklist

pr-commenter bot commented Jan 8, 2025 • edited Loading

Benchmarks

Startup

Parameters

Summary

Load

Parameters

Summary

Dacapo

Parameters

Summary

github-actions bot commented Jan 9, 2025 • edited Loading

jandro996 left a comment

Choose a reason for hiding this comment

manuel-alvarez-alvarez commented Jan 14, 2025

manuel-alvarez-alvarez commented Jan 8, 2025 •

edited by jira bot

Loading

pr-commenter bot commented Jan 8, 2025 •

edited

Loading

github-actions bot commented Jan 9, 2025 •

edited

Loading