-
Notifications
You must be signed in to change notification settings - Fork 311
Fix IAST Vulnerabilities stack trace generation when multiple vulnerabilities share location #8412
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
jandro996
merged 1 commit into
master
from
alejandro.gonzalez/fix-stackid-sharing-location
Feb 18, 2025
Merged
Fix IAST Vulnerabilities stack trace generation when multiple vulnerabilities share location #8412
jandro996
merged 1 commit into
master
from
alejandro.gonzalez/fix-stackid-sharing-location
Feb 18, 2025
+77
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ulnerabilities share location
smola
approved these changes
Feb 18, 2025
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 58 metrics, 5 unstable metrics. Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.47.0-SNAPSHOT~449af83b85, baseline=1.47.0-SNAPSHOT~e0242cfadc
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.038 s) : 0, 1037835
Total [baseline] (10.563 s) : 0, 10563470
Agent [candidate] (1.046 s) : 0, 1045537
Total [candidate] (10.46 s) : 0, 10459734
section appsec
Agent [baseline] (1.189 s) : 0, 1188974
Total [baseline] (10.842 s) : 0, 10842147
Agent [candidate] (1.188 s) : 0, 1188180
Total [candidate] (10.812 s) : 0, 10811898
section iast
Agent [baseline] (1.18 s) : 0, 1179716
Total [baseline] (11.002 s) : 0, 11002192
Agent [candidate] (1.182 s) : 0, 1181773
Total [candidate] (11.006 s) : 0, 11005745
section profiling
Agent [baseline] (1.26 s) : 0, 1260248
Total [baseline] (10.876 s) : 0, 10876137
Agent [candidate] (1.261 s) : 0, 1260878
Total [candidate] (11.012 s) : 0, 11011826
gantt
title petclinic - break down per module: candidate=1.47.0-SNAPSHOT~449af83b85, baseline=1.47.0-SNAPSHOT~e0242cfadc
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (716.158 ms) : 0, 716158
BytebuddyAgent [candidate] (721.805 ms) : 0, 721805
GlobalTracer [baseline] (239.291 ms) : 0, 239291
GlobalTracer [candidate] (239.887 ms) : 0, 239887
AppSec [baseline] (55.068 ms) : 0, 55068
AppSec [candidate] (55.562 ms) : 0, 55562
Remote Config [baseline] (700.522 µs) : 0, 701
Remote Config [candidate] (700.06 µs) : 0, 700
Telemetry [baseline] (11.368 ms) : 0, 11368
Telemetry [candidate] (12.273 ms) : 0, 12273
section appsec
BytebuddyAgent [baseline] (738.936 ms) : 0, 738936
BytebuddyAgent [candidate] (738.611 ms) : 0, 738611
GlobalTracer [baseline] (237.887 ms) : 0, 237887
GlobalTracer [candidate] (237.885 ms) : 0, 237885
AppSec [baseline] (177.007 ms) : 0, 177007
AppSec [candidate] (176.655 ms) : 0, 176655
Remote Config [baseline] (686.783 µs) : 0, 687
Remote Config [candidate] (676.634 µs) : 0, 677
Telemetry [baseline] (8.303 ms) : 0, 8303
Telemetry [candidate] (8.306 ms) : 0, 8306
IAST [baseline] (21.723 ms) : 0, 21723
IAST [candidate] (21.681 ms) : 0, 21681
section iast
BytebuddyAgent [baseline] (841.564 ms) : 0, 841564
BytebuddyAgent [candidate] (843.319 ms) : 0, 843319
GlobalTracer [baseline] (231.733 ms) : 0, 231733
GlobalTracer [candidate] (232.229 ms) : 0, 232229
AppSec [baseline] (58.35 ms) : 0, 58350
AppSec [candidate] (58.066 ms) : 0, 58066
Remote Config [baseline] (622.69 µs) : 0, 623
Remote Config [candidate] (617.475 µs) : 0, 617
Telemetry [baseline] (8.883 ms) : 0, 8883
Telemetry [candidate] (8.871 ms) : 0, 8871
IAST [baseline] (23.209 ms) : 0, 23209
IAST [candidate] (23.09 ms) : 0, 23090
section profiling
ProfilingAgent [baseline] (96.199 ms) : 0, 96199
ProfilingAgent [candidate] (96.851 ms) : 0, 96851
BytebuddyAgent [baseline] (706.929 ms) : 0, 706929
BytebuddyAgent [candidate] (707.396 ms) : 0, 707396
GlobalTracer [baseline] (350.135 ms) : 0, 350135
GlobalTracer [candidate] (350.301 ms) : 0, 350301
AppSec [baseline] (55.116 ms) : 0, 55116
AppSec [candidate] (54.536 ms) : 0, 54536
Remote Config [baseline] (687.325 µs) : 0, 687
Remote Config [candidate] (694.076 µs) : 0, 694
Telemetry [baseline] (8.813 ms) : 0, 8813
Telemetry [candidate] (8.902 ms) : 0, 8902
Profiling [baseline] (96.223 ms) : 0, 96223
Profiling [candidate] (96.876 ms) : 0, 96876
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.47.0-SNAPSHOT~449af83b85, baseline=1.47.0-SNAPSHOT~e0242cfadc
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.048 s) : 0, 1048315
Total [baseline] (8.685 s) : 0, 8684643
Agent [candidate] (1.047 s) : 0, 1047067
Total [candidate] (8.692 s) : 0, 8692433
section iast
Agent [baseline] (1.171 s) : 0, 1170567
Total [baseline] (9.265 s) : 0, 9264976
Agent [candidate] (1.179 s) : 0, 1179277
Total [candidate] (9.297 s) : 0, 9296764
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.17 s) : 0, 1169739
Total [baseline] (9.237 s) : 0, 9237382
Agent [candidate] (1.175 s) : 0, 1174895
Total [candidate] (9.232 s) : 0, 9232101
section iast_TELEMETRY_OFF
Agent [baseline] (1.167 s) : 0, 1167127
Total [baseline] (9.288 s) : 0, 9287618
Agent [candidate] (1.168 s) : 0, 1168393
Total [candidate] (9.245 s) : 0, 9244715
gantt
title insecure-bank - break down per module: candidate=1.47.0-SNAPSHOT~449af83b85, baseline=1.47.0-SNAPSHOT~e0242cfadc
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (722.15 ms) : 0, 722150
BytebuddyAgent [candidate] (722.553 ms) : 0, 722553
GlobalTracer [baseline] (241.827 ms) : 0, 241827
GlobalTracer [candidate] (241.193 ms) : 0, 241193
AppSec [baseline] (56.049 ms) : 0, 56049
AppSec [candidate] (55.759 ms) : 0, 55759
Remote Config [baseline] (713.077 µs) : 0, 713
Remote Config [candidate] (706.88 µs) : 0, 707
Telemetry [baseline] (12.285 ms) : 0, 12285
Telemetry [candidate] (11.654 ms) : 0, 11654
section iast
BytebuddyAgent [baseline] (835.883 ms) : 0, 835883
BytebuddyAgent [candidate] (843.257 ms) : 0, 843257
GlobalTracer [baseline] (230.517 ms) : 0, 230517
GlobalTracer [candidate] (231.372 ms) : 0, 231372
AppSec [baseline] (56.916 ms) : 0, 56916
AppSec [candidate] (56.962 ms) : 0, 56962
Remote Config [baseline] (607.674 µs) : 0, 608
Remote Config [candidate] (625.249 µs) : 0, 625
Telemetry [baseline] (8.655 ms) : 0, 8655
Telemetry [candidate] (8.694 ms) : 0, 8694
IAST [baseline] (22.805 ms) : 0, 22805
IAST [candidate] (22.905 ms) : 0, 22905
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (834.77 ms) : 0, 834770
BytebuddyAgent [candidate] (839.556 ms) : 0, 839556
GlobalTracer [baseline] (230.388 ms) : 0, 230388
GlobalTracer [candidate] (230.986 ms) : 0, 230986
AppSec [baseline] (57.284 ms) : 0, 57284
AppSec [candidate] (56.963 ms) : 0, 56963
Remote Config [baseline] (619.472 µs) : 0, 619
Remote Config [candidate] (595.503 µs) : 0, 596
Telemetry [baseline] (8.684 ms) : 0, 8684
Telemetry [candidate] (8.716 ms) : 0, 8716
IAST [baseline] (22.745 ms) : 0, 22745
IAST [candidate] (22.887 ms) : 0, 22887
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (833.209 ms) : 0, 833209
BytebuddyAgent [candidate] (833.813 ms) : 0, 833813
GlobalTracer [baseline] (230.326 ms) : 0, 230326
GlobalTracer [candidate] (230.568 ms) : 0, 230568
AppSec [baseline] (53.931 ms) : 0, 53931
AppSec [candidate] (57.087 ms) : 0, 57087
Remote Config [baseline] (620.325 µs) : 0, 620
Remote Config [candidate] (624.66 µs) : 0, 625
Telemetry [baseline] (8.573 ms) : 0, 8573
Telemetry [candidate] (8.658 ms) : 0, 8658
IAST [baseline] (25.229 ms) : 0, 25229
IAST [candidate] (22.429 ms) : 0, 22429
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 13 metrics, 15 unstable metrics. Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.47.0-SNAPSHOT~449af83b85, baseline=1.47.0-SNAPSHOT~e0242cfadc
dateFormat X
axisFormat %s
section baseline
no_agent (1.35 ms) : 1331, 1370
. : milestone, 1350,
appsec (1.757 ms) : 1734, 1781
. : milestone, 1757,
appsec_no_iast (1.774 ms) : 1749, 1799
. : milestone, 1774,
iast (1.524 ms) : 1500, 1549
. : milestone, 1524,
profiling (1.53 ms) : 1506, 1553
. : milestone, 1530,
tracing (1.498 ms) : 1474, 1523
. : milestone, 1498,
section candidate
no_agent (1.353 ms) : 1334, 1373
. : milestone, 1353,
appsec (1.756 ms) : 1732, 1780
. : milestone, 1756,
appsec_no_iast (1.775 ms) : 1752, 1798
. : milestone, 1775,
iast (1.527 ms) : 1503, 1552
. : milestone, 1527,
profiling (1.512 ms) : 1489, 1536
. : milestone, 1512,
tracing (1.523 ms) : 1498, 1547
. : milestone, 1523,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.47.0-SNAPSHOT~449af83b85, baseline=1.47.0-SNAPSHOT~e0242cfadc
dateFormat X
axisFormat %s
section baseline
no_agent (381.18 µs) : 361, 401
. : milestone, 381,
iast (515.847 µs) : 494, 538
. : milestone, 516,
iast_FULL (751.611 µs) : 730, 774
. : milestone, 752,
iast_GLOBAL (558.357 µs) : 537, 580
. : milestone, 558,
iast_HARDCODED_SECRET_DISABLED (520.285 µs) : 497, 543
. : milestone, 520,
iast_INACTIVE (465.916 µs) : 445, 487
. : milestone, 466,
iast_TELEMETRY_OFF (505.998 µs) : 483, 529
. : milestone, 506,
tracing (461.294 µs) : 440, 482
. : milestone, 461,
section candidate
no_agent (387.4 µs) : 367, 408
. : milestone, 387,
iast (509.912 µs) : 487, 533
. : milestone, 510,
iast_FULL (730.387 µs) : 708, 752
. : milestone, 730,
iast_GLOBAL (568.328 µs) : 545, 591
. : milestone, 568,
iast_HARDCODED_SECRET_DISABLED (517.447 µs) : 494, 540
. : milestone, 517,
iast_INACTIVE (471.51 µs) : 450, 493
. : milestone, 472,
iast_TELEMETRY_OFF (502.212 µs) : 479, 525
. : milestone, 502,
tracing (466.664 µs) : 445, 488
. : milestone, 467,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.47.0-SNAPSHOT~449af83b85, baseline=1.47.0-SNAPSHOT~e0242cfadc
dateFormat X
axisFormat %s
section baseline
no_agent (14.92 s) : 14920000, 14920000
. : milestone, 14920000,
appsec (14.721 s) : 14721000, 14721000
. : milestone, 14721000,
iast (19.216 s) : 19216000, 19216000
. : milestone, 19216000,
iast_GLOBAL (17.923 s) : 17923000, 17923000
. : milestone, 17923000,
profiling (14.987 s) : 14987000, 14987000
. : milestone, 14987000,
tracing (15.025 s) : 15025000, 15025000
. : milestone, 15025000,
section candidate
no_agent (14.914 s) : 14914000, 14914000
. : milestone, 14914000,
appsec (14.786 s) : 14786000, 14786000
. : milestone, 14786000,
iast (18.948 s) : 18948000, 18948000
. : milestone, 18948000,
iast_GLOBAL (17.848 s) : 17848000, 17848000
. : milestone, 17848000,
profiling (14.942 s) : 14942000, 14942000
. : milestone, 14942000,
tracing (15.19 s) : 15190000, 15190000
. : milestone, 15190000,
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.47.0-SNAPSHOT~449af83b85, baseline=1.47.0-SNAPSHOT~e0242cfadc
dateFormat X
axisFormat %s
section baseline
no_agent (1.472 ms) : 1460, 1483
. : milestone, 1472,
appsec (2.36 ms) : 2317, 2404
. : milestone, 2360,
iast (2.105 ms) : 2050, 2160
. : milestone, 2105,
iast_GLOBAL (2.141 ms) : 2085, 2196
. : milestone, 2141,
profiling (1.96 ms) : 1916, 2003
. : milestone, 1960,
tracing (1.932 ms) : 1890, 1974
. : milestone, 1932,
section candidate
no_agent (1.466 ms) : 1455, 1478
. : milestone, 1466,
appsec (2.342 ms) : 2299, 2386
. : milestone, 2342,
iast (2.108 ms) : 2053, 2163
. : milestone, 2108,
iast_GLOBAL (2.157 ms) : 2101, 2212
. : milestone, 2157,
profiling (1.985 ms) : 1940, 2031
. : milestone, 1985,
tracing (1.949 ms) : 1907, 1992
. : milestone, 1949,
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
comp: asm iast
Application Security Management (IAST)
tag: no release notes
Changes to exclude from release notes
type: bug
Bug report and fix
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Motivation
If multiple vulnerabilities share the same location, it is not necessary to generate the stack trace again, as they should share it
Additional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: APPSEC-56803