Prevents a NPE when there is no subscriber for user events #8258

manuel-alvarez-alvarez · 2025-01-21T09:07:05Z

What Does This Do

Prevents a NPE reported by a customer when a user login action is triggered and no callbacks have been subscribed for the user event.

Motivation

Additional Notes

Contributor Checklist

Format the title according the contribution guidelines
Assign the type: and (comp: or inst:) labels in addition to any usefull labels
Don't use close, fix or any linking keywords when referencing an issue.
Use solves instead, and assign the PR milestone to the issue
Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-56463

pr-commenter · 2025-01-21T09:47:43Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/asm-fix-npe-spring-security
git_commit_date	1737449112	1737450204
git_commit_sha	`b63b852`	`4f83a4c`
release_version	1.46.0-SNAPSHOT~b63b852c6d	1.46.0-SNAPSHOT~4f83a4ccf4

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1737452606	1737452606
ci_job_id	773499702	773499702
ci_pipeline_id	53524426	53524426
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 58 metrics, 5 unstable metrics.

Startup time reports for insecure-bank

gantt title insecure-bank - global startup overhead: candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d dateFormat X axisFormat %s section tracing Agent [baseline] (1.053 s) : 0, 1053075 Total [baseline] (8.613 s) : 0, 8612841 Agent [candidate] (1.056 s) : 0, 1056313 Total [candidate] (8.607 s) : 0, 8607366 section iast Agent [baseline] (1.181 s) : 0, 1181420 Total [baseline] (9.209 s) : 0, 9208707 Agent [candidate] (1.184 s) : 0, 1184064 Total [candidate] (9.229 s) : 0, 9228760 section iast_HARDCODED_SECRET_DISABLED Agent [baseline] (1.192 s) : 0, 1191650 Total [baseline] (9.233 s) : 0, 9233366 Agent [candidate] (1.19 s) : 0, 1189922 Total [candidate] (9.186 s) : 0, 9185885 section iast_TELEMETRY_OFF Agent [baseline] (1.18 s) : 0, 1179644 Total [baseline] (9.247 s) : 0, 9247427 Agent [candidate] (1.181 s) : 0, 1180606 Total [candidate] (9.208 s) : 0, 9208475

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.053 s	-
Agent	iast	1.181 s	128.344 ms (12.2%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.192 s	138.575 ms (13.2%)
Agent	iast_TELEMETRY_OFF	1.18 s	126.568 ms (12.0%)
Total	tracing	8.613 s	-
Total	iast	9.209 s	595.866 ms (6.9%)
Total	iast_HARDCODED_SECRET_DISABLED	9.233 s	620.524 ms (7.2%)
Total	iast_TELEMETRY_OFF	9.247 s	634.586 ms (7.4%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.056 s	-
Agent	iast	1.184 s	127.751 ms (12.1%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.19 s	133.609 ms (12.6%)
Agent	iast_TELEMETRY_OFF	1.181 s	124.293 ms (11.8%)
Total	tracing	8.607 s	-
Total	iast	9.229 s	621.394 ms (7.2%)
Total	iast_HARDCODED_SECRET_DISABLED	9.186 s	578.519 ms (6.7%)
Total	iast_TELEMETRY_OFF	9.208 s	601.109 ms (7.0%)

gantt title insecure-bank - break down per module: candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d dateFormat X axisFormat %s section tracing BytebuddyAgent [baseline] (713.091 ms) : 0, 713091 BytebuddyAgent [candidate] (714.034 ms) : 0, 714034 GlobalTracer [baseline] (255.203 ms) : 0, 255203 GlobalTracer [candidate] (255.373 ms) : 0, 255373 AppSec [baseline] (56.239 ms) : 0, 56239 AppSec [candidate] (57.716 ms) : 0, 57716 Remote Config [baseline] (737.401 µs) : 0, 737 Remote Config [candidate] (742.755 µs) : 0, 743 Telemetry [baseline] (12.899 ms) : 0, 12899 Telemetry [candidate] (13.521 ms) : 0, 13521 section iast BytebuddyAgent [baseline] (831.53 ms) : 0, 831530 BytebuddyAgent [candidate] (833.303 ms) : 0, 833303 GlobalTracer [baseline] (246.154 ms) : 0, 246154 GlobalTracer [candidate] (246.542 ms) : 0, 246542 AppSec [baseline] (57.971 ms) : 0, 57971 AppSec [candidate] (58.124 ms) : 0, 58124 IAST [baseline] (21.326 ms) : 0, 21326 IAST [candidate] (21.581 ms) : 0, 21581 Remote Config [baseline] (674.897 µs) : 0, 675 Remote Config [candidate] (687.274 µs) : 0, 687 Telemetry [baseline] (8.771 ms) : 0, 8771 Telemetry [candidate] (8.83 ms) : 0, 8830 section iast_HARDCODED_SECRET_DISABLED BytebuddyAgent [baseline] (838.229 ms) : 0, 838229 BytebuddyAgent [candidate] (837.39 ms) : 0, 837390 GlobalTracer [baseline] (248.243 ms) : 0, 248243 GlobalTracer [candidate] (247.97 ms) : 0, 247970 AppSec [baseline] (58.602 ms) : 0, 58602 AppSec [candidate] (58.248 ms) : 0, 58248 IAST [baseline] (21.86 ms) : 0, 21860 IAST [candidate] (21.68 ms) : 0, 21680 Remote Config [baseline] (743.739 µs) : 0, 744 Remote Config [candidate] (689.405 µs) : 0, 689 Telemetry [baseline] (8.903 ms) : 0, 8903 Telemetry [candidate] (8.794 ms) : 0, 8794 section iast_TELEMETRY_OFF BytebuddyAgent [baseline] (829.35 ms) : 0, 829350 BytebuddyAgent [candidate] (830.299 ms) : 0, 830299 GlobalTracer [baseline] (246.51 ms) : 0, 246510 GlobalTracer [candidate] (246.835 ms) : 0, 246835 AppSec [baseline] (58.249 ms) : 0, 58249 AppSec [candidate] (57.946 ms) : 0, 57946 IAST [baseline] (21.09 ms) : 0, 21090 IAST [candidate] (21.095 ms) : 0, 21095 Remote Config [baseline] (682.813 µs) : 0, 683 Remote Config [candidate] (700.202 µs) : 0, 700 Telemetry [baseline] (8.747 ms) : 0, 8747 Telemetry [candidate] (8.651 ms) : 0, 8651

Startup time reports for petclinic

gantt title petclinic - global startup overhead: candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d dateFormat X axisFormat %s section tracing Agent [baseline] (1.055 s) : 0, 1055272 Total [baseline] (10.525 s) : 0, 10524799 Agent [candidate] (1.052 s) : 0, 1052039 Total [candidate] (10.424 s) : 0, 10424154 section appsec Agent [baseline] (1.187 s) : 0, 1187117 Total [baseline] (10.745 s) : 0, 10744711 Agent [candidate] (1.188 s) : 0, 1187767 Total [candidate] (10.74 s) : 0, 10740023 section iast Agent [baseline] (1.183 s) : 0, 1183218 Total [baseline] (11.026 s) : 0, 11025897 Agent [candidate] (1.19 s) : 0, 1190116 Total [candidate] (10.98 s) : 0, 10979901 section profiling Agent [baseline] (1.254 s) : 0, 1253912 Total [baseline] (10.819 s) : 0, 10819339 Agent [candidate] (1.264 s) : 0, 1264157 Total [candidate] (10.866 s) : 0, 10866226

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.055 s	-
Agent	appsec	1.187 s	131.844 ms (12.5%)
Agent	iast	1.183 s	127.946 ms (12.1%)
Agent	profiling	1.254 s	198.639 ms (18.8%)
Total	tracing	10.525 s	-
Total	appsec	10.745 s	219.912 ms (2.1%)
Total	iast	11.026 s	501.098 ms (4.8%)
Total	profiling	10.819 s	294.54 ms (2.8%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.052 s	-
Agent	appsec	1.188 s	135.728 ms (12.9%)
Agent	iast	1.19 s	138.078 ms (13.1%)
Agent	profiling	1.264 s	212.119 ms (20.2%)
Total	tracing	10.424 s	-
Total	appsec	10.74 s	315.87 ms (3.0%)
Total	iast	10.98 s	555.747 ms (5.3%)
Total	profiling	10.866 s	442.072 ms (4.2%)

gantt title petclinic - break down per module: candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d dateFormat X axisFormat %s section tracing BytebuddyAgent [baseline] (714.44 ms) : 0, 714440 BytebuddyAgent [candidate] (714.176 ms) : 0, 714176 GlobalTracer [baseline] (255.446 ms) : 0, 255446 GlobalTracer [candidate] (255.395 ms) : 0, 255395 AppSec [baseline] (56.936 ms) : 0, 56936 AppSec [candidate] (55.386 ms) : 0, 55386 Remote Config [baseline] (745.918 µs) : 0, 746 Remote Config [candidate] (735.191 µs) : 0, 735 Telemetry [baseline] (12.794 ms) : 0, 12794 Telemetry [candidate] (11.423 ms) : 0, 11423 section appsec BytebuddyAgent [baseline] (729.867 ms) : 0, 729867 BytebuddyAgent [candidate] (730.518 ms) : 0, 730518 GlobalTracer [baseline] (252.707 ms) : 0, 252707 GlobalTracer [candidate] (252.77 ms) : 0, 252770 AppSec [baseline] (171.063 ms) : 0, 171063 AppSec [candidate] (170.929 ms) : 0, 170929 IAST [baseline] (19.363 ms) : 0, 19363 IAST [candidate] (19.429 ms) : 0, 19429 Remote Config [baseline] (656.415 µs) : 0, 656 Remote Config [candidate] (667.348 µs) : 0, 667 Telemetry [baseline] (8.176 ms) : 0, 8176 Telemetry [candidate] (8.164 ms) : 0, 8164 section iast BytebuddyAgent [baseline] (831.958 ms) : 0, 831958 BytebuddyAgent [candidate] (837.503 ms) : 0, 837503 GlobalTracer [baseline] (247.168 ms) : 0, 247168 GlobalTracer [candidate] (247.764 ms) : 0, 247764 AppSec [baseline] (58.367 ms) : 0, 58367 AppSec [candidate] (58.492 ms) : 0, 58492 IAST [baseline] (21.251 ms) : 0, 21251 IAST [candidate] (21.724 ms) : 0, 21724 Remote Config [baseline] (670.088 µs) : 0, 670 Remote Config [candidate] (691.87 µs) : 0, 692 Telemetry [baseline] (8.78 ms) : 0, 8780 Telemetry [candidate] (8.843 ms) : 0, 8843 section profiling BytebuddyAgent [baseline] (702.734 ms) : 0, 702734 BytebuddyAgent [candidate] (709.397 ms) : 0, 709397 GlobalTracer [baseline] (348.924 ms) : 0, 348924 GlobalTracer [candidate] (352.66 ms) : 0, 352660 AppSec [baseline] (54.854 ms) : 0, 54854 AppSec [candidate] (54.216 ms) : 0, 54216 Remote Config [baseline] (721.165 µs) : 0, 721 Remote Config [candidate] (709.633 µs) : 0, 710 Telemetry [baseline] (8.744 ms) : 0, 8744 Telemetry [candidate] (8.74 ms) : 0, 8740 ProfilingAgent [baseline] (96.048 ms) : 0, 96048 ProfilingAgent [candidate] (96.156 ms) : 0, 96156 Profiling [baseline] (96.071 ms) : 0, 96071 Profiling [candidate] (96.182 ms) : 0, 96182

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2025-01-21T09:13:24	2025-01-21T09:20:28
git_branch	master	malvarez/asm-fix-npe-spring-security
git_commit_date	1737449112	1737450204
git_commit_sha	`b63b852`	`4f83a4c`
release_version	1.46.0-SNAPSHOT~b63b852c6d	1.46.0-SNAPSHOT~4f83a4ccf4
start_time	2025-01-21T09:13:10	2025-01-21T09:20:14

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1737451587	1737451587
ci_job_id	773499704	773499704
ci_pipeline_id	53524426	53524426
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 16 unstable metrics.

Request duration reports for petclinic

gantt title petclinic - request duration [CI 0.99] : candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d dateFormat X axisFormat %s section baseline no_agent (1.353 ms) : 1333, 1373 . : milestone, 1353, appsec (1.743 ms) : 1719, 1767 . : milestone, 1743, appsec_no_iast (1.756 ms) : 1730, 1781 . : milestone, 1756, iast (1.527 ms) : 1503, 1550 . : milestone, 1527, profiling (1.52 ms) : 1497, 1544 . : milestone, 1520, tracing (1.485 ms) : 1460, 1510 . : milestone, 1485, section candidate no_agent (1.364 ms) : 1345, 1384 . : milestone, 1364, appsec (1.751 ms) : 1727, 1774 . : milestone, 1751, appsec_no_iast (1.75 ms) : 1725, 1774 . : milestone, 1750, iast (1.517 ms) : 1493, 1542 . : milestone, 1517, profiling (1.558 ms) : 1533, 1583 . : milestone, 1558, tracing (1.494 ms) : 1469, 1519 . : milestone, 1494,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.353 ms [1.333 ms, 1.373 ms]	-
appsec	1.743 ms [1.719 ms, 1.767 ms]	389.933 µs (28.8%)
appsec_no_iast	1.756 ms [1.73 ms, 1.781 ms]	402.134 µs (29.7%)
iast	1.527 ms [1.503 ms, 1.55 ms]	173.269 µs (12.8%)
profiling	1.52 ms [1.497 ms, 1.544 ms]	167.125 µs (12.3%)
tracing	1.485 ms [1.46 ms, 1.51 ms]	131.843 µs (9.7%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.364 ms [1.345 ms, 1.384 ms]	-
appsec	1.751 ms [1.727 ms, 1.774 ms]	386.503 µs (28.3%)
appsec_no_iast	1.75 ms [1.725 ms, 1.774 ms]	385.075 µs (28.2%)
iast	1.517 ms [1.493 ms, 1.542 ms]	152.752 µs (11.2%)
profiling	1.558 ms [1.533 ms, 1.583 ms]	193.65 µs (14.2%)
tracing	1.494 ms [1.469 ms, 1.519 ms]	129.6 µs (9.5%)

Request duration reports for insecure-bank

gantt title insecure-bank - request duration [CI 0.99] : candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d dateFormat X axisFormat %s section baseline no_agent (383.17 µs) : 363, 403 . : milestone, 383, iast (505.508 µs) : 484, 528 . : milestone, 506, iast_FULL (750.091 µs) : 728, 772 . : milestone, 750, iast_GLOBAL (553.742 µs) : 532, 575 . : milestone, 554, iast_HARDCODED_SECRET_DISABLED (507.199 µs) : 486, 529 . : milestone, 507, iast_INACTIVE (459.417 µs) : 438, 481 . : milestone, 459, iast_TELEMETRY_OFF (496.896 µs) : 475, 518 . : milestone, 497, tracing (454.372 µs) : 433, 475 . : milestone, 454, section candidate no_agent (385.776 µs) : 365, 406 . : milestone, 386, iast (506.176 µs) : 484, 528 . : milestone, 506, iast_FULL (749.888 µs) : 728, 772 . : milestone, 750, iast_GLOBAL (556.21 µs) : 534, 578 . : milestone, 556, iast_HARDCODED_SECRET_DISABLED (511.187 µs) : 489, 533 . : milestone, 511, iast_INACTIVE (458.174 µs) : 437, 480 . : milestone, 458, iast_TELEMETRY_OFF (496.514 µs) : 475, 518 . : milestone, 497, tracing (456.414 µs) : 435, 478 . : milestone, 456,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	383.17 µs [363.182 µs, 403.159 µs]	-
iast	505.508 µs [483.514 µs, 527.502 µs]	122.338 µs (31.9%)
iast_FULL	750.091 µs [728.058 µs, 772.124 µs]	366.921 µs (95.8%)
iast_GLOBAL	553.742 µs [532.311 µs, 575.173 µs]	170.572 µs (44.5%)
iast_HARDCODED_SECRET_DISABLED	507.199 µs [485.763 µs, 528.635 µs]	124.029 µs (32.4%)
iast_INACTIVE	459.417 µs [437.8 µs, 481.033 µs]	76.246 µs (19.9%)
iast_TELEMETRY_OFF	496.896 µs [475.384 µs, 518.407 µs]	113.726 µs (29.7%)
tracing	454.372 µs [433.472 µs, 475.272 µs]	71.202 µs (18.6%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	385.776 µs [365.166 µs, 406.386 µs]	-
iast	506.176 µs [484.412 µs, 527.94 µs]	120.4 µs (31.2%)
iast_FULL	749.888 µs [727.656 µs, 772.12 µs]	364.112 µs (94.4%)
iast_GLOBAL	556.21 µs [534.218 µs, 578.203 µs]	170.434 µs (44.2%)
iast_HARDCODED_SECRET_DISABLED	511.187 µs [488.897 µs, 533.478 µs]	125.411 µs (32.5%)
iast_INACTIVE	458.174 µs [436.761 µs, 479.587 µs]	72.398 µs (18.8%)
iast_TELEMETRY_OFF	496.514 µs [474.927 µs, 518.1 µs]	110.738 µs (28.7%)
tracing	456.414 µs [435.276 µs, 477.553 µs]	70.639 µs (18.3%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/asm-fix-npe-spring-security
git_commit_date	1737449112	1737450204
git_commit_sha	`b63b852`	`4f83a4c`
release_version	1.46.0-SNAPSHOT~b63b852c6d	1.46.0-SNAPSHOT~4f83a4ccf4

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1737452279	1737452279
ci_job_id	773499705	773499705
ci_pipeline_id	53524426	53524426
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat

gantt title tomcat - execution time [CI 0.99] : candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d dateFormat X axisFormat %s section baseline no_agent (1.472 ms) : 1460, 1483 . : milestone, 1472, appsec (2.352 ms) : 2309, 2395 . : milestone, 2352, iast (2.093 ms) : 2039, 2147 . : milestone, 2093, iast_GLOBAL (2.135 ms) : 2081, 2190 . : milestone, 2135, profiling (1.959 ms) : 1915, 2002 . : milestone, 1959, tracing (1.94 ms) : 1898, 1982 . : milestone, 1940, section candidate no_agent (1.469 ms) : 1458, 1481 . : milestone, 1469, appsec (2.351 ms) : 2309, 2394 . : milestone, 2351, iast (2.094 ms) : 2040, 2149 . : milestone, 2094, iast_GLOBAL (2.13 ms) : 2075, 2184 . : milestone, 2130, profiling (1.962 ms) : 1918, 2007 . : milestone, 1962, tracing (1.929 ms) : 1888, 1971 . : milestone, 1929,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.472 ms [1.46 ms, 1.483 ms]	-
appsec	2.352 ms [2.309 ms, 2.395 ms]	879.956 µs (59.8%)
iast	2.093 ms [2.039 ms, 2.147 ms]	621.245 µs (42.2%)
iast_GLOBAL	2.135 ms [2.081 ms, 2.19 ms]	663.835 µs (45.1%)
profiling	1.959 ms [1.915 ms, 2.002 ms]	487.036 µs (33.1%)
tracing	1.94 ms [1.898 ms, 1.982 ms]	468.566 µs (31.8%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.469 ms [1.458 ms, 1.481 ms]	-
appsec	2.351 ms [2.309 ms, 2.394 ms]	882.346 µs (60.1%)
iast	2.094 ms [2.04 ms, 2.149 ms]	625.37 µs (42.6%)
iast_GLOBAL	2.13 ms [2.075 ms, 2.184 ms]	660.597 µs (45.0%)
profiling	1.962 ms [1.918 ms, 2.007 ms]	493.132 µs (33.6%)
tracing	1.929 ms [1.888 ms, 1.971 ms]	460.31 µs (31.3%)

Execution time for biojava

gantt title biojava - execution time [CI 0.99] : candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d dateFormat X axisFormat %s section baseline no_agent (14.999 s) : 14999000, 14999000 . : milestone, 14999000, appsec (14.977 s) : 14977000, 14977000 . : milestone, 14977000, iast (18.836 s) : 18836000, 18836000 . : milestone, 18836000, iast_GLOBAL (17.895 s) : 17895000, 17895000 . : milestone, 17895000, profiling (15.079 s) : 15079000, 15079000 . : milestone, 15079000, tracing (14.962 s) : 14962000, 14962000 . : milestone, 14962000, section candidate no_agent (15.226 s) : 15226000, 15226000 . : milestone, 15226000, appsec (15.159 s) : 15159000, 15159000 . : milestone, 15159000, iast (19.032 s) : 19032000, 19032000 . : milestone, 19032000, iast_GLOBAL (18.2 s) : 18200000, 18200000 . : milestone, 18200000, profiling (14.944 s) : 14944000, 14944000 . : milestone, 14944000, tracing (15.049 s) : 15049000, 15049000 . : milestone, 15049000,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.999 s [14.999 s, 14.999 s]	-
appsec	14.977 s [14.977 s, 14.977 s]	-22.0 ms (-0.1%)
iast	18.836 s [18.836 s, 18.836 s]	3.837 s (25.6%)
iast_GLOBAL	17.895 s [17.895 s, 17.895 s]	2.896 s (19.3%)
profiling	15.079 s [15.079 s, 15.079 s]	80.0 ms (0.5%)
tracing	14.962 s [14.962 s, 14.962 s]	-37.0 ms (-0.2%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.226 s [15.226 s, 15.226 s]	-
appsec	15.159 s [15.159 s, 15.159 s]	-67.0 ms (-0.4%)
iast	19.032 s [19.032 s, 19.032 s]	3.806 s (25.0%)
iast_GLOBAL	18.2 s [18.2 s, 18.2 s]	2.974 s (19.5%)
profiling	14.944 s [14.944 s, 14.944 s]	-282.0 ms (-1.9%)
tracing	15.049 s [15.049 s, 15.049 s]	-177.0 ms (-1.2%)

| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [com.google.cloud:google-cloud-datastore](https://github.com/googleapis/java-datastore) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.25.4` -> `2.26.0` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.45.2` -> `1.46.0` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.45.2` -> `1.46.0` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | --- ### Release Notes <details> <summary>googleapis/java-datastore (com.google.cloud:google-cloud-datastore)</summary> ### [`v2.26.0`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2260-2025-01-29) ##### Features - Add firestoreInDatastoreMode for datastore emulator ([#1698](googleapis/java-datastore#1698)) ([50f106d](googleapis/java-datastore@50f106d)) ##### Dependencies - Update dependency com.google.cloud:sdk-platform-java-config to v3.42.0 ([#1725](googleapis/java-datastore#1725)) ([1cbaf22](googleapis/java-datastore@1cbaf22)) </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.46.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.46.0): 1.46.0 ##### Breaking Changes > \[!WARNING] > jnr-unixsocket is now an external dependency of dd-trace-ot and must be included when deploying dd-trace-ot. > \[!NOTE] > The API `TracerScope.setAsync(boolean)`, used to manually control asynchronous span propagation, does no more apply to the scope instance but to the active span scope. ##### Components ##### Application Security Management (IAST) - 🐛 Fix String.replace instrumentation for IAST ([#8281](DataDog/dd-trace-java#8281) - [@Mariovido](https://github.com/Mariovido)) - ✨ Apply the standard nomenclature to the stacktrace configs ([#8244](DataDog/dd-trace-java#8244) - [@jandro996](https://github.com/jandro996)) - 🐛 Exclude false positive weak randomness ([#8232](DataDog/dd-trace-java#8232) - [@jandro996](https://github.com/jandro996)) - ✨ Propagation of translateEscapes of String class ([#8186](DataDog/dd-trace-java#8186) - [@sezen-datadog](https://github.com/sezen-datadog)) - ✨ Add security control metrics ([#8175](DataDog/dd-trace-java#8175) - [@jandro996](https://github.com/jandro996)) - ✨ Increase IAST propagation to StringBuffer setLength ([#8128](DataDog/dd-trace-java#8128) - [@Mariovido](https://github.com/Mariovido)) - ✨ Add IAST taint tracking for DB values ([#8072](DataDog/dd-trace-java#8072) - [@Mariovido](https://github.com/Mariovido)) ##### Application Security Management (WAF) - 🐛 Prevents a NPE when there is no subscriber for user events ([#8258](DataDog/dd-trace-java#8258) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Apply the standard nomenclature to the stacktrace configs ([#8244](DataDog/dd-trace-java#8244) - [@jandro996](https://github.com/jandro996)) - 🐛 Ensure cached subscriptions are cleared on reconfiguration via RC ([#8229](DataDog/dd-trace-java#8229) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Add support for session tracking in Vertx ([#8167](DataDog/dd-trace-java#8167) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Create span tag: \_dd.appsec.rasp.timeout ([#8269](DataDog/dd-trace-java#8269) - [@Mariovido](https://github.com/Mariovido)) ##### Build & Tooling - 🐛 Ensure shaded helpers have unique names when injected into class-loaders ([#8192](DataDog/dd-trace-java#8192) - [@mcculls](https://github.com/mcculls)) ##### Configuration at Runtime - 🐛 Remove filtering of `DD_SERVICE` and `DD_ENV` from the tracer ([#8176](DataDog/dd-trace-java#8176) - [@mhlidd](https://github.com/mhlidd)) ##### Continuous Integration Visibility - 🧹 Generalize TestRetryPolicy to TestExecutionPolicy ([#8302](DataDog/dd-trace-java#8302) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Parallelize CI Visibility settings requests ([#8299](DataDog/dd-trace-java#8299) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Generalize test retry logic ([#8289](DataDog/dd-trace-java#8289) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Generalize tests skipping logic ([#8288](DataDog/dd-trace-java#8288) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Remove skip and shouldBeSkipped methods from TestEventsHandler in favor of isSkippable ([#8286](DataDog/dd-trace-java#8286) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨⚡ Optimize Git repository information computation ([#8270](DataDog/dd-trace-java#8270) - [@dougqh](https://github.com/dougqh)) - ✨ Always request known tests from the backend ([#8268](DataDog/dd-trace-java#8268) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Fix NPE when trying to get retry analyzer in Test NG ([#8253](DataDog/dd-trace-java#8253) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Set test framework and test framework version tags atomically ([#8252](DataDog/dd-trace-java#8252) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add debug logging to Android Gradle module layout logic ([#8251](DataDog/dd-trace-java#8251) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Fix source and destination folders computation for Android Gradle projects ([#8190](DataDog/dd-trace-java#8190) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add basic Scala Weaver sbt support ([#8189](DataDog/dd-trace-java#8189) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Implement impacted tests detection ([#8188](DataDog/dd-trace-java#8188) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) ##### Data Streams Monitoring - ✨ Change hash computation for protobuf to better represent impacting changes + save proto number in schema ([#8201](DataDog/dd-trace-java#8201) - [@vandonr](https://github.com/vandonr)) ##### Database Monitoring - Add peer service tag in dbm sql commenter ([#7913](DataDog/dd-trace-java#7913) - [@jordan-wong](https://github.com/jordan-wong)) ##### Dynamic Instrumentation - ✨ Add support for SymDB to scan directories ([#8306](DataDog/dd-trace-java#8306) - [@jpbempel](https://github.com/jpbempel)) - ✨ Add SymDB report for any jar scanning failures ([#8300](DataDog/dd-trace-java#8300) - [@jpbempel](https://github.com/jpbempel)) - ✨ Use two budgets depending on type ([#8283](DataDog/dd-trace-java#8283) - [@evanchooly](https://github.com/evanchooly)) - ✨ Institute a 10 snapshot per probe per trace budget ([#8277](DataDog/dd-trace-java#8277) - [@evanchooly](https://github.com/evanchooly)) - 🐛 Avoid double snapshots for Exception Replay ([#8273](DataDog/dd-trace-java#8273) - [@jpbempel](https://github.com/jpbempel)) - ✨ Simplify code origins. Separate out snapshot generation. ([#8263](DataDog/dd-trace-java#8263) - [@evanchooly](https://github.com/evanchooly)) - ✨ Add Exception probe custom instrumentation ([#8230](DataDog/dd-trace-java#8230) - [@jpbempel](https://github.com/jpbempel)) - ✨ Enhance log probes to honor debug session tags ([#8215](DataDog/dd-trace-java#8215) - [@evanchooly](https://github.com/evanchooly)) - 🐛 Don't redact env tokens from debugger probe snapshots ([#8211](DataDog/dd-trace-java#8211) - [@watson](https://github.com/watson)) - ✨⚡ Move Trace/SpanId capture at commit time ([#8184](DataDog/dd-trace-java#8184) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Capture values at entry for method probe ([#8169](DataDog/dd-trace-java#8169) - [@jpbempel](https://github.com/jpbempel)) ##### JMX fetch - 🐛 Mute JMXFetch Shutdown in progress error ([#8068](DataDog/dd-trace-java#8068) - [@ygree](https://github.com/ygree)) ##### OpenTracing - ⚠️🧹 Make jnr-unixsocket an explicit dependency of dd-trace-ot ([#8307](DataDog/dd-trace-java#8307) - [@mcculls](https://github.com/mcculls)) ##### Profiling - 🐛 Avoid unsupported API call for creating folders on windows ([#8304](DataDog/dd-trace-java#8304) - [@jbachorik](https://github.com/jbachorik)) - ✨ Tag profiles for serverless ([#8279](DataDog/dd-trace-java#8279) - [@jbachorik](https://github.com/jbachorik)) - ✨ add queue type and length to queue events ([#8242](DataDog/dd-trace-java#8242) - [@richardstartin](https://github.com/richardstartin)) - 🐛 TempLocationManager Fixes and Improvements ([#8191](DataDog/dd-trace-java#8191) - [@jbachorik](https://github.com/jbachorik)) - ✨ Bump ddprof to 1.18.0 ([#8173](DataDog/dd-trace-java#8173) - [@jbachorik](https://github.com/jbachorik)) - ✨ Report profiler initialization and configuration errors to telemetry ([#8171](DataDog/dd-trace-java#8171) - [@jbachorik](https://github.com/jbachorik)) ##### Telemetry - ✨ Add pending traces report in tracer flares ([#8053](DataDog/dd-trace-java#8053) - [@mhlidd](https://github.com/mhlidd)) ##### Testing - ✨ Test http server requests in parallel ([#8222](DataDog/dd-trace-java#8222) - [@amarziali](https://github.com/amarziali)) ##### Trace context propagation - ✨ Add non default propagator registration ([#8310](DataDog/dd-trace-java#8310) - [@PerfectSlayer](https://github.com/PerfectSlayer)) ##### Tracer core - ✨ Probe for existence of IBMSASL or ACCP security providers ([#8276](DataDog/dd-trace-java#8276) - [@mcculls](https://github.com/mcculls)) - ✨⚡ Overhead improvement to agent feedback based sampling ([#8265](DataDog/dd-trace-java#8265) - [@dougqh](https://github.com/dougqh)) - 🧹 Move async propagation API from scope to tracer ([#8231](DataDog/dd-trace-java#8231) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨ Introduce context propagation API ([#8161](DataDog/dd-trace-java#8161) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨🧪 Use env-entry to add tags per webapp deployment ([#8138](DataDog/dd-trace-java#8138) - [@amarziali](https://github.com/amarziali)) - ✨ Introduce context helpers API ([#8134](DataDog/dd-trace-java#8134) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨ Support IPv6 values for `DD_AGENT_HOST` and `DD_TRACE_AGENT_URL` ([#7984](DataDog/dd-trace-java#7984) - [@mhlidd](https://github.com/mhlidd)) ##### Instrumentations ##### Apache HttpComponents - 🐛 Properly finish spans and support latest apache httpclient5 ([#8272](DataDog/dd-trace-java#8272) - [@amarziali](https://github.com/amarziali)) ##### AWS Lambda instrumentation - 🐛 Properly capture lambda payloads for all handler types. ([#8264](DataDog/dd-trace-java#8264) - [@purple4reina](https://github.com/purple4reina)) ##### AWS S3 instrumentation - 💡 Create S3 instrumentation + add span pointers ([#8075](DataDog/dd-trace-java#8075) - [@nhulston](https://github.com/nhulston)) ##### AWS SDK instrumentation - 🐛 Revert "Add avoid double instrumenting lambda non-streaming handlers." ([#8247](DataDog/dd-trace-java#8247) - [@nhulston](https://github.com/nhulston)) ##### Cassandra - ✨ Allow extracting keyspace from statement result ([#8239](DataDog/dd-trace-java#8239) - [@amarziali](https://github.com/amarziali)) ##### Core Java language instrumentation - ✨ Propagation of translateEscapes of String class ([#8186](DataDog/dd-trace-java#8186) - [@sezen-datadog](https://github.com/sezen-datadog)) ##### Eclipse Vert.x instrumentation - 🐛 Fix vertx worker propagation and error handling ([#8237](DataDog/dd-trace-java#8237) - [@amarziali](https://github.com/amarziali)) - ✨ Support vertx 5 ([#8220](DataDog/dd-trace-java#8220) - [@amarziali](https://github.com/amarziali)) - ✨ Add support for session tracking in Vertx ([#8167](DataDog/dd-trace-java#8167) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) ##### Kafka instrumentation - 🐛 Prevent possible NPE calculating Kafka record header size ([#8292](DataDog/dd-trace-java#8292) - [@ygree](https://github.com/ygree)) ##### Mule instrumentation - 🐛 Fix crash using Mule with JPMS ([#8187](DataDog/dd-trace-java#8187) - [@amarziali](https://github.com/amarziali)) ##### Protocol Buffer instrumentation - ✨ Change hash computation for protobuf to better represent impacting changes + save proto number in schema ([#8201](DataDog/dd-trace-java#8201) - [@vandonr](https://github.com/vandonr)) ##### Spring instrumentation - 🐛 Preserve getQualifier from spring scheduling runnables ([#8293](DataDog/dd-trace-java#8293) - [@amarziali](https://github.com/amarziali)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: bb09d47e4eed77a003f630273b4d0a84003eb899

Fix NPE when there is no subscriber for user events

4f83a4c

manuel-alvarez-alvarez added type: bug Bug report and fix comp: asm waf Application Security Management (WAF) labels Jan 21, 2025

manuel-alvarez-alvarez requested a review from a team as a code owner January 21, 2025 09:07

manuel-alvarez-alvarez requested review from Mariovido and smola January 21, 2025 09:07

smola approved these changes Jan 21, 2025

View reviewed changes

sezen-datadog approved these changes Jan 21, 2025

View reviewed changes

jandro996 approved these changes Jan 21, 2025

View reviewed changes

manuel-alvarez-alvarez changed the title ~~Fix NPE when there is no subscriber for user events~~ Prevents NPE when there is no subscriber for user events Jan 21, 2025

manuel-alvarez-alvarez changed the title ~~Prevents NPE when there is no subscriber for user events~~ Prevents a NPE when there is no subscriber for user events Jan 21, 2025

manuel-alvarez-alvarez merged commit 1999e2b into master Jan 21, 2025
178 of 180 checks passed

manuel-alvarez-alvarez deleted the malvarez/asm-fix-npe-spring-security branch January 21, 2025 09:54

github-actions bot added this to the 1.46.0 milestone Jan 21, 2025

This was referenced Jan 21, 2025

🍒 8258 - Prevents a NPE when there is no subscriber for user events #8259

Closed

🍒 8258 - Prevents a NPE when there is no subscriber for user events #8260

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Prevents a NPE when there is no subscriber for user events #8258

Prevents a NPE when there is no subscriber for user events #8258

Uh oh!

manuel-alvarez-alvarez commented Jan 21, 2025 •

edited

Loading

pr-commenter bot commented Jan 21, 2025

Uh oh!

Labels

5 participants

Prevents a NPE when there is no subscriber for user events #8258

Prevents a NPE when there is no subscriber for user events #8258

Uh oh!

Conversation

manuel-alvarez-alvarez commented Jan 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What Does This Do

Motivation

Additional Notes

Contributor Checklist

pr-commenter bot commented Jan 21, 2025

Benchmarks

Startup

Parameters

Summary

Load

Parameters

Summary

Dacapo

Parameters

Summary

Uh oh!

Labels

5 participants

manuel-alvarez-alvarez commented Jan 21, 2025 •

edited

Loading