Skip to content

Prevent before callsites targeting constructors in super calls #8549

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 17, 2025
Merged

Prevent before callsites targeting constructors in super calls #8549

merged 2 commits into from
Mar 17, 2025

Conversation

manuel-alvarez-alvarez
Copy link
Member

@manuel-alvarez-alvarez manuel-alvarez-alvarez commented Mar 13, 2025
edited
Loading

What Does This Do

Disallows the usage of before call sites in calls to super in constructors which is not allowed by the JVM.

Motivation

We got a report from a customer with an issue blocking the startup of a app due to:

java.lang.VerifyError: Bad type on operand stack Exception Details: Location: org/redisson/codec/CustomObjectInputStream.<init>(Ljava/lang/ClassLoader;Ljava/io/InputStream;Ljava/util/Set;)V @32: invokestatic Reason: Type uninitializedThis (current frame, stack[3]) is not assignable to 'java/io/InputStream' Current Frame: bci: @32 flags: { flagThisUninit } locals: { uninitializedThis, 'java/lang/ClassLoader', 'java/io/InputStream', 'java/util/Set' } stack: { '[Ljava/lang/Object;', uninitializedThis, 'java/io/InputStream', uninitializedThis } Bytecode: 0000000: 2a2c b200 8110 1e04 b800 8604 bd00 885a 0000010: 5f10 005f 535a 5903 32c0 008a 5f57 1900 0000020: b800 8fb7 0001 2a2b b500 072a 2db5 000d 0000030: b1

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-56992
@manuel-alvarez-alvarez manuel-alvarez-alvarez added type: bug Bug report and fix comp: asm iast Application Security Management (IAST) labels Mar 13, 2025
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from 6923877 to e5bb8b6 Compare March 13, 2025 10:55
@manuel-alvarez-alvarez manuel-alvarez-alvarez marked this pull request as ready for review March 13, 2025 10:57
@manuel-alvarez-alvarez manuel-alvarez-alvarez requested review from a team as code owners March 13, 2025 10:57
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from e5bb8b6 to ee718ed Compare March 13, 2025 10:57
@pr-commenter
Copy link

pr-commenter bot commented Mar 13, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/iast-fix-before-ctor-callsites
git_commit_date 1742206348 1742209689
git_commit_sha 0bc5b2f 70c362c
release_version 1.48.0-SNAPSHOT~0bc5b2f9a1 1.48.0-SNAPSHOT~70c362cff4
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1742212169 1742212169
ci_job_id 850376071 850376071
ci_pipeline_id 59010422 59010422
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-hvxyazeg-project-304-concurrent-0-s54tzwxu 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-hvxyazeg-project-304-concurrent-0-s54tzwxu 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 59 metrics, 4 unstable metrics.

Startup time reports for petclinic 
gantt title petclinic - global startup overhead: candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1 dateFormat X axisFormat %s section tracing Agent [baseline] (1.04 s) : 0, 1040087 Total [baseline] (10.413 s) : 0, 10413473 Agent [candidate] (1.056 s) : 0, 1056301 Total [candidate] (10.481 s) : 0, 10481097 section appsec Agent [baseline] (1.184 s) : 0, 1184315 Total [baseline] (10.764 s) : 0, 10764024 Agent [candidate] (1.183 s) : 0, 1182965 Total [candidate] (10.744 s) : 0, 10743895 section iast Agent [baseline] (1.178 s) : 0, 1177853 Total [baseline] (11.041 s) : 0, 11040958 Agent [candidate] (1.172 s) : 0, 1172466 Total [candidate] (10.976 s) : 0, 10975662 section profiling Agent [baseline] (1.258 s) : 0, 1258041 Total [baseline] (10.841 s) : 0, 10841134 Agent [candidate] (1.264 s) : 0, 1263647 Total [candidate] (10.849 s) : 0, 10849124
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.04 s -
Agent appsec 1.184 s 144.228 ms (13.9%)
Agent iast 1.178 s 137.765 ms (13.2%)
Agent profiling 1.258 s 217.954 ms (21.0%)
Total tracing 10.413 s -
Total appsec 10.764 s 350.55 ms (3.4%)
Total iast 11.041 s 627.485 ms (6.0%)
Total profiling 10.841 s 427.661 ms (4.1%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.056 s -
Agent appsec 1.183 s 126.665 ms (12.0%)
Agent iast 1.172 s 116.165 ms (11.0%)
Agent profiling 1.264 s 207.347 ms (19.6%)
Total tracing 10.481 s -
Total appsec 10.744 s 262.798 ms (2.5%)
Total iast 10.976 s 494.566 ms (4.7%)
Total profiling 10.849 s 368.027 ms (3.5%) 
gantt title petclinic - break down per module: candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1 dateFormat X axisFormat %s section tracing BytebuddyAgent [baseline] (718.121 ms) : 0, 718121 BytebuddyAgent [candidate] (729.096 ms) : 0, 729096 GlobalTracer [baseline] (239.172 ms) : 0, 239172 GlobalTracer [candidate] (243.299 ms) : 0, 243299 AppSec [baseline] (54.484 ms) : 0, 54484 AppSec [candidate] (55.51 ms) : 0, 55510 Remote Config [baseline] (690.232 µs) : 0, 690 Remote Config [candidate] (704.063 µs) : 0, 704 Telemetry [baseline] (12.342 ms) : 0, 12342 Telemetry [candidate] (12.296 ms) : 0, 12296 section appsec BytebuddyAgent [baseline] (736.352 ms) : 0, 736352 BytebuddyAgent [candidate] (735.28 ms) : 0, 735280 GlobalTracer [baseline] (236.539 ms) : 0, 236539 GlobalTracer [candidate] (236.207 ms) : 0, 236207 AppSec [baseline] (176.527 ms) : 0, 176527 AppSec [candidate] (176.55 ms) : 0, 176550 Remote Config [baseline] (665.284 µs) : 0, 665 Remote Config [candidate] (667.167 µs) : 0, 667 Telemetry [baseline] (8.252 ms) : 0, 8252 Telemetry [candidate] (8.257 ms) : 0, 8257 IAST [baseline] (21.444 ms) : 0, 21444 IAST [candidate] (21.605 ms) : 0, 21605 section iast BytebuddyAgent [baseline] (842.145 ms) : 0, 842145 BytebuddyAgent [candidate] (838.67 ms) : 0, 838670 GlobalTracer [baseline] (231.341 ms) : 0, 231341 GlobalTracer [candidate] (230.307 ms) : 0, 230307 AppSec [baseline] (56.433 ms) : 0, 56433 AppSec [candidate] (56.263 ms) : 0, 56263 Remote Config [baseline] (619.09 µs) : 0, 619 Remote Config [candidate] (606.552 µs) : 0, 607 Telemetry [baseline] (8.847 ms) : 0, 8847 Telemetry [candidate] (8.664 ms) : 0, 8664 IAST [baseline] (23.164 ms) : 0, 23164 IAST [candidate] (22.69 ms) : 0, 22690 section profiling BytebuddyAgent [baseline] (708.791 ms) : 0, 708791 BytebuddyAgent [candidate] (711.217 ms) : 0, 711217 GlobalTracer [baseline] (348.674 ms) : 0, 348674 GlobalTracer [candidate] (351.495 ms) : 0, 351495 AppSec [baseline] (54.261 ms) : 0, 54261 AppSec [candidate] (53.707 ms) : 0, 53707 Remote Config [baseline] (675.667 µs) : 0, 676 Remote Config [candidate] (675.325 µs) : 0, 675 Telemetry [baseline] (8.9 ms) : 0, 8900 Telemetry [candidate] (9.072 ms) : 0, 9072 ProfilingAgent [baseline] (96.019 ms) : 0, 96019 ProfilingAgent [candidate] (96.625 ms) : 0, 96625 Profiling [baseline] (96.044 ms) : 0, 96044 Profiling [candidate] (96.649 ms) : 0, 96649
Loading
Startup time reports for insecure-bank 
gantt title insecure-bank - global startup overhead: candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1 dateFormat X axisFormat %s section tracing Agent [baseline] (1.04 s) : 0, 1040197 Total [baseline] (8.662 s) : 0, 8661694 Agent [candidate] (1.043 s) : 0, 1042774 Total [candidate] (8.681 s) : 0, 8680524 section iast Agent [baseline] (1.172 s) : 0, 1172172 Total [baseline] (9.247 s) : 0, 9247035 Agent [candidate] (1.175 s) : 0, 1175106 Total [candidate] (9.246 s) : 0, 9245875 section iast_HARDCODED_SECRET_DISABLED Agent [baseline] (1.171 s) : 0, 1170644 Total [baseline] (9.248 s) : 0, 9247567 Agent [candidate] (1.174 s) : 0, 1173558 Total [candidate] (9.211 s) : 0, 9211303 section iast_TELEMETRY_OFF Agent [baseline] (1.165 s) : 0, 1164740 Total [baseline] (9.243 s) : 0, 9243354 Agent [candidate] (1.171 s) : 0, 1170934 Total [candidate] (9.242 s) : 0, 9242290
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.04 s -
Agent iast 1.172 s 131.975 ms (12.7%)
Agent iast_HARDCODED_SECRET_DISABLED 1.171 s 130.447 ms (12.5%)
Agent iast_TELEMETRY_OFF 1.165 s 124.543 ms (12.0%)
Total tracing 8.662 s -
Total iast 9.247 s 585.34 ms (6.8%)
Total iast_HARDCODED_SECRET_DISABLED 9.248 s 585.872 ms (6.8%)
Total iast_TELEMETRY_OFF 9.243 s 581.659 ms (6.7%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.043 s -
Agent iast 1.175 s 132.332 ms (12.7%)
Agent iast_HARDCODED_SECRET_DISABLED 1.174 s 130.784 ms (12.5%)
Agent iast_TELEMETRY_OFF 1.171 s 128.16 ms (12.3%)
Total tracing 8.681 s -
Total iast 9.246 s 565.352 ms (6.5%)
Total iast_HARDCODED_SECRET_DISABLED 9.211 s 530.779 ms (6.1%)
Total iast_TELEMETRY_OFF 9.242 s 561.767 ms (6.5%) 
gantt title insecure-bank - break down per module: candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1 dateFormat X axisFormat %s section tracing BytebuddyAgent [baseline] (718.509 ms) : 0, 718509 BytebuddyAgent [candidate] (717.457 ms) : 0, 717457 GlobalTracer [baseline] (239.327 ms) : 0, 239327 GlobalTracer [candidate] (240.13 ms) : 0, 240130 AppSec [baseline] (54.265 ms) : 0, 54265 AppSec [candidate] (54.809 ms) : 0, 54809 Remote Config [baseline] (685.297 µs) : 0, 685 Remote Config [candidate] (683.784 µs) : 0, 684 Telemetry [baseline] (12.147 ms) : 0, 12147 Telemetry [candidate] (14.42 ms) : 0, 14420 section iast BytebuddyAgent [baseline] (838.052 ms) : 0, 838052 BytebuddyAgent [candidate] (841.575 ms) : 0, 841575 GlobalTracer [baseline] (230.456 ms) : 0, 230456 GlobalTracer [candidate] (230.029 ms) : 0, 230029 IAST [baseline] (22.796 ms) : 0, 22796 IAST [candidate] (23.707 ms) : 0, 23707 AppSec [baseline] (56.184 ms) : 0, 56184 AppSec [candidate] (55.282 ms) : 0, 55282 Remote Config [baseline] (605.562 µs) : 0, 606 Remote Config [candidate] (624.784 µs) : 0, 625 Telemetry [baseline] (8.761 ms) : 0, 8761 Telemetry [candidate] (8.585 ms) : 0, 8585 section iast_HARDCODED_SECRET_DISABLED BytebuddyAgent [baseline] (836.67 ms) : 0, 836670 BytebuddyAgent [candidate] (839.005 ms) : 0, 839005 GlobalTracer [baseline] (230.29 ms) : 0, 230290 GlobalTracer [candidate] (230.768 ms) : 0, 230768 IAST [baseline] (22.948 ms) : 0, 22948 IAST [candidate] (22.972 ms) : 0, 22972 AppSec [baseline] (56.103 ms) : 0, 56103 AppSec [candidate] (56.157 ms) : 0, 56157 Remote Config [baseline] (608.05 µs) : 0, 608 Remote Config [candidate] (603.569 µs) : 0, 604 Telemetry [baseline] (8.642 ms) : 0, 8642 Telemetry [candidate] (8.714 ms) : 0, 8714 section iast_TELEMETRY_OFF BytebuddyAgent [baseline] (832.413 ms) : 0, 832413 BytebuddyAgent [candidate] (836.731 ms) : 0, 836731 GlobalTracer [baseline] (229.795 ms) : 0, 229795 GlobalTracer [candidate] (230.872 ms) : 0, 230872 IAST [baseline] (22.128 ms) : 0, 22128 IAST [candidate] (22.546 ms) : 0, 22546 AppSec [baseline] (56.07 ms) : 0, 56070 AppSec [candidate] (56.302 ms) : 0, 56302 Remote Config [baseline] (608.47 µs) : 0, 608 Remote Config [candidate] (608.508 µs) : 0, 609 Telemetry [baseline] (8.487 ms) : 0, 8487 Telemetry [candidate] (8.577 ms) : 0, 8577
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2025-03-17T11:19:44 2025-03-17T11:27:26
git_branch master malvarez/iast-fix-before-ctor-callsites
git_commit_date 1742206348 1742209689
git_commit_sha 0bc5b2f 70c362c
release_version 1.48.0-SNAPSHOT~0bc5b2f9a1 1.48.0-SNAPSHOT~70c362cff4
start_time 2025-03-17T11:19:31 2025-03-17T11:27:12
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1742211242 1742211242
ci_job_id 850376072 850376072
ci_pipeline_id 59010422 59010422
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-hvxyazeg-project-304-concurrent-1-xvrlk127 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-hvxyazeg-project-304-concurrent-1-xvrlk127 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 18 unstable metrics.

Request duration reports for insecure-bank 
gantt title insecure-bank - request duration [CI 0.99] : candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1 dateFormat X axisFormat %s section baseline no_agent (375.973 µs) : 356, 396 . : milestone, 376, iast (506.209 µs) : 485, 528 . : milestone, 506, iast_FULL (725.863 µs) : 704, 748 . : milestone, 726, iast_GLOBAL (549.198 µs) : 528, 571 . : milestone, 549, iast_HARDCODED_SECRET_DISABLED (505.3 µs) : 483, 527 . : milestone, 505, iast_INACTIVE (457.977 µs) : 437, 479 . : milestone, 458, iast_TELEMETRY_OFF (489.571 µs) : 467, 512 . : milestone, 490, tracing (454.165 µs) : 433, 475 . : milestone, 454, section candidate no_agent (377.554 µs) : 358, 397 . : milestone, 378, iast (514.8 µs) : 493, 537 . : milestone, 515, iast_FULL (720.236 µs) : 698, 742 . : milestone, 720, iast_GLOBAL (552.896 µs) : 531, 574 . : milestone, 553, iast_HARDCODED_SECRET_DISABLED (507.609 µs) : 486, 529 . : milestone, 508, iast_INACTIVE (459.036 µs) : 437, 481 . : milestone, 459, iast_TELEMETRY_OFF (493.639 µs) : 472, 516 . : milestone, 494, tracing (456.244 µs) : 434, 478 . : milestone, 456,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 375.973 µs [356.332 µs, 395.615 µs] -
iast 506.209 µs [484.597 µs, 527.82 µs] 130.235 µs (34.6%)
iast_FULL 725.863 µs [704.027 µs, 747.7 µs] 349.89 µs (93.1%)
iast_GLOBAL 549.198 µs [527.538 µs, 570.857 µs] 173.224 µs (46.1%)
iast_HARDCODED_SECRET_DISABLED 505.3 µs [483.129 µs, 527.471 µs] 129.327 µs (34.4%)
iast_INACTIVE 457.977 µs [436.561 µs, 479.393 µs] 82.003 µs (21.8%)
iast_TELEMETRY_OFF 489.571 µs [467.28 µs, 511.862 µs] 113.597 µs (30.2%)
tracing 454.165 µs [433.159 µs, 475.171 µs] 78.192 µs (20.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 377.554 µs [357.945 µs, 397.163 µs] -
iast 514.8 µs [492.638 µs, 536.962 µs] 137.246 µs (36.4%)
iast_FULL 720.236 µs [698.16 µs, 742.312 µs] 342.682 µs (90.8%)
iast_GLOBAL 552.896 µs [531.304 µs, 574.488 µs] 175.342 µs (46.4%)
iast_HARDCODED_SECRET_DISABLED 507.609 µs [485.81 µs, 529.407 µs] 130.055 µs (34.4%)
iast_INACTIVE 459.036 µs [437.435 µs, 480.637 µs] 81.482 µs (21.6%)
iast_TELEMETRY_OFF 493.639 µs [471.686 µs, 515.592 µs] 116.085 µs (30.7%)
tracing 456.244 µs [434.206 µs, 478.282 µs] 78.69 µs (20.8%)
Request duration reports for petclinic 
gantt title petclinic - request duration [CI 0.99] : candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1 dateFormat X axisFormat %s section baseline no_agent (1.353 ms) : 1334, 1373 . : milestone, 1353, appsec (1.713 ms) : 1689, 1737 . : milestone, 1713, appsec_no_iast (1.752 ms) : 1729, 1776 . : milestone, 1752, code_origins (1.677 ms) : 1650, 1705 . : milestone, 1677, iast (1.506 ms) : 1482, 1531 . : milestone, 1506, profiling (1.528 ms) : 1502, 1554 . : milestone, 1528, tracing (1.469 ms) : 1444, 1494 . : milestone, 1469, section candidate no_agent (1.355 ms) : 1336, 1374 . : milestone, 1355, appsec (1.72 ms) : 1697, 1744 . : milestone, 1720, appsec_no_iast (1.741 ms) : 1717, 1765 . : milestone, 1741, code_origins (1.677 ms) : 1649, 1704 . : milestone, 1677, iast (1.511 ms) : 1486, 1536 . : milestone, 1511, profiling (1.482 ms) : 1459, 1506 . : milestone, 1482, tracing (1.51 ms) : 1484, 1535 . : milestone, 1510,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.353 ms [1.334 ms, 1.373 ms] -
appsec 1.713 ms [1.689 ms, 1.737 ms] 360.087 µs (26.6%)
appsec_no_iast 1.752 ms [1.729 ms, 1.776 ms] 399.342 µs (29.5%)
code_origins 1.677 ms [1.65 ms, 1.705 ms] 324.231 µs (24.0%)
iast 1.506 ms [1.482 ms, 1.531 ms] 153.337 µs (11.3%)
profiling 1.528 ms [1.502 ms, 1.554 ms] 174.806 µs (12.9%)
tracing 1.469 ms [1.444 ms, 1.494 ms] 115.595 µs (8.5%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.355 ms [1.336 ms, 1.374 ms] -
appsec 1.72 ms [1.697 ms, 1.744 ms] 365.338 µs (27.0%)
appsec_no_iast 1.741 ms [1.717 ms, 1.765 ms] 385.753 µs (28.5%)
code_origins 1.677 ms [1.649 ms, 1.704 ms] 321.738 µs (23.7%)
iast 1.511 ms [1.486 ms, 1.536 ms] 155.718 µs (11.5%)
profiling 1.482 ms [1.459 ms, 1.506 ms] 127.503 µs (9.4%)
tracing 1.51 ms [1.484 ms, 1.535 ms] 154.643 µs (11.4%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/iast-fix-before-ctor-callsites
git_commit_date 1742206348 1742209689
git_commit_sha 0bc5b2f 70c362c
release_version 1.48.0-SNAPSHOT~0bc5b2f9a1 1.48.0-SNAPSHOT~70c362cff4
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1742211728 1742211728
ci_job_id 850376073 850376073
ci_pipeline_id 59010422 59010422
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-hvxyazeg-project-304-concurrent-2-gynyd2x2 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-hvxyazeg-project-304-concurrent-2-gynyd2x2 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for biojava 
gantt title biojava - execution time [CI 0.99] : candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1 dateFormat X axisFormat %s section baseline no_agent (14.702 s) : 14702000, 14702000 . : milestone, 14702000, appsec (15.107 s) : 15107000, 15107000 . : milestone, 15107000, iast (18.806 s) : 18806000, 18806000 . : milestone, 18806000, iast_GLOBAL (18.152 s) : 18152000, 18152000 . : milestone, 18152000, profiling (15.053 s) : 15053000, 15053000 . : milestone, 15053000, tracing (15.18 s) : 15180000, 15180000 . : milestone, 15180000, section candidate no_agent (14.805 s) : 14805000, 14805000 . : milestone, 14805000, appsec (15.188 s) : 15188000, 15188000 . : milestone, 15188000, iast (18.711 s) : 18711000, 18711000 . : milestone, 18711000, iast_GLOBAL (17.899 s) : 17899000, 17899000 . : milestone, 17899000, profiling (14.918 s) : 14918000, 14918000 . : milestone, 14918000, tracing (14.783 s) : 14783000, 14783000 . : milestone, 14783000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.702 s [14.702 s, 14.702 s] -
appsec 15.107 s [15.107 s, 15.107 s] 405.0 ms (2.8%)
iast 18.806 s [18.806 s, 18.806 s] 4.104 s (27.9%)
iast_GLOBAL 18.152 s [18.152 s, 18.152 s] 3.45 s (23.5%)
profiling 15.053 s [15.053 s, 15.053 s] 351.0 ms (2.4%)
tracing 15.18 s [15.18 s, 15.18 s] 478.0 ms (3.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.805 s [14.805 s, 14.805 s] -
appsec 15.188 s [15.188 s, 15.188 s] 383.0 ms (2.6%)
iast 18.711 s [18.711 s, 18.711 s] 3.906 s (26.4%)
iast_GLOBAL 17.899 s [17.899 s, 17.899 s] 3.094 s (20.9%)
profiling 14.918 s [14.918 s, 14.918 s] 113.0 ms (0.8%)
tracing 14.783 s [14.783 s, 14.783 s] -22.0 ms (-0.1%)
Execution time for tomcat 
gantt title tomcat - execution time [CI 0.99] : candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1 dateFormat X axisFormat %s section baseline no_agent (1.474 ms) : 1462, 1485 . : milestone, 1474, appsec (2.356 ms) : 2311, 2400 . : milestone, 2356, iast (2.132 ms) : 2076, 2188 . : milestone, 2132, iast_GLOBAL (2.166 ms) : 2110, 2222 . : milestone, 2166, profiling (2.451 ms) : 2271, 2630 . : milestone, 2451, tracing (1.948 ms) : 1905, 1990 . : milestone, 1948, section candidate no_agent (1.472 ms) : 1461, 1484 . : milestone, 1472, appsec (2.332 ms) : 2288, 2375 . : milestone, 2332, iast (2.124 ms) : 2068, 2181 . : milestone, 2124, iast_GLOBAL (2.161 ms) : 2105, 2217 . : milestone, 2161, profiling (1.999 ms) : 1954, 2045 . : milestone, 1999, tracing (1.959 ms) : 1916, 2001 . : milestone, 1959,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.474 ms [1.462 ms, 1.485 ms] -
appsec 2.356 ms [2.311 ms, 2.4 ms] 881.866 µs (59.8%)
iast 2.132 ms [2.076 ms, 2.188 ms] 657.896 µs (44.6%)
iast_GLOBAL 2.166 ms [2.11 ms, 2.222 ms] 691.904 µs (46.9%)
profiling 2.451 ms [2.271 ms, 2.63 ms] 976.659 µs (66.3%)
tracing 1.948 ms [1.905 ms, 1.99 ms] 473.739 µs (32.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.472 ms [1.461 ms, 1.484 ms] -
appsec 2.332 ms [2.288 ms, 2.375 ms] 859.896 µs (58.4%)
iast 2.124 ms [2.068 ms, 2.181 ms] 652.232 µs (44.3%)
iast_GLOBAL 2.161 ms [2.105 ms, 2.217 ms] 689.261 µs (46.8%)
profiling 1.999 ms [1.954 ms, 2.045 ms] 527.144 µs (35.8%)
tracing 1.959 ms [1.916 ms, 2.001 ms] 486.501 µs (33.0%)
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from ee718ed to 5787711 Compare March 13, 2025 12:50
amarziali
amarziali approved these changes Mar 13, 2025
View reviewed changes
Copy link
Contributor

@amarziali amarziali left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix! There are system tests failing but I'm not sure it's related to this
@manuel-alvarez-alvarez
Copy link
Member Author

Thanks for the fix! There are system tests failing but I'm not sure it's related to this

Yep, they are failing because of this PR, but the reason is that the tests are not very good, I'm fixing them.
mcculls
mcculls approved these changes Mar 14, 2025
View reviewed changes
Copy link
Contributor

@mcculls mcculls left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from 5787711 to 3710146 Compare March 14, 2025 11:30
@manuel-alvarez-alvarez manuel-alvarez-alvarez requested a review from a team as a code owner March 14, 2025 11:30
@manuel-alvarez-alvarez manuel-alvarez-alvarez changed the title Prevent before callsites targeting constructors Prevent before callsites targeting constructors in super calls Mar 14, 2025
datadog-datadog-prod-us1[bot]
datadog-datadog-prod-us1 bot reviewed Mar 14, 2025
View reviewed changes
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from 3710146 to d68298f Compare March 14, 2025 11:42
@manuel-alvarez-alvarez
Copy link
Member Author

manuel-alvarez-alvarez commented Mar 14, 2025
edited
Loading

Dear all,

After some discussion we have agreed to only disable the before advice in calls so super in constructors. We cannot migrate the callsites to after advices due to RASP requiring to be executed before in order to protected the application from an attack.

Further work needs to be done in APPSEC-57009
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from d68298f to f06dbea Compare March 14, 2025 11:55
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from f06dbea to d3c4fc1 Compare March 17, 2025 09:36
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from d3c4fc1 to 98981cf Compare March 17, 2025 11:03
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from 98981cf to 70c362c Compare March 17, 2025 11:08
@manuel-alvarez-alvarez manuel-alvarez-alvarez merged commit eb4c52e into master Mar 17, 2025
271 checks passed
@manuel-alvarez-alvarez manuel-alvarez-alvarez deleted the malvarez/iast-fix-before-ctor-callsites branch March 17, 2025 12:46
@github-actions github-actions bot added this to the 1.48.0 milestone Mar 17, 2025
@manuel-alvarez-alvarez manuel-alvarez-alvarez mentioned this pull request Mar 18, 2025
Merged
mtoffl01 pushed a commit that referenced this pull request Mar 24, 2025
@manuel-alvarez-alvarez @mtoffl01
Prevent before callsites targeting constructors in super calls (#8549)
7ff940b 
Prevent before callsites targeting calls to super in constructors
svc-squareup-copybara pushed a commit to cashapp/misk that referenced this pull request Apr 11, 2025
@github-cash-renovate-jvm-2 @svc-squareup-copybara
This PR contains the following updates:
d84dd5e 
| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | org.flywaydb.flyway | plugin | misk/gradle/libs.versions.toml | gradle | minor | `11.6.0` -> `11.7.0` | | [com.squareup.okio:okio-fakefilesystem](https://github.com/square/okio) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.10.2` -> `3.11.0` | | [com.squareup.okio:okio](https://github.com/square/okio) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.10.2` -> `3.11.0` | | [com.autonomousapps.dependency-analysis](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin) | plugin | misk/gradle/libs.versions.toml | gradle | minor | `2.15.0` -> `2.16.0` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.47.3` -> `1.48.1` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.47.3` -> `1.48.1` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | --- ### Release Notes <details> <summary>square/okio (com.squareup.okio:okio-fakefilesystem)</summary> ### [`v3.11.0`](https://github.com/square/okio/blob/HEAD/CHANGELOG.md#Version-3110) *2025-04-09* - Fix: Clear the deflater's byte array reference - New: Faster implementation of `String.decodeHex()` on Kotlin/JS. - New: Declare `EXACTLY_ONCE` execution for blocks like `Closeable.use {}` and `FileSystem.read {}`. - Upgrade: \[Kotlin 2.1.20]\[kotlin\_2\_1\_20]. </details> <details> <summary>autonomousapps/dependency-analysis-android-gradle-plugin (com.autonomousapps.dependency-analysis)</summary> ### [`v2.16.0`](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/blob/HEAD/CHANGELOG.md#Version-2160) - \[Feat]: support `com.android.test` projects. - \[Feat]: support typesafe project accessors with opt-in. ```kotlin dependencyAnalysis { useTypesafeProjectAccessors(true) // false by default } ``` </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.48.1`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.48.1): 1.48.1 ### Components #### Tracer internal logging - 🐛 Remove print line causing unnecessary logs ([#&#8203;8687](DataDog/dd-trace-java#8687) - [@&#8203;sarahchen6](https://github.com/sarahchen6)) ### [`v1.48.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.48.0): 1.48.0 ### Known Bugs > \[!NOTE] > If you are experiencing issues with spamming timeout logs, please update to the [latest version](https://github.com/DataDog/dd-trace-java/releases/latest) or set [JDK_SOCKET_ENABLED](https://github.com/DataDog/dd-trace-java/blob/33fc3c9a9b7cda3beda88b8b3e5224ae2b10764a/dd-trace-api/src/main/java/datadog/trace/api/config/GeneralConfig.java#L98) to false. ### Components #### Application Security Management (IAST) - ✨ Fix vulnerability location org.jose4j.lang.HashUtil ([#&#8203;8610](DataDog/dd-trace-java#8610) - [@&#8203;jandro996](https://github.com/jandro996)) - ✨ Fix weak randomness in oracle.ucp.util.OpaqueString ([#&#8203;8609](DataDog/dd-trace-java#8609) - [@&#8203;jandro996](https://github.com/jandro996)) - ✨ Fix weak hash false positive in oracle.security.o5logon.O5Logon ([#&#8203;8608](DataDog/dd-trace-java#8608) - [@&#8203;jandro996](https://github.com/jandro996)) - 🐛 Prevent before callsites targeting constructors in super calls ([#&#8203;8549](DataDog/dd-trace-java#8549) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### Application Security Management (WAF) - ✨ Update login events public SDK to V2 ([#&#8203;8620](DataDog/dd-trace-java#8620) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - 🐛 Send RASP LFI capability only when AppSec is statically enabled ([#&#8203;8573](DataDog/dd-trace-java#8573) - [@&#8203;jandro996](https://github.com/jandro996)) - ✨ Improve detection of missing request end events ([#&#8203;8510](DataDog/dd-trace-java#8510) - [@&#8203;smola](https://github.com/smola)) - 🧹 Remove remote configuration for API Security sampling rate ([#&#8203;8486](DataDog/dd-trace-java#8486) - [@&#8203;smola](https://github.com/smola)) - ✨ Add setUser to user monitoring SDK ([#&#8203;8482](DataDog/dd-trace-java#8482) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Add missing address for signup event ([#&#8203;8469](DataDog/dd-trace-java#8469) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Allow login events SDK to be used with appsec disabled ([#&#8203;8464](DataDog/dd-trace-java#8464) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Add support for endpoint discovery in spring mvc ([#&#8203;8352](DataDog/dd-trace-java#8352) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ New API Security sampling algorithm ([#&#8203;8178](DataDog/dd-trace-java#8178) - [@&#8203;ValentinZakharov](https://github.com/ValentinZakharov)) #### Build & Tooling - ✨ Add buffer size customizability to JDK UDS support ([#&#8203;8629](DataDog/dd-trace-java#8629) - [@&#8203;sarahchen6](https://github.com/sarahchen6)) - ✨ Add JDK built-in support for UDS on Java 16+ ([#&#8203;8314](DataDog/dd-trace-java#8314) - [@&#8203;sarahchen6](https://github.com/sarahchen6)) #### Configuration at Runtime - 🐛 Send RASP LFI capability only when AppSec is statically enabled ([#&#8203;8573](DataDog/dd-trace-java#8573) - [@&#8203;jandro996](https://github.com/jandro996)) #### Continuous Integration Visibility - 🐛 Prevent double reporting of Scalatest events when using SBT with test forking ([#&#8203;8682](DataDog/dd-trace-java#8682) - [@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Shutdown CI Visibility test event handlers before tracer ([#&#8203;8677](DataDog/dd-trace-java#8677) - [@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Do not apply JUnit 4 instrumentation to MUnit runners ([#&#8203;8675](DataDog/dd-trace-java#8675), [#&#8203;8683](DataDog/dd-trace-java#8683) - [@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Remove error log when source path resolution fails on isModified check ([#&#8203;8663](DataDog/dd-trace-java#8663) - [@&#8203;daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Implement tests reordering for JUnit 4 ([#&#8203;8650](DataDog/dd-trace-java#8650) - [@&#8203;daniel-mohedano](https://github.com/daniel-mohedano)) - 🐛 Set default Attempt to Fix retries if none provided from the backend ([#&#8203;8615](DataDog/dd-trace-java#8615) - [@&#8203;daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Allow to manually set PR info ([#&#8203;8566](DataDog/dd-trace-java#8566) - [@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Fix Test Optimization init when repo root cannot be determined ([#&#8203;8533](DataDog/dd-trace-java#8533) - [@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add capabilities tagging ([#&#8203;8499](DataDog/dd-trace-java#8499), [#&#8203;8540](DataDog/dd-trace-java#8540) - [@&#8203;daniel-mohedano](https://github.com/daniel-mohedano)) #### Crash tracking - 🐛 Remove dependency on bash from crash/oome uploder scripts ([#&#8203;8652](DataDog/dd-trace-java#8652) - [@&#8203;jbachorik](https://github.com/jbachorik)) #### Data Streams Monitoring - ✨ e2e pipeline configuration when data jobs is enabled ([#&#8203;8553](DataDog/dd-trace-java#8553) - [@&#8203;kr-igor](https://github.com/kr-igor)) #### Dynamic Instrumentation - 🐛 Fix In-Product when config is empty ([#&#8203;8679](DataDog/dd-trace-java#8679) - [@&#8203;jpbempel](https://github.com/jpbempel)) - ✨ Add support for filtering shaded third-party libs ([#&#8203;8612](DataDog/dd-trace-java#8612) - [@&#8203;jpbempel](https://github.com/jpbempel)) - ✨ Add In-Product Enablement ([#&#8203;8587](DataDog/dd-trace-java#8587) - [@&#8203;jpbempel](https://github.com/jpbempel)) - ✨⚡ Reduce footprint of SourceFile tracking ([#&#8203;8524](DataDog/dd-trace-java#8524) - [@&#8203;jpbempel](https://github.com/jpbempel)) - ✨⚡ Optimize the SourceFile tracking ([#&#8203;8520](DataDog/dd-trace-java#8520) - [@&#8203;jpbempel](https://github.com/jpbempel)) #### OpenTracing - 🧹 Remove activeScope() use in OpenTracing shim ([#&#8203;8478](DataDog/dd-trace-java#8478) - [@&#8203;mcculls](https://github.com/mcculls)) #### Profiling - ✨ Add profiler env check command to AgentCLI ([#&#8203;8671](DataDog/dd-trace-java#8671) - [@&#8203;jbachorik](https://github.com/jbachorik)) - ✨ Bump ddprof to 1.23.0 ([#&#8203;8668](DataDog/dd-trace-java#8668) - [@&#8203;jbachorik](https://github.com/jbachorik)) - Fix a crash related to ElfParser::loadSymbolTable ([#&#8203;191](DataDog/dd-trace-java#191)) by [@&#8203;yanglong1010](https://github.com/yanglong1010) in DataDog/java-profiler#192 - Unwind String.indexOf intrinsic on AArch64 by [@&#8203;MattAlp](https://github.com/MattAlp) in DataDog/java-profiler#193 - Fix Java 24 support by [@&#8203;jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#194 - A set of fixes related to clang, aarch64 and musl pecularities of vmstructs stack unwinder by [@&#8203;jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#199 - 🐛 Remove process information from JFR recording ([#&#8203;8661](DataDog/dd-trace-java#8661) - [@&#8203;r1viollet](https://github.com/r1viollet)) - 🐛 Make TempLocationManager USER aware ([#&#8203;8605](DataDog/dd-trace-java#8605) - [@&#8203;jbachorik](https://github.com/jbachorik)) - ✨ Extract git tags from embedded git.properties and datadog_git.properties ([#&#8203;8561](DataDog/dd-trace-java#8561) - [@&#8203;wmouchere](https://github.com/wmouchere)) #### Telemetry - 🐛 Fix appsec.rasp.error and appsec.waf.error telemetry metrics ([#&#8203;8624](DataDog/dd-trace-java#8624) - [@&#8203;jandro996](https://github.com/jandro996)) - ✨ Create metric: appsec.rasp.rule.skipped ([#&#8203;8618](DataDog/dd-trace-java#8618) - [@&#8203;jandro996](https://github.com/jandro996)) - ✨ Extract git tags from embedded git.properties and datadog_git.properties ([#&#8203;8561](DataDog/dd-trace-java#8561) - [@&#8203;wmouchere](https://github.com/wmouchere)) #### Testing - 🧹 Simplify ssi tests one-pipeline ([#&#8203;8558](DataDog/dd-trace-java#8558) - [@&#8203;robertomonteromiguel](https://github.com/robertomonteromiguel)) - ✨ Add smoke tests for java's concurrent API ([#&#8203;8438](DataDog/dd-trace-java#8438) - [@&#8203;sarahchen6](https://github.com/sarahchen6)) #### Trace context propagation - ✨ Adding Support for `TRACE_PROPAGATION_BEHAVIOR_EXTRACT` ([#&#8203;8535](DataDog/dd-trace-java#8535) - [@&#8203;mhlidd](https://github.com/mhlidd)) #### Tracer core - 🐛 Ensure shaded helpers have unique names ([#&#8203;8559](DataDog/dd-trace-java#8559) - [@&#8203;amarziali](https://github.com/amarziali)) - ✨ Support common config sources for user-provided git info ([#&#8203;8547](DataDog/dd-trace-java#8547) - [@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Make the default config sources more robust when a security manager is installed ([#&#8203;8544](DataDog/dd-trace-java#8544) - [@&#8203;mcculls](https://github.com/mcculls)) - ✨ Support targeting services with configurations in stable configuration file ([#&#8203;8526](DataDog/dd-trace-java#8526) - [@&#8203;mtoffl01](https://github.com/mtoffl01)) - ✨ Add new parser for `DD_TAGS` and prioritizing `DD_SERVICE` ([#&#8203;8296](DataDog/dd-trace-java#8296) - [@&#8203;mhlidd](https://github.com/mhlidd)) #### Tracer internal logging - 🐛 Add missing debug log for the cloudPayloadTaggingServices config ([#&#8203;8600](DataDog/dd-trace-java#8600) - [@&#8203;ygree](https://github.com/ygree)) - ✨ Add the possibility to output the logs of the Java tracer in JSON ([#&#8203;8083](DataDog/dd-trace-java#8083) - [@&#8203;cecile75](https://github.com/cecile75)) #### Tracer public API - ✨ Introducing `DD_TRACE_EXPERIMENTAL_FEATURES_ENABLED` Config ([#&#8203;8536](DataDog/dd-trace-java#8536) - [@&#8203;mhlidd](https://github.com/mhlidd)) - ✨ Config Consistency Round 2 ([#&#8203;8489](DataDog/dd-trace-java#8489) - [@&#8203;mhlidd](https://github.com/mhlidd)) ### Instrumentations #### - 🐛 Fix NPE in getMdcCopy of LoggingEventInstrumentation ([#&#8203;8599](DataDog/dd-trace-java#8599) - [@&#8203;ygree](https://github.com/ygree)) #### Apache Spark instrumentation - ✨ Instrument Runtime.exit() to finish spark application spans ([#&#8203;8572](DataDog/dd-trace-java#8572) - [@&#8203;paul-laffon-dd](https://github.com/paul-laffon-dd)) - ✨ Configure OpenLineage if present in Spark instrumentation ([#&#8203;8541](DataDog/dd-trace-java#8541) - [@&#8203;mobuchowski](https://github.com/mobuchowski)) #### Armeria Instrumentation - ✨ Support armeria grpc 1.32.3 ([#&#8203;8606](DataDog/dd-trace-java#8606) - [@&#8203;github-actions](https://github.com/github-actions)\[bot]) #### AWS DynamoDB Instrumentation - ✨ Create DynamoDB instrumentation + add span pointers for `updateItem` and `deleteItem` ([#&#8203;8490](DataDog/dd-trace-java#8490) - [@&#8203;nhulston](https://github.com/nhulston)) #### AWS SDK instrumentation - ✨ Add DynamoDB in DEFAULT_TRACE_CLOUD_PAYLOAD_TAGGING_SERVICES ([#&#8203;8595](DataDog/dd-trace-java#8595) - [@&#8203;joeyzhao2018](https://github.com/joeyzhao2018)) #### Azure Functions instrumentation - ✨ Enable tracer computed trace metrics by default for Azure Functions ([#&#8203;8518](DataDog/dd-trace-java#8518) - [@&#8203;duncanpharvey](https://github.com/duncanpharvey)) - 💡 Add azure-functions instrumentation ([#&#8203;8432](DataDog/dd-trace-java#8432) - [@&#8203;duncanpharvey](https://github.com/duncanpharvey)) #### Core Java language instrumentation - 🐛 Fix ForkJoinPool.execute() instrumentation on Java 21+ ([#&#8203;8560](DataDog/dd-trace-java#8560) - [@&#8203;PerfectSlayer](https://github.com/PerfectSlayer)) #### Eclipse Vert.x instrumentation - ✨ Add vertx postgresql client instrumentation ([#&#8203;8471](DataDog/dd-trace-java#8471) - [@&#8203;vandonr](https://github.com/vandonr) - thanks for the contribution!) #### Kafka instrumentation - ✨ Support and test kafka-clients 4 ([#&#8203;8581](DataDog/dd-trace-java#8581) - [@&#8203;amarziali](https://github.com/amarziali)) #### Kotlin instrumentation - ✨ Avoid disconnected traces when using Kotlin flowOn ([#&#8203;8651](DataDog/dd-trace-java#8651) - [@&#8203;mcculls](https://github.com/mcculls)) #### OpenTelemetry instrumentation - 🧹 Migrate OtelContext wrapper to new internal Context API ([#&#8203;8645](DataDog/dd-trace-java#8645) - [@&#8203;mcculls](https://github.com/mcculls)) #### Spring instrumentation - 🐛 Support CompletableFuture on spring webmvc controllers ([#&#8203;8659](DataDog/dd-trace-java#8659) - [@&#8203;amarziali](https://github.com/amarziali)) - ✨ Add support for endpoint discovery in spring mvc ([#&#8203;8352](DataDog/dd-trace-java#8352) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### WebSocket Instrumentation - ✨ Instrument Jetty websocket pojo ([#&#8203;8562](DataDog/dd-trace-java#8562) - [@&#8203;amarziali](https://github.com/amarziali)) - 💡 Instrument Java Websocket API (JSR356) ([#&#8203;8440](DataDog/dd-trace-java#8440) - [@&#8203;amarziali](https://github.com/amarziali)) #### All other instrumentations - ✨ Introduce cache for peer.hostname lookup ([#&#8203;8601](DataDog/dd-trace-java#8601) - [@&#8203;mcculls](https://github.com/mcculls)) - ✨ Support pekko http 1.1 ([#&#8203;8532](DataDog/dd-trace-java#8532) - [@&#8203;amarziali](https://github.com/amarziali)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 331314f71acaced3adc75ea5d7e855c248d593fc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

comp: asm iast Application Security Management (IAST) type: bug Bug report and fix

5 participants

@manuel-alvarez-alvarez @smola @mcculls @amarziali @jandro996