Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ASM][IAST] Hardcoded secrets #4666

Merged
merged 12 commits into from
Nov 8, 2023
Merged

[ASM][IAST] Hardcoded secrets #4666

merged 12 commits into from
Nov 8, 2023

Conversation

daniel-romano-DD
Copy link
Contributor

Summary of changes

Added the detection of hardcoded secrets vulnerability in the source code.

Reason for change

Details in this RFC

Implementation details

Retrieve all the strings loaded by LDSTR instructions in native. A thread in managed polls for these strings and checks them against a set of Regexes to look for secrets

Test coverage

Added integration and unit tests

Other details

Used a custom tool to semi automatically import the regexes in gitleaks

@daniel-romano-DD daniel-romano-DD changed the title [ASM0 Hardcoded secrets [ASM] Hardcoded secrets Sep 28, 2023
@andrewlock
Copy link
Member

andrewlock commented Sep 28, 2023
edited
Loading

Execution-Time Benchmarks Report ⏱️

Execution-time results for samples comparing the following branches/commits:

Execution-time benchmarks measure the whole time it takes to execute a program. And are intended to measure the one-off costs. Cases where the execution time results for the PR are worse than latest master results are shown in red. The following thresholds were used for comparing the execution times:

  • Welch test with statistical test for significance of 5%
  • Only results indicating a difference greater than 5% and 5 ms are considered.

Note that these results are based on a single point-in-time result for each branch. For full results, see the dashboard.

Graphs show the p99 interval based on the mean and StdDev of the test run, as well as the mean value of the run (shown as a diamond below the graph).

gantt
    title Execution time (ms) FakeDbCommand (.NET Framework 4.6.2) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (4666) - mean (72ms)  : 64, 80
     .   : milestone, 72,
    master - mean (70ms)  : 63, 78
     .   : milestone, 70,

    section CallTarget+Inlining+NGEN
    This PR (4666) - mean (1,000ms)  : 983, 1018
     .   : milestone, 1000,
    master - mean (998ms)  : 981, 1015
     .   : milestone, 998,
Loading 
gantt
    title Execution time (ms) FakeDbCommand (.NET Core 3.1) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (4666) - mean (106ms)  : 102, 109
     .   : milestone, 106,
    master - mean (106ms)  : 103, 108
     .   : milestone, 106,

    section CallTarget+Inlining+NGEN
    This PR (4666) - mean (689ms)  : 668, 710
     .   : milestone, 689,
    master - mean (684ms)  : 664, 705
     .   : milestone, 684,
Loading 
gantt
    title Execution time (ms) FakeDbCommand (.NET 6) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (4666) - mean (89ms)  : 86, 93
     .   : milestone, 89,
    master - mean (90ms)  : 87, 92
     .   : milestone, 90,

    section CallTarget+Inlining+NGEN
    This PR (4666) - mean (663ms)  : 638, 688
     .   : milestone, 663,
    master - mean (660ms)  : 636, 683
     .   : milestone, 660,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET Framework 4.6.2) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (4666) - mean (188ms)  : 185, 190
     .   : milestone, 188,
    master - mean (187ms)  : 185, 190
     .   : milestone, 187,

    section CallTarget+Inlining+NGEN
    This PR (4666) - mean (1,100ms)  : 1079, 1121
     .   : milestone, 1100,
    master - mean (1,096ms)  : 1078, 1114
     .   : milestone, 1096,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET Core 3.1) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (4666) - mean (271ms)  : 267, 276
     .   : milestone, 271,
    master - mean (272ms)  : 267, 277
     .   : milestone, 272,

    section CallTarget+Inlining+NGEN
    This PR (4666) - mean (1,045ms)  : 1022, 1067
     .   : milestone, 1045,
    master - mean (1,050ms)  : 1034, 1066
     .   : milestone, 1050,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET 6) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (4666) - mean (263ms)  : 260, 266
     .   : milestone, 263,
    master - mean (263ms)  : 259, 266
     .   : milestone, 263,

    section CallTarget+Inlining+NGEN
    This PR (4666) - mean (1,018ms)  : 997, 1039
     .   : milestone, 1018,
    master - mean (1,027ms)  : 1001, 1053
     .   : milestone, 1027,
Loading

@andrewlock
Copy link
Member

andrewlock commented Sep 28, 2023
edited
Loading

Benchmarks Report 🐌

Benchmarks for #4666 compared to master:

  • 2 benchmarks are faster, with geometric mean 1.322
  • 5 benchmarks are slower, with geometric mean 1.184
  • 1 benchmarks have more allocations

The following thresholds were used for comparing the benchmark speeds:

  • Mann–Whitney U test with statistical test for significance of 5%
  • Only results indicating a difference greater than 10% and 0.3 ns are considered.

Allocation changes below 0.5% are ignored.

Benchmark details

Benchmarks.Trace.ActivityBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StartStopWithChild net6.0 8.16μs 45.5ns 309ns 0.0323 0.0121 0 7.29 KB
master StartStopWithChild netcoreapp3.1 10.1μs 56.6ns 367ns 0.0286 0.0143 0.00477 7.38 KB
master StartStopWithChild net472 15.6μs 47.7ns 185ns 1.26 0.295 0.0832 7.66 KB
#4666 StartStopWithChild net6.0 8.14μs 44.1ns 250ns 0.0326 0.0163 0 7.29 KB
#4666 StartStopWithChild netcoreapp3.1 10.1μs 55.1ns 326ns 0.0299 0.015 0 7.39 KB
#4666 StartStopWithChild net472 15.8μs 57.5ns 223ns 1.27 0.309 0.0849 7.66 KB
Benchmarks.Trace.AgentWriterBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master WriteAndFlushEnrichedTraces net6.0 487μs 77.2ns 278ns 0 0 0 2.7 KB
master WriteAndFlushEnrichedTraces netcoreapp3.1 636μs 114ns 412ns 0 0 0 2.7 KB
master WriteAndFlushEnrichedTraces net472 804μs 262ns 979ns 0.401 0 0 3.3 KB
#4666 WriteAndFlushEnrichedTraces net6.0 468μs 155ns 581ns 0 0 0 2.7 KB
#4666 WriteAndFlushEnrichedTraces netcoreapp3.1 629μs 212ns 794ns 0 0 0 2.7 KB
#4666 WriteAndFlushEnrichedTraces net472 800μs 280ns 1.09μs 0.398 0 0 3.3 KB
Benchmarks.Trace.Asm.AppSecBodyBenchmark - Faster 🎉 Same allocations ✔️

Faster 🎉 in #4666

Benchmark base/diff Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.Asm.AppSecBodyBenchmark.ObjectExtractorSimpleBody‑net6.0 1.370 175.86 128.37

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master AllCycleSimpleBody net6.0 42.5μs 37.6ns 146ns 0.0212 0 0 2.03 KB
master AllCycleSimpleBody netcoreapp3.1 44.4μs 47.4ns 237ns 0.0222 0 0 2.01 KB
master AllCycleSimpleBody net472 46.9μs 19.4ns 75.1ns 0.328 0 0 2.08 KB
master AllCycleMoreComplexBody net6.0 229μs 98ns 380ns 0 0 0 8.63 KB
master AllCycleMoreComplexBody netcoreapp3.1 235μs 212ns 793ns 0.117 0 0 8.52 KB
master AllCycleMoreComplexBody net472 240μs 132ns 511ns 1.32 0 0 8.7 KB
master ObjectExtractorSimpleBody net6.0 176ns 0.067ns 0.251ns 0.00395 0 0 280 B
master ObjectExtractorSimpleBody netcoreapp3.1 179ns 0.187ns 0.726ns 0.00378 0 0 272 B
master ObjectExtractorSimpleBody net472 148ns 0.123ns 0.477ns 0.0446 0 0 281 B
master ObjectExtractorMoreComplexBody net6.0 3.01μs 1.82ns 6.81ns 0.0541 0 0 3.88 KB
master ObjectExtractorMoreComplexBody netcoreapp3.1 4.21μs 1.61ns 6.23ns 0.0509 0 0 3.78 KB
master ObjectExtractorMoreComplexBody net472 4.17μs 2.92ns 11.3ns 0.617 0.00625 0 3.89 KB
#4666 AllCycleSimpleBody net6.0 44μs 61.1ns 229ns 0.0221 0 0 2.03 KB
#4666 AllCycleSimpleBody netcoreapp3.1 45.8μs 108ns 406ns 0.0228 0 0 2.01 KB
#4666 AllCycleSimpleBody net472 46.8μs 83.8ns 325ns 0.321 0 0 2.08 KB
#4666 AllCycleMoreComplexBody net6.0 228μs 86.8ns 336ns 0.114 0 0 8.63 KB
#4666 AllCycleMoreComplexBody netcoreapp3.1 235μs 156ns 583ns 0.118 0 0 8.52 KB
#4666 AllCycleMoreComplexBody net472 240μs 87.7ns 340ns 1.31 0 0 8.7 KB
#4666 ObjectExtractorSimpleBody net6.0 128ns 0.0905ns 0.339ns 0.00397 0 0 280 B
#4666 ObjectExtractorSimpleBody netcoreapp3.1 171ns 0.131ns 0.508ns 0.00372 0 0 272 B
#4666 ObjectExtractorSimpleBody net472 145ns 0.133ns 0.514ns 0.0446 0 0 281 B
#4666 ObjectExtractorMoreComplexBody net6.0 3.01μs 1.53ns 5.71ns 0.0544 0 0 3.88 KB
#4666 ObjectExtractorMoreComplexBody netcoreapp3.1 4.4μs 2.68ns 10.4ns 0.0505 0 0 3.78 KB
#4666 ObjectExtractorMoreComplexBody net472 4.2μs 2.66ns 9.95ns 0.618 0.00626 0 3.89 KB
Benchmarks.Trace.Asm.AppSecWafBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master RunWaf(args=NestedMap (10)) net6.0 12.6μs 2.82ns 9.76ns 0.132 0 0 9.42 KB
master RunWaf(args=NestedMap (10)) netcoreapp3.1 19.4μs 5.66ns 21.2ns 0.126 0 0 9.42 KB
master RunWaf(args=NestedMap (10)) net472 28.1μs 4.49ns 16.2ns 1.5 0 0 9.48 KB
master RunWafWithAttack(args=Neste(...)tack) [22]) net6.0 77.1μs 28.2ns 106ns 0.193 0 0 15.77 KB
master RunWafWithAttack(args=Neste(...)tack) [22]) netcoreapp3.1 85.1μs 94.4ns 366ns 0.216 0 0 15.72 KB
master RunWafWithAttack(args=Neste(...)tack) [22]) net472 98.5μs 178ns 691ns 2.52 0 0 16.04 KB
master RunWaf(args=NestedMap (100)) net6.0 23.9μs 8.25ns 31.9ns 0.274 0 0 19.66 KB
master RunWaf(args=NestedMap (100)) netcoreapp3.1 37.7μs 12.6ns 47ns 0.264 0 0 20.42 KB
master RunWaf(args=NestedMap (100)) net472 54.8μs 22ns 85.3ns 3.26 0.0274 0 20.63 KB
master RunWafWithAttack(args=Neste(...)tack) [23]) net6.0 90.9μs 41.7ns 161ns 0.363 0 0 26.01 KB
master RunWafWithAttack(args=Neste(...)tack) [23]) netcoreapp3.1 109μs 83.6ns 324ns 0.331 0 0 26.72 KB
master RunWafWithAttack(args=Neste(...)tack) [23]) net472 133μs 81.4ns 315ns 4.27 0.0667 0 27.19 KB
master RunWaf(args=NestedMap (20)) net6.0 23.6μs 7.29ns 28.2ns 0.272 0 0 19.4 KB
master RunWaf(args=NestedMap (20)) netcoreapp3.1 37.3μs 14.8ns 57.4ns 0.261 0 0 19.84 KB
master RunWaf(args=NestedMap (20)) net472 53.6μs 24.2ns 93.9ns 3.18 0.0534 0 20.04 KB
master RunWafWithAttack(args=Neste(...)tack) [22]) net6.0 92.4μs 99ns 384ns 0.369 0 0 25.74 KB
master RunWafWithAttack(args=Neste(...)tack) [22]) netcoreapp3.1 108μs 96.4ns 334ns 0.325 0 0 26.14 KB
master RunWafWithAttack(args=Neste(...)tack) [22]) net472 130μs 74.8ns 280ns 4.16 0.065 0 26.6 KB
#4666 RunWaf(args=NestedMap (10)) net6.0 12.6μs 3.47ns 13ns 0.131 0 0 9.42 KB
#4666 RunWaf(args=NestedMap (10)) netcoreapp3.1 19.6μs 7.43ns 26.8ns 0.127 0 0 9.42 KB
#4666 RunWaf(args=NestedMap (10)) net472 28.7μs 12.1ns 46.7ns 1.5 0 0 9.48 KB
#4666 RunWafWithAttack(args=Neste(...)tack) [22]) net6.0 77.5μs 31.6ns 118ns 0.231 0 0 15.77 KB
#4666 RunWafWithAttack(args=Neste(...)tack) [22]) netcoreapp3.1 85.7μs 83.4ns 301ns 0.213 0 0 15.72 KB
#4666 RunWafWithAttack(args=Neste(...)tack) [22]) net472 99.7μs 60.4ns 234ns 2.52 0 0 16.04 KB
#4666 RunWaf(args=NestedMap (100)) net6.0 23.9μs 8.67ns 32.5ns 0.276 0 0 19.66 KB
#4666 RunWaf(args=NestedMap (100)) netcoreapp3.1 38.2μs 18.3ns 71ns 0.287 0 0 20.42 KB
#4666 RunWaf(args=NestedMap (100)) net472 54.6μs 16.2ns 62.8ns 3.27 0.0545 0 20.63 KB
#4666 RunWafWithAttack(args=Neste(...)tack) [23]) net6.0 92.5μs 114ns 442ns 0.371 0 0 26.01 KB
#4666 RunWafWithAttack(args=Neste(...)tack) [23]) netcoreapp3.1 111μs 557ns 2.49μs 0.325 0 0 26.72 KB
#4666 RunWafWithAttack(args=Neste(...)tack) [23]) net472 130μs 89.9ns 348ns 4.3 0.0651 0 27.19 KB
#4666 RunWaf(args=NestedMap (20)) net6.0 24μs 7.36ns 27.5ns 0.274 0 0 19.4 KB
#4666 RunWaf(args=NestedMap (20)) netcoreapp3.1 37.7μs 7.01ns 25.3ns 0.264 0 0 19.84 KB
#4666 RunWaf(args=NestedMap (20)) net472 54μs 12.7ns 47.4ns 3.18 0.0544 0 20.04 KB
#4666 RunWafWithAttack(args=Neste(...)tack) [22]) net6.0 92.4μs 150ns 581ns 0.366 0 0 25.74 KB
#4666 RunWafWithAttack(args=Neste(...)tack) [22]) netcoreapp3.1 111μs 246ns 953ns 0.328 0 0 26.14 KB
#4666 RunWafWithAttack(args=Neste(...)tack) [22]) net472 128μs 69.2ns 259ns 4.22 0.0639 0 26.6 KB
Benchmarks.Trace.AspNetCoreBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendRequest net6.0 170μs 194ns 752ns 0.254 0 0 18.04 KB
master SendRequest netcoreapp3.1 191μs 307ns 1.19μs 0.19 0 0 20.2 KB
master SendRequest net472 0.000313ns 0.000174ns 0.000652ns 0 0 0 0 b
#4666 SendRequest net6.0 171μs 155ns 599ns 0.171 0 0 18.04 KB
#4666 SendRequest netcoreapp3.1 192μs 198ns 765ns 0.19 0 0 20.2 KB
#4666 SendRequest net472 0.000361ns 0.000147ns 0.00057ns 0 0 0 0 b
Benchmarks.Trace.CIVisibilityProtocolWriterBenchmark - Same speed ✔️ More allocations ⚠️

More allocations ⚠️ in #4666

Benchmark Base Allocated Diff Allocated Change Change %
Benchmarks.Trace.CIVisibilityProtocolWriterBenchmark.WriteAndFlushEnrichedTraces‑net6.0 41.57 KB 41.83 KB 262 B 0.63%

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master WriteAndFlushEnrichedTraces net6.0 542μs 435ns 1.57μs 0.558 0 0 41.57 KB
master WriteAndFlushEnrichedTraces netcoreapp3.1 652μs 1.08μs 4.2μs 0.327 0 0 41.65 KB
master WriteAndFlushEnrichedTraces net472 863μs 4.22μs 17.4μs 8.08 2.55 0.425 53.26 KB
#4666 WriteAndFlushEnrichedTraces net6.0 563μs 1.06μs 4.09μs 0.553 0 0 41.83 KB
#4666 WriteAndFlushEnrichedTraces netcoreapp3.1 658μs 320ns 1.24μs 0.327 0 0 41.79 KB
#4666 WriteAndFlushEnrichedTraces net472 857μs 3.98μs 15.4μs 8.45 2.53 0.422 53.26 KB
Benchmarks.Trace.DbCommandBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master ExecuteNonQuery net6.0 1.06μs 0.61ns 2.36ns 0.0107 0 0 768 B
master ExecuteNonQuery netcoreapp3.1 1.36μs 0.496ns 1.92ns 0.0102 0 0 768 B
master ExecuteNonQuery net472 1.67μs 1.06ns 4.11ns 0.115 0 0 730 B
#4666 ExecuteNonQuery net6.0 1μs 1.11ns 3.98ns 0.0105 0 0 768 B
#4666 ExecuteNonQuery netcoreapp3.1 1.26μs 0.651ns 2.52ns 0.0101 0 0 768 B
#4666 ExecuteNonQuery net472 1.66μs 0.743ns 2.68ns 0.115 0 0 730 B
Benchmarks.Trace.ElasticsearchBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master CallElasticsearch net6.0 1.11μs 0.345ns 1.34ns 0.013 0 0 936 B
master CallElasticsearch netcoreapp3.1 1.4μs 0.524ns 2.03ns 0.0127 0 0 936 B
master CallElasticsearch net472 2.38μs 0.734ns 2.84ns 0.151 0 0 955 B
master CallElasticsearchAsync net6.0 1.2μs 0.519ns 1.94ns 0.0125 0 0 912 B
master CallElasticsearchAsync netcoreapp3.1 1.47μs 0.719ns 2.69ns 0.0132 0 0 984 B
master CallElasticsearchAsync net472 2.49μs 0.503ns 1.81ns 0.16 0 0 1.01 KB
#4666 CallElasticsearch net6.0 1.07μs 0.69ns 2.67ns 0.0131 0 0 936 B
#4666 CallElasticsearch netcoreapp3.1 1.36μs 1.67ns 6.26ns 0.0129 0 0 936 B
#4666 CallElasticsearch net472 2.27μs 1.22ns 4.73ns 0.152 0.00116 0 955 B
#4666 CallElasticsearchAsync net6.0 1.3μs 0.435ns 1.57ns 0.0129 0 0 912 B
#4666 CallElasticsearchAsync netcoreapp3.1 1.41μs 0.484ns 1.87ns 0.0133 0 0 984 B
#4666 CallElasticsearchAsync net472 2.43μs 1.14ns 4.41ns 0.16 0 0 1.01 KB
Benchmarks.Trace.GraphQLBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master ExecuteAsync net6.0 1.13μs 0.671ns 2.51ns 0.0124 0 0 912 B
master ExecuteAsync netcoreapp3.1 1.34μs 0.624ns 2.34ns 0.0122 0 0 912 B
master ExecuteAsync net472 1.68μs 0.607ns 2.35ns 0.139 0.000837 0 875 B
#4666 ExecuteAsync net6.0 1.2μs 0.613ns 2.29ns 0.0128 0 0 912 B
#4666 ExecuteAsync netcoreapp3.1 1.46μs 0.522ns 1.95ns 0.0125 0 0 912 B
#4666 ExecuteAsync net472 1.63μs 0.478ns 1.85ns 0.139 0 0 875 B
Benchmarks.Trace.HttpClientBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendAsync net6.0 3.83μs 1.69ns 6.56ns 0.0268 0 0 1.9 KB
master SendAsync netcoreapp3.1 4.53μs 14.1ns 54.5ns 0.033 0 0 2.43 KB
master SendAsync net472 7.06μs 3.61ns 14ns 0.475 0 0 2.99 KB
#4666 SendAsync net6.0 3.72μs 2.27ns 8.18ns 0.0264 0 0 1.9 KB
#4666 SendAsync netcoreapp3.1 4.53μs 2.22ns 8.31ns 0.0317 0 0 2.43 KB
#4666 SendAsync net472 7.07μs 2.23ns 8.34ns 0.473 0 0 2.99 KB
Benchmarks.Trace.ILoggerBenchmark - Slower ⚠️ Same allocations ✔️

Slower ⚠️ in #4666

Benchmark diff/base Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.ILoggerBenchmark.EnrichedLog‑net6.0 1.219 1,289.48 1,571.63

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 1.29μs 0.87ns 3.26ns 0.0221 0 0 1.57 KB
master EnrichedLog netcoreapp3.1 1.94μs 0.811ns 3.03ns 0.0211 0 0 1.57 KB
master EnrichedLog net472 2.29μs 0.995ns 3.59ns 0.236 0 0 1.49 KB
#4666 EnrichedLog net6.0 1.56μs 4.18ns 16.2ns 0.0215 0 0 1.57 KB
#4666 EnrichedLog netcoreapp3.1 1.85μs 0.858ns 3.21ns 0.0211 0 0 1.57 KB
#4666 EnrichedLog net472 2.24μs 2.69ns 10.1ns 0.236 0 0 1.49 KB
Benchmarks.Trace.Log4netBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 113μs 107ns 416ns 0.0563 0 0 4.21 KB
master EnrichedLog netcoreapp3.1 117μs 73ns 273ns 0 0 0 4.21 KB
master EnrichedLog net472 149μs 54.2ns 210ns 0.668 0.223 0 4.38 KB
#4666 EnrichedLog net6.0 114μs 118ns 458ns 0.0568 0 0 4.21 KB
#4666 EnrichedLog netcoreapp3.1 116μs 218ns 844ns 0.058 0 0 4.21 KB
#4666 EnrichedLog net472 149μs 131ns 491ns 0.662 0.221 0 4.38 KB
Benchmarks.Trace.NLogBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 2.95μs 0.811ns 3.14ns 0.0295 0 0 2.13 KB
master EnrichedLog netcoreapp3.1 3.71μs 1.05ns 4.05ns 0.028 0 0 2.13 KB
master EnrichedLog net472 4.63μs 1.27ns 4.58ns 0.307 0 0 1.93 KB
#4666 EnrichedLog net6.0 2.82μs 1.46ns 5.65ns 0.0286 0 0 2.13 KB
#4666 EnrichedLog netcoreapp3.1 3.91μs 7.6ns 29.4ns 0.0284 0 0 2.13 KB
#4666 EnrichedLog net472 4.44μs 1.1ns 4.27ns 0.306 0 0 1.93 KB
Benchmarks.Trace.RedisBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendReceive net6.0 1.32μs 0.875ns 3.39ns 0.0156 0 0 1.1 KB
master SendReceive netcoreapp3.1 1.63μs 0.965ns 3.74ns 0.0151 0 0 1.1 KB
master SendReceive net472 2μs 2.43ns 9.4ns 0.177 0 0 1.12 KB
#4666 SendReceive net6.0 1.31μs 1.14ns 4.12ns 0.0157 0 0 1.1 KB
#4666 SendReceive netcoreapp3.1 1.6μs 0.328ns 1.27ns 0.0151 0 0 1.1 KB
#4666 SendReceive net472 1.91μs 1.99ns 7.7ns 0.177 0.000951 0 1.12 KB
Benchmarks.Trace.SerilogBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 2.6μs 1.94ns 7.5ns 0.0207 0 0 1.53 KB
master EnrichedLog netcoreapp3.1 3.44μs 1.32ns 4.95ns 0.0206 0 0 1.58 KB
master EnrichedLog net472 4.09μs 1.43ns 5.53ns 0.309 0 0 1.96 KB
#4666 EnrichedLog net6.0 2.57μs 0.69ns 2.67ns 0.0207 0 0 1.53 KB
#4666 EnrichedLog netcoreapp3.1 3.53μs 1.72ns 5.96ns 0.0212 0 0 1.58 KB
#4666 EnrichedLog net472 4μs 1.95ns 7.55ns 0.309 0 0 1.96 KB
Benchmarks.Trace.SpanBenchmark - Slower ⚠️ Same allocations ✔️

Slower ⚠️ in #4666

Benchmark diff/base Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.SpanBenchmark.StartFinishScope‑net6.0 1.196 499.85 597.81
Benchmarks.Trace.SpanBenchmark.StartFinishSpan‑net6.0 1.196 387.55 463.42
Benchmarks.Trace.SpanBenchmark.StartFinishScope‑net472 1.152 849.86 978.81

Faster 🎉 in #4666

Benchmark base/diff Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.SpanBenchmark.StartFinishSpan‑net472 1.275 744.28 583.67

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StartFinishSpan net6.0 388ns 0.0898ns 0.324ns 0.00756 0 0 536 B
master StartFinishSpan netcoreapp3.1 586ns 0.188ns 0.676ns 0.00715 0 0 536 B
master StartFinishSpan net472 744ns 0.162ns 0.627ns 0.0853 0 0 538 B
master StartFinishScope net6.0 500ns 0.207ns 0.776ns 0.00921 0 0 656 B
master StartFinishScope netcoreapp3.1 668ns 0.219ns 0.848ns 0.00901 0 0 656 B
master StartFinishScope net472 850ns 0.598ns 2.31ns 0.098 0 0 618 B
#4666 StartFinishSpan net6.0 463ns 0.555ns 2.15ns 0.00747 0 0 536 B
#4666 StartFinishSpan netcoreapp3.1 591ns 1.5ns 5.82ns 0.00728 0 0 536 B
#4666 StartFinishSpan net472 584ns 0.199ns 0.717ns 0.0852 0 0 538 B
#4666 StartFinishScope net6.0 598ns 0.141ns 0.547ns 0.00901 0 0 656 B
#4666 StartFinishScope netcoreapp3.1 677ns 0.213ns 0.768ns 0.00889 0 0 656 B
#4666 StartFinishScope net472 980ns 0.547ns 2.12ns 0.0981 0 0 618 B
Benchmarks.Trace.TraceAnnotationsBenchmark - Slower ⚠️ Same allocations ✔️

Slower ⚠️ in #4666

Benchmark diff/base Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.TraceAnnotationsBenchmark.RunOnMethodBegin‑netcoreapp3.1 1.160 709.33 823.14

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master RunOnMethodBegin net6.0 591ns 0.193ns 0.746ns 0.00917 0 0 656 B
master RunOnMethodBegin netcoreapp3.1 710ns 0.308ns 1.07ns 0.0086 0 0 656 B
master RunOnMethodBegin net472 962ns 0.584ns 2.19ns 0.0978 0 0 618 B
#4666 RunOnMethodBegin net6.0 598ns 0.216ns 0.807ns 0.00933 0 0 656 B
#4666 RunOnMethodBegin netcoreapp3.1 823ns 0.699ns 2.61ns 0.00901 0 0 656 B
#4666 RunOnMethodBegin net472 1.06μs 0.447ns 1.73ns 0.098 0 0 618 B

@andrewlock
Copy link
Member

andrewlock commented Sep 28, 2023
edited
Loading

Throughput/Crank Report:zap:

Throughput results for AspNetCoreSimpleController comparing the following branches/commits:

Cases where throughput results for the PR are worse than latest master (5% drop or greater), results are shown in red.

Note that these results are based on a single point-in-time result for each branch. For full results, see one of the many, many dashboards!

gantt
    title Throughput Linux x64 (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (4666) (10.808M)   : 0, 10807628
    master (10.755M)   : 0, 10754788
    benchmarks/2.9.0 (10.933M)   : 0, 10932860

    section Automatic
    This PR (4666) (7.407M)   : 0, 7406773
    master (7.415M)   : 0, 7415171
    benchmarks/2.9.0 (7.883M)   : 0, 7883016

    section Trace stats
    This PR (4666) (7.775M)   : 0, 7774850
    master (7.760M)   : 0, 7760410

    section Manual
    This PR (4666) (9.483M)   : 0, 9482567
    master (9.559M)   : 0, 9558502

    section Manual + Automatic
    This PR (4666) (7.086M)   : 0, 7086224
    master (7.118M)   : 0, 7117876

    section Version Conflict
    This PR (4666) (6.600M)   : 0, 6600413
    master (6.496M)   : 0, 6495719
Loading 
gantt
    title Throughput Linux arm64 (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (4666) (9.500M)   : 0, 9500063
    master (9.563M)   : 0, 9563005
    benchmarks/2.9.0 (9.472M)   : 0, 9471899

    section Automatic
    This PR (4666) (6.596M)   : 0, 6596181
    master (6.698M)   : 0, 6698088

    section Trace stats
    This PR (4666) (6.845M)   : 0, 6844644
    master (6.782M)   : 0, 6782452

    section Manual
    This PR (4666) (8.388M)   : 0, 8388025
    master (8.536M)   : 0, 8535825

    section Manual + Automatic
    This PR (4666) (6.325M)   : 0, 6324989
    master (6.380M)   : 0, 6379858

    section Version Conflict
    This PR (4666) (5.824M)   : 0, 5823748
    master (5.796M)   : 0, 5795522
Loading 
gantt
    title Throughput Windows x64 (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (4666) (9.655M)   : 0, 9654857
    master (9.500M)   : 0, 9499878
    benchmarks/2.9.0 (9.765M)   : 0, 9764899

    section Automatic
    This PR (4666) (6.675M)   : 0, 6675326
    master (6.854M)   : 0, 6853873
    benchmarks/2.9.0 (7.045M)   : 0, 7044982

    section Trace stats
    This PR (4666) (7.030M)   : 0, 7030345
    master (7.013M)   : 0, 7012882

    section Manual
    This PR (4666) (8.556M)   : 0, 8556201
    master (8.392M)   : 0, 8392109

    section Manual + Automatic
    This PR (4666) (6.502M)   : 0, 6501760
    master (6.444M)   : 0, 6444239

    section Version Conflict
    This PR (4666) (6.112M)   : 0, 6111812
    master (5.932M)   : 0, 5931769
Loading 
gantt
    title Throughput Linux x64 (ASM) (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (4666) (7.544M)   : 0, 7543834
    master (7.461M)   : 0, 7460646
    benchmarks/2.9.0 (7.895M)   : 0, 7895479

    section No attack
    This PR (4666) (2.150M)   : 0, 2150150
    master (2.175M)   : 0, 2174774
    benchmarks/2.9.0 (3.246M)   : 0, 3245611

    section Attack
    This PR (4666) (1.723M)   : 0, 1723171
    master (1.717M)   : 0, 1717094
    benchmarks/2.9.0 (2.553M)   : 0, 2553015

    section Blocking
    This PR (4666) (3.483M)   : 0, 3483315
    master (3.463M)   : 0, 3463471

    section IAST default
    This PR (4666) (6.700M)   : 0, 6699533
    master (6.873M)   : 0, 6872775

    section IAST full
    This PR (4666) (5.973M)   : 0, 5972979
    master (6.156M)   : 0, 6156178

    section Base vuln
    This PR (4666) (0.926M)   : crit ,0, 925951
    master (0.981M)   : 0, 981298

    section IAST vuln
    This PR (4666) (0.858M)   : crit ,0, 858061
    master (0.903M)   : 0, 903371
Loading

@datadog-ddstaging
Copy link

datadog-ddstaging bot commented Sep 28, 2023
edited
Loading

Datadog Report

Branch report: dani/asm/hardcoded_secrets_rebase
Commit report: a3ab3b5

dd-trace-dotnet: 86 Failed (4 Known Flaky), 0 New Flaky, 311446 Passed, 1409 Skipped, 48m 7.38s Wall Time

❌ Failed Tests (86)

This report shows up to 5 failed tests.

  • TracingDisabled_DoesNotSubmitsTraces - Datadog.Trace.ClrProfiler.IntegrationTests.HttpMessageHandlerTests - Details

    Expand for error 
     Expected varintegration=latestIntegrations {["HttpMessageHandler"] = IntegrationTelemetryData { Name = HttpMessageHandler, Enabled = False, AutoEnabled = True, Error =  }} to contain key "HttpSocketsHandler".
 Expected varintegration=latestIntegrations {["HttpMessageHandler"] = IntegrationTelemetryData { Name = HttpMessageHandler, Enabled = False, AutoEnabled = True, Error =  }} to contain key "WinHttpHandler".
 Expected varintegration=latestIntegrations {["HttpMessageHandler"] = IntegrationTelemetryData { Name = HttpMessageHandler, Enabled = False, AutoEnabled = True, Error =  }} to contain key "CurlHandler".

  • InstallAndUninstallMethodProbeWithOverloadsTest - Datadog.Trace.Debugger.IntegrationTests.ProbesTests - Details

    Expand for error 
     Log file was not found for path: /project/tracer/build_data/logs with file pattern dotnet-tracer-managed-dotnet*. Logs read so far:

  • InstallAndUninstallMethodProbeWithOverloadsTest - Datadog.Trace.Debugger.IntegrationTests.ProbesTests - Details

    Expand for error 
     Log file was not found for path: /project/tracer/build_data/logs with file pattern dotnet-tracer-managed-dotnet*. Logs read so far:

  • InstallAndUninstallMethodProbeWithOverloadsTest - Datadog.Trace.Debugger.IntegrationTests.ProbesTests - Details

    Expand for error 
     Log file was not found for path: /project/tracer/build_data/logs with file pattern dotnet-tracer-managed-dotnet*. Logs read so far:

  • InstallAndUninstallMethodProbeWithOverloadsTest - Datadog.Trace.Debugger.IntegrationTests.ProbesTests - Details

    Expand for error 
     Log file was not found for path: /project/tracer/build_data/logs with file pattern dotnet-tracer-managed-dotnet*. Logs read so far:

@daniel-romano-DD daniel-romano-DD force-pushed the dani/asm/hardcoded_secrets_rebase branch 3 times, most recently from c9488ea to 937c85d Compare October 2, 2023 13:27
@daniel-romano-DD daniel-romano-DD changed the title [ASM] Hardcoded secrets [ASM-IAST] Hardcoded secrets Oct 3, 2023
@daniel-romano-DD daniel-romano-DD changed the title [ASM-IAST] Hardcoded secrets [ASM][ASM-IAST] Hardcoded secrets Oct 3, 2023
@daniel-romano-DD daniel-romano-DD changed the title [ASM][ASM-IAST] Hardcoded secrets [ASM][IAST] Hardcoded secrets Oct 3, 2023
@daniel-romano-DD daniel-romano-DD force-pushed the dani/asm/hardcoded_secrets_rebase branch 2 times, most recently from 0322a61 to fa07e8d Compare October 4, 2023 16:58
@datadog-ddstaging
Copy link

datadog-ddstaging bot commented Oct 5, 2023
edited
Loading

Datadog Report

Branch report: dani/asm/hardcoded_secrets_rebase
Commit report: 01baf12

❄️ dd-trace-dotnet: 0 Failed, 2 New Flaky, 312147 Passed, 1423 Skipped, 39m 20.51s Wall Time

New Flaky Tests (2)

  • CheckSpanContextAreAttachedForWalltimeProfiler - Datadog.Profiler.IntegrationTests.CodeHotspot.CodeHotspotTest - Last Failure

    Expand for error 
     Exit code of "Samples.BuggyBits.exe" should be 0 instead of -1073741819 (= 0xC0000005)
 Expected: True
 Actual:   False

  • TestIastNotWeakRequest - Datadog.Trace.Security.IntegrationTests.Iast.AspNetCore5IastTestsFullSamplingRedactionEnabled - Last Failure

    Expand for error 
     Results do not match.
 Differences:
 Received: Iast.NotWeak.AspNetCore5.IastEnabled.received.txt
 Verified: Iast.NotWeak.AspNetCore5.IastEnabled.verified.txt
 Received Content:
 [
   {
     TraceId: Id_1,
     SpanId: Id_2,
     Name: aspnet_core.request,
 ...

@daniel-romano-DD daniel-romano-DD force-pushed the dani/asm/hardcoded_secrets_rebase branch from eafb68a to c224462 Compare October 6, 2023 21:52
@daniel-romano-DD daniel-romano-DD marked this pull request as ready for review October 9, 2023 08:58
@daniel-romano-DD daniel-romano-DD requested review from a team as code owners October 9, 2023 08:58
@daniel-romano-DD daniel-romano-DD force-pushed the dani/asm/hardcoded_secrets_rebase branch 3 times, most recently from 006970b to 3875c31 Compare October 10, 2023 09:27
gleocadie
gleocadie reviewed Oct 10, 2023
View reviewed changes
tracer/src/Datadog.Tracer.Native/iast/hardcoded_secrets_method_analyzer.cpp
Comment on lines +54 to +58
for (auto userString : userStrings)
{
_userStrings.push_back(userString);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To avoid useless copies, wouldn't it make sense to use std::move instead ?

_userStrings = std::move(userString);

Copy link
Contributor Author

@daniel-romano-DD daniel-romano-DD Oct 10, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uhm, thinking about this better, I realized move would overwrite _userStrings, and it might not be empty. So, what I want to do is append the strings in userStrings to the member collection.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh sorry, I misread the code.
I read it again and here's my real/useful comment :)
call .reserve() on _userStrings to avoid temporary and useless allocation (if the vector has to be resized)
Something like:

_userStrings.reserver(userStrings.size());

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in 67a5816

@daniel-romano-DD daniel-romano-DD force-pushed the dani/asm/hardcoded_secrets_rebase branch from 6b7c526 to 01baf12 Compare October 10, 2023 15:54
robertpi
robertpi reviewed Oct 11, 2023
View reviewed changes
tracer/src/Datadog.Trace/IAST/Analyzers/HardcodedSecretsAnalyzer.cs Outdated
Log.Debug("HardcodedSecretsAnalyzer polling thread -> Started");
while (_started)
{
var userStrings = new UserStringInterop[100];
Copy link
Member

@robertpi robertpi Oct 11, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor: is it worth putting 100 in a constant, since it controls the size of the batch?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in 67a5816

robertpi
robertpi reviewed Oct 11, 2023
View reviewed changes
tracer/src/Datadog.Trace/IAST/Analyzers/HardcodedSecretsAnalyzer.cs Outdated
}
}

if (userStringLen == userStrings.Length) { continue; }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Took me a while to figure out this is skipping the wait if the buffer is full. Could maybe create a local Boolean, so the condition has a name or add a comment.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in 67a5816

robertpi
robertpi reviewed Oct 11, 2023
View reviewed changes
tracer/test/Datadog.Trace.Security.Unit.Tests/IAST/HardcodedSecretsTests.cs
[InlineData("telegram-bot-api-token", @"75882058:A_ITu4mHleTkS[[DD_SECRET]]Ru5MLP7G_-sA1SN5jAxc5n")]
[InlineData("twilio-api-key", @"SKDEe788AD4BD64EB[[DD_SECRET]]e4F0963F9Fb1a69b5")]
[InlineData("vault-service-token", @"hvs.v4d44-7cibde8q_kax-mus29jn6lkv3kyjxe16pagnc[[DD_SECRET]]e7lddehl5u8tccgvqev4zk5sy45ugh-ghqyb9k3gdj9221v")]
[InlineData("vault-batch-token", @"hvb.vk-7wvp5c4qkkyexv2mypexfno1pmc28j3-7hevyb5-e6s7qemg-p9yqy6th5-s-cubtz[[DD_SECRET]]jprh0xwftl6tkl-82tlevinwn4cm-clro379140mclfvy0vztdmb1odab658vjfq-oetpcg94")]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great that there are so many test cases.

@daniel-romano-DD daniel-romano-DD force-pushed the dani/asm/hardcoded_secrets_rebase branch from f6d86f7 to 01a0220 Compare October 27, 2023 11:31
andrewlock
andrewlock approved these changes Nov 1, 2023
View reviewed changes
Copy link
Member

@andrewlock andrewlock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't checked the native side, but the managed side looks good to me, just a couple of tiny questions/suggestions

tracer/src/Datadog.Trace/IAST/Analyzers/HardcodedSecretsAnalyzer.cs Outdated
Log.Debug("HardcodedSecretsAnalyzer -> Init");
LifetimeManager.Instance.AddShutdownTask(RunShutdown);
_started = true;
Task.Run(() => PoolingThread());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: is it worth adding a continuation here?
Also, we typically store the Task and return it as part of a DisposeAsync call. You may not want to do that here, I'm more wondering about the shutdown sequence and the implications if you try to submit evidence after the app is already shutting down 🤔

Suggested change
Task.Run(() => PoolingThread());
Task.Run(() => PoolingThread())
.ContinueWith(t => Log.Error(t.Exception, "Error in Hardcoded secret analyzer"), TaskContinuationOptions.OnlyOnFaulted);

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I buy that ContinueWith. Fixing it

tracer/src/Datadog.Trace/IAST/Analyzers/HardcodedSecretsAnalyzer.cs Outdated
var userStrings = new UserStringInterop[UserStringsArraySize];
int userStringLen = NativeMethods.GetUserStrings(userStrings.Length, userStrings);
Log.Debug("HardcodedSecretsAnalyzer polling thread -> Retrieved {UserStringLen} strings", userStringLen.ToString());
if (userStringLen > 0 && Tracer.Instance.Settings.IsIntegrationEnabled(IntegrationId.HardcodedSecret))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I wonder if checking this here makes sense🤔 If the integration isn't enabled (initially) and subsequently is enabled, then you would potentially have already "missed" all the strings, no?

I would suggest moving this check before you call NativeMethods.GetUserStrings? That way, even if it's initially disabled and subsequently enabled, you still get the full analysis I think? 🤔

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in f76aadb

tracer/src/Datadog.Trace/IAST/Analyzers/HardcodedSecretsAnalyzer.cs Outdated
Comment on lines 69 to 70
new Location(location!),
new Evidence(match!),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree match can't be null, but should we check location for null to be safe? We'll get a NullRef issue if it is null for some reason...

@daniel-romano-DD daniel-romano-DD force-pushed the dani/asm/hardcoded_secrets_rebase branch from 01a0220 to f76aadb Compare November 3, 2023 09:09
@datadog-ddstaging
Copy link

datadog-ddstaging bot commented Nov 3, 2023
edited
Loading

Datadog Report

Branch report: dani/asm/hardcoded_secrets_rebase
Commit report: 768089b

dd-trace-dotnet: 0 Failed, 0 New Flaky, 304961 Passed, 1399 Skipped, 54m 8.52s Wall Time

@daniel-romano-DD daniel-romano-DD force-pushed the dani/asm/hardcoded_secrets_rebase branch 3 times, most recently from a75b926 to 3f3c525 Compare November 6, 2023 15:58
gleocadie
gleocadie approved these changes Nov 6, 2023
View reviewed changes
Copy link
Collaborator

@gleocadie gleocadie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@daniel-romano-DD daniel-romano-DD force-pushed the dani/asm/hardcoded_secrets_rebase branch 2 times, most recently from 40a30e5 to 42ff7be Compare November 7, 2023 17:01
GreenMatan
GreenMatan approved these changes Nov 7, 2023
View reviewed changes
Copy link
Contributor

@GreenMatan GreenMatan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

None of the changes seem to be related to the Debugger product.
Approving.

daniel-romano-DD and others added 10 commits November 7, 2023 22:01
@daniel-romano-DD
Implementation and tests (no codegen files)
9b25d33 
Codegen files

Codegen files

Fix missing tests

Updated config test data
@daniel-romano-DD
Reduced polling time
0b024d7 
Added debug traces

Segregated test logs in different folders

Codegen rebase

Removed inherited member

Fixed log folder

Fixed log entry watcher path in probes tests

Fix deduplication empty logs
@daniel-romano-DD
Reworked linux tls implementation
c7bb79c
@daniel-romano-DD @andrewlock
Removed static CS instance causing segfaults on proc exit
5d0a552 
Fix build

Removed unneeded virtual clause

Minor fixes

Update tracer/test/Datadog.Trace.Security.IntegrationTests/IAST/Deduplication/DeduplicationTests.cs

Co-authored-by: Andrew Lock <andrew.lock@datadoghq.com>

Update tracer/src/Datadog.Trace/Iast/Location.cs

Co-authored-by: Andrew Lock <andrew.lock@datadoghq.com>
@daniel-romano-DD
Made evidence redaction regex timeout setting as generic Iast regex t…
38578f2 
…imeout

Several improvements

Compilation fix

Codegen files update

Reverted to framework regexes due to dynamic code generation errors

Updated config def file

Updated codegen files
@daniel-romano-DD
Minor optimizations
be0d2d3
@daniel-romano-DD
Update HardcodedSecretsAnalyzer.cs
fee08ef 
Fix compilation errors
@daniel-romano-DD
Fixed snapshots
6dd003b 
Added extra logs

Changed hash calculation

Fix some linux systems native string decoding

Reverted pointer to string change
@daniel-romano-DD
Added extra traces
ca05a2a 
Added new trace

Added nes traces
@daniel-romano-DD
Possible race condition fix
25b56e4 
Fix GetName race condition initialization

Removed unnecesary traces

Fixed linux compilation

Removed unused variable
@daniel-romano-DD daniel-romano-DD force-pushed the dani/asm/hardcoded_secrets_rebase branch from 6c6cc39 to 25b56e4 Compare November 7, 2023 21:01
@daniel-romano-DD daniel-romano-DD merged commit 4a838c5 into master Nov 8, 2023
@daniel-romano-DD daniel-romano-DD deleted the dani/asm/hardcoded_secrets_rebase branch November 8, 2023 13:43
@github-actions github-actions bot added this to the vNext milestone Nov 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robertpi robertpi robertpi approved these changes

@GreenMatan GreenMatan GreenMatan approved these changes

@gleocadie gleocadie gleocadie approved these changes

@andrewlock andrewlock andrewlock approved these changes

@NachoEchevarria NachoEchevarria NachoEchevarria approved these changes

Assignees
No one assigned
Labels
area:asm area:asm-iast
Projects
None yet
Milestone
2.42.0
Development

Successfully merging this pull request may close these issues.
6 participants
@daniel-romano-DD @andrewlock @robertpi @GreenMatan @gleocadie @NachoEchevarria