Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ASM][IAST] Insecure Auth Vulnerability #5148

Merged
merged 16 commits into from
Mar 4, 2024
Merged

[ASM][IAST] Insecure Auth Vulnerability #5148

merged 16 commits into from
Mar 4, 2024

Conversation

e-n-0
Copy link
Member

@e-n-0 e-n-0 commented Feb 5, 2024
edited
Loading

Summary of changes

Reason for change

Detection of Insecure Auth Protocol vulnerability.
https://datadoghq.atlassian.net/wiki/spaces/APS/pages/3435364353/Insecure+Auth+Protocol

Implementation details

  • Check if the Authorization header is in the request.
  • Check the Authentication scheme: If the header value is a Basic or Digest scheme we report an INSECURE_AUTH_PROTOCOL vulnerability

The evidence reported is:
Authorization: Basic or Authorization: Digest
Evidence redaction is not needed.

Test coverage

Integration tests with different Authorization header that are correct (with valid and valid but unusual format) to check if the vulnerability is triggered.

@e-n-0 e-n-0 self-assigned this Feb 5, 2024
@e-n-0 e-n-0 force-pushed the flavien/asm/iast/insecure_auth branch from 3601af3 to 6e20b4b Compare February 6, 2024 13:19
@datadog-ddstaging
Copy link

datadog-ddstaging bot commented Feb 6, 2024
edited
Loading

Datadog Report

Branch report: flavien/asm/iast/insecure_auth
Commit report: 2ce9f7b
Test service: dd-trace-dotnet

✅ 0 Failed, 343746 Passed, 1585 Skipped, 40m 57.27s Wall Time
❄️ 2 New Flaky

New Flaky Tests (2)

  • HotChocolateSchemaV0Tests.SubmitsTracesHttp - Datadog.Trace.ClrProfiler.IntegrationTests

  • SubmitsTraces - Datadog.Trace.ClrProfiler.IntegrationTests.GraphQL4SchemaV1Tests - Last Failure

    Expand for error 
     Results do not match.
 Differences:
 Received: GraphQL4Tests.SubmitsTraces.SchemaV1.received.txt
 Verified: GraphQL4Tests.SubmitsTraces.SchemaV1.verified.txt
 Received Content:
 [
   {
     TraceId: Id_1,
     SpanId: Id_2,
     Name: aspnet_core.request,
 ...

@andrewlock
Copy link
Member

andrewlock commented Feb 6, 2024
edited
Loading

Execution-Time Benchmarks Report ⏱️

Execution-time results for samples comparing the following branches/commits:

Execution-time benchmarks measure the whole time it takes to execute a program. And are intended to measure the one-off costs. Cases where the execution time results for the PR are worse than latest master results are shown in red. The following thresholds were used for comparing the execution times:

  • Welch test with statistical test for significance of 5%
  • Only results indicating a difference greater than 5% and 5 ms are considered.

Note that these results are based on a single point-in-time result for each branch. For full results, see the dashboard.

Graphs show the p99 interval based on the mean and StdDev of the test run, as well as the mean value of the run (shown as a diamond below the graph).

gantt
    title Execution time (ms) FakeDbCommand (.NET Framework 4.6.2) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5148) - mean (75ms)  : 65, 85
     .   : milestone, 75,
    master - mean (74ms)  : 66, 83
     .   : milestone, 74,

    section CallTarget+Inlining+NGEN
    This PR (5148) - mean (992ms)  : 975, 1010
     .   : milestone, 992,
    master - mean (982ms)  : 960, 1003
     .   : milestone, 982,
Loading 
gantt
    title Execution time (ms) FakeDbCommand (.NET Core 3.1) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5148) - mean (111ms)  : 108, 115
     .   : milestone, 111,
    master - mean (111ms)  : 108, 114
     .   : milestone, 111,

    section CallTarget+Inlining+NGEN
    This PR (5148) - mean (719ms)  : 695, 743
     .   : milestone, 719,
    master - mean (719ms)  : 694, 744
     .   : milestone, 719,
Loading 
gantt
    title Execution time (ms) FakeDbCommand (.NET 6) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5148) - mean (96ms)  : 93, 100
     .   : milestone, 96,
    master - mean (94ms)  : 91, 97
     .   : milestone, 94,

    section CallTarget+Inlining+NGEN
    This PR (5148) - mean (677ms)  : 652, 702
     .   : milestone, 677,
    master - mean (663ms)  : 637, 690
     .   : milestone, 663,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET Framework 4.6.2) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5148) - mean (188ms)  : 182, 193
     .   : milestone, 188,
    master - mean (187ms)  : 183, 191
     .   : milestone, 187,

    section CallTarget+Inlining+NGEN
    This PR (5148) - mean (1,057ms)  : 1030, 1084
     .   : milestone, 1057,
    master - mean (1,058ms)  : 1036, 1081
     .   : milestone, 1058,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET Core 3.1) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5148) - mean (269ms)  : 262, 276
     .   : milestone, 269,
    master - mean (270ms)  : 265, 275
     .   : milestone, 270,

    section CallTarget+Inlining+NGEN
    This PR (5148) - mean (867ms)  : 838, 895
     .   : milestone, 867,
    master - mean (869ms)  : 845, 893
     .   : milestone, 869,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET 6) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5148) - mean (262ms)  : 254, 270
     .   : milestone, 262,
    master - mean (259ms)  : 254, 263
     .   : milestone, 259,

    section CallTarget+Inlining+NGEN
    This PR (5148) - mean (855ms)  : 829, 881
     .   : milestone, 855,
    master - mean (852ms)  : 827, 877
     .   : milestone, 852,
Loading

@e-n-0 e-n-0 marked this pull request as ready for review February 6, 2024 16:12
@e-n-0 e-n-0 requested review from a team as code owners February 6, 2024 16:12
@andrewlock
Copy link
Member

andrewlock commented Feb 6, 2024
edited
Loading

Throughput/Crank Report:zap:

Throughput results for AspNetCoreSimpleController comparing the following branches/commits:

Cases where throughput results for the PR are worse than latest master (5% drop or greater), results are shown in red.

Note that these results are based on a single point-in-time result for each branch. For full results, see one of the many, many dashboards!

gantt
    title Throughput Linux x64 (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (5148) (10.860M)   : 0, 10859609
    master (10.893M)   : 0, 10892968
    benchmarks/2.9.0 (11.124M)   : 0, 11124125

    section Automatic
    This PR (5148) (7.477M)   : 0, 7477203
    master (7.522M)   : 0, 7521529
    benchmarks/2.9.0 (8.268M)   : 0, 8268275

    section Trace stats
    This PR (5148) (7.700M)   : 0, 7699916
    master (7.806M)   : 0, 7805686

    section Manual
    This PR (5148) (9.327M)   : 0, 9326826
    master (9.658M)   : 0, 9658144

    section Manual + Automatic
    This PR (5148) (6.980M)   : 0, 6979655
    master (7.098M)   : 0, 7098256

    section Version Conflict
    This PR (5148) (6.310M)   : 0, 6310121
    master (6.310M)   : 0, 6310095
Loading 
gantt
    title Throughput Linux arm64 (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (5148) (9.548M)   : 0, 9547591
    master (9.651M)   : 0, 9650727
    benchmarks/2.9.0 (9.557M)   : 0, 9556831

    section Automatic
    This PR (5148) (6.736M)   : 0, 6736240
    master (6.600M)   : 0, 6599809

    section Trace stats
    This PR (5148) (6.954M)   : 0, 6953627
    master (6.754M)   : 0, 6754454

    section Manual
    This PR (5148) (8.234M)   : 0, 8234196
    master (8.257M)   : 0, 8257074

    section Manual + Automatic
    This PR (5148) (6.186M)   : 0, 6185801
    master (6.172M)   : 0, 6172419

    section Version Conflict
    This PR (5148) (5.730M)   : 0, 5729626
    master (5.673M)   : 0, 5672633
Loading 
gantt
    title Throughput Windows x64 (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (5148) (10.078M)   : 0, 10078301
    master (10.018M)   : 0, 10018234
    benchmarks/2.9.0 (9.910M)   : 0, 9909593

    section Automatic
    This PR (5148) (7.216M)   : 0, 7215890
    master (7.131M)   : 0, 7131143
    benchmarks/2.9.0 (7.464M)   : 0, 7464259

    section Trace stats
    This PR (5148) (7.597M)   : 0, 7596941
    master (7.336M)   : 0, 7335971

    section Manual
    This PR (5148) (8.975M)   : 0, 8975041
    master (8.746M)   : 0, 8746129

    section Manual + Automatic
    This PR (5148) (6.971M)   : 0, 6970609
    master (6.918M)   : 0, 6917981

    section Version Conflict
    This PR (5148) (6.286M)   : 0, 6286235
    master (6.154M)   : 0, 6153577
Loading 
gantt
    title Throughput Linux x64 (ASM) (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (5148) (7.446M)   : 0, 7446370
    master (7.380M)   : 0, 7379514
    benchmarks/2.9.0 (7.908M)   : 0, 7908237

    section No attack
    This PR (5148) (1.845M)   : 0, 1844511
    master (1.835M)   : 0, 1835314
    benchmarks/2.9.0 (3.212M)   : 0, 3211779

    section Attack
    This PR (5148) (1.459M)   : 0, 1459140
    master (1.445M)   : 0, 1445088
    benchmarks/2.9.0 (2.469M)   : 0, 2469017

    section Blocking
    This PR (5148) (3.189M)   : 0, 3189157
    master (3.116M)   : 0, 3115952

    section IAST default
    This PR (5148) (6.421M)   : 0, 6421433
    master (6.260M)   : 0, 6260201

    section IAST full
    This PR (5148) (5.648M)   : 0, 5647961
    master (5.569M)   : 0, 5568945

    section Base vuln
    This PR (5148) (0.911M)   : 0, 911324
    master (0.942M)   : 0, 942192

    section IAST vuln
    This PR (5148) (0.872M)   : 0, 872414
    master (0.877M)   : 0, 876502
Loading

@andrewlock
Copy link
Member

andrewlock commented Feb 7, 2024
edited
Loading

Benchmarks Report 🐌

Benchmarks for #5148 compared to master:

  • 3 benchmarks are faster, with geometric mean 1.147
  • 2 benchmarks are slower, with geometric mean 1.207
  • 2 benchmarks have fewer allocations
  • 2 benchmarks have more allocations

The following thresholds were used for comparing the benchmark speeds:

  • Mann–Whitney U test with statistical test for significance of 5%
  • Only results indicating a difference greater than 10% and 0.3 ns are considered.

Allocation changes below 0.5% are ignored.

Benchmark details

Benchmarks.Trace.ActivityBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StartStopWithChild net6.0 8.83μs 47.6ns 265ns 0.022 0.00881 0 7.49 KB
master StartStopWithChild netcoreapp3.1 10.9μs 52.4ns 216ns 0.0223 0.0112 0 7.59 KB
master StartStopWithChild net472 16.8μs 43.2ns 168ns 1.34 0.363 0.11 7.96 KB
#5148 StartStopWithChild net6.0 8.56μs 47.8ns 298ns 0.0253 0.0127 0 7.49 KB
#5148 StartStopWithChild netcoreapp3.1 10.4μs 52.6ns 247ns 0.0269 0.0108 0 7.58 KB
#5148 StartStopWithChild net472 17.2μs 84.9ns 360ns 1.32 0.343 0.0942 7.97 KB
Benchmarks.Trace.AgentWriterBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master WriteAndFlushEnrichedTraces net6.0 448μs 315ns 1.22μs 0 0 0 2.7 KB
master WriteAndFlushEnrichedTraces netcoreapp3.1 612μs 255ns 989ns 0 0 0 2.7 KB
master WriteAndFlushEnrichedTraces net472 822μs 559ns 2.16μs 0.411 0 0 3.3 KB
#5148 WriteAndFlushEnrichedTraces net6.0 455μs 511ns 1.98μs 0 0 0 2.7 KB
#5148 WriteAndFlushEnrichedTraces netcoreapp3.1 608μs 226ns 847ns 0 0 0 2.7 KB
#5148 WriteAndFlushEnrichedTraces net472 817μs 449ns 1.74μs 0.406 0 0 3.3 KB
Benchmarks.Trace.Asm.AppSecBodyBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master AllCycleSimpleBody net6.0 41μs 25.7ns 99.5ns 0.0203 0 0 2.36 KB
master AllCycleSimpleBody netcoreapp3.1 44μs 61.1ns 237ns 0.0221 0 0 2.34 KB
master AllCycleSimpleBody net472 46.9μs 17.1ns 66.4ns 0.373 0 0 2.41 KB
master AllCycleMoreComplexBody net6.0 213μs 73.3ns 274ns 0.108 0 0 9.84 KB
master AllCycleMoreComplexBody netcoreapp3.1 226μs 179ns 693ns 0.112 0 0 9.73 KB
master AllCycleMoreComplexBody net472 241μs 84ns 314ns 1.57 0 0 9.91 KB
master ObjectExtractorSimpleBody net6.0 141ns 0.0601ns 0.217ns 0.00392 0 0 280 B
master ObjectExtractorSimpleBody netcoreapp3.1 205ns 0.126ns 0.486ns 0.00362 0 0 272 B
master ObjectExtractorSimpleBody net472 172ns 0.0769ns 0.298ns 0.0446 0 0 281 B
master ObjectExtractorMoreComplexBody net6.0 3.03μs 4.03ns 14.5ns 0.053 0 0 3.78 KB
master ObjectExtractorMoreComplexBody netcoreapp3.1 3.93μs 2ns 7.76ns 0.0492 0 0 3.69 KB
master ObjectExtractorMoreComplexBody net472 3.79μs 2.65ns 10.3ns 0.602 0.00569 0 3.8 KB
#5148 AllCycleSimpleBody net6.0 41.3μs 31ns 116ns 0.0205 0 0 2.36 KB
#5148 AllCycleSimpleBody netcoreapp3.1 44.5μs 38ns 147ns 0.0222 0 0 2.34 KB
#5148 AllCycleSimpleBody net472 46.7μs 11.3ns 43.7ns 0.373 0 0 2.41 KB
#5148 AllCycleMoreComplexBody net6.0 215μs 39.7ns 149ns 0.108 0 0 9.84 KB
#5148 AllCycleMoreComplexBody netcoreapp3.1 228μs 272ns 1.05μs 0.113 0 0 9.73 KB
#5148 AllCycleMoreComplexBody net472 239μs 79.3ns 307ns 1.54 0 0 9.91 KB
#5148 ObjectExtractorSimpleBody net6.0 138ns 0.0746ns 0.289ns 0.0039 0 0 280 B
#5148 ObjectExtractorSimpleBody netcoreapp3.1 204ns 0.107ns 0.413ns 0.00368 0 0 272 B
#5148 ObjectExtractorSimpleBody net472 174ns 0.106ns 0.412ns 0.0446 0 0 281 B
#5148 ObjectExtractorMoreComplexBody net6.0 3.07μs 0.93ns 3.48ns 0.0534 0 0 3.78 KB
#5148 ObjectExtractorMoreComplexBody netcoreapp3.1 4.15μs 10.7ns 41.5ns 0.0496 0 0 3.69 KB
#5148 ObjectExtractorMoreComplexBody net472 3.84μs 1.68ns 6.51ns 0.603 0.00574 0 3.8 KB
Benchmarks.Trace.Asm.AppSecEncoderBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EncodeArgs net6.0 32μs 21.7ns 84ns 0.397 0 0 27.94 KB
master EncodeArgs netcoreapp3.1 46.6μs 19.4ns 72.7ns 0.373 0 0 27.94 KB
master EncodeArgs net472 59.7μs 34.5ns 134ns 4.45 0.0597 0 28.03 KB
master EncodeLegacyArgs net6.0 97.8μs 197ns 711ns 0.391 0 0 30.34 KB
master EncodeLegacyArgs netcoreapp3.1 127μs 338ns 1.31μs 0.37 0 0 30.34 KB
master EncodeLegacyArgs net472 186μs 264ns 1.02μs 4.81 0.363 0 30.44 KB
#5148 EncodeArgs net6.0 33.9μs 21ns 78.5ns 0.394 0 0 27.94 KB
#5148 EncodeArgs netcoreapp3.1 45.6μs 16.4ns 63.5ns 0.363 0 0 27.94 KB
#5148 EncodeArgs net472 59.5μs 42.6ns 160ns 4.43 0.0594 0 28.04 KB
#5148 EncodeLegacyArgs net6.0 102μs 82.2ns 308ns 0.399 0 0 30.34 KB
#5148 EncodeLegacyArgs netcoreapp3.1 125μs 146ns 546ns 0.387 0 0 30.34 KB
#5148 EncodeLegacyArgs net472 183μs 857ns 3.43μs 4.78 0.361 0 30.44 KB
Benchmarks.Trace.Asm.AppSecWafBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master RunWafRealisticBenchmark net6.0 188μs 184ns 665ns 0.0936 0 0 6.51 KB
master RunWafRealisticBenchmark netcoreapp3.1 204μs 369ns 1.43μs 0 0 0 6.49 KB
master RunWafRealisticBenchmark net472 223μs 149ns 578ns 1.01 0 0 6.59 KB
master RunWafRealisticBenchmarkWithAttack net6.0 125μs 67.9ns 263ns 0.0631 0 0 4.15 KB
master RunWafRealisticBenchmarkWithAttack netcoreapp3.1 134μs 279ns 1.08μs 0 0 0 4.14 KB
master RunWafRealisticBenchmarkWithAttack net472 147μs 39.7ns 149ns 0.657 0 0 4.19 KB
#5148 RunWafRealisticBenchmark net6.0 191μs 368ns 1.43μs 0.097 0 0 6.51 KB
#5148 RunWafRealisticBenchmark netcoreapp3.1 209μs 504ns 1.95μs 0 0 0 6.49 KB
#5148 RunWafRealisticBenchmark net472 226μs 352ns 1.36μs 1 0 0 6.59 KB
#5148 RunWafRealisticBenchmarkWithAttack net6.0 124μs 74.4ns 278ns 0 0 0 4.15 KB
#5148 RunWafRealisticBenchmarkWithAttack netcoreapp3.1 135μs 165ns 619ns 0 0 0 4.14 KB
#5148 RunWafRealisticBenchmarkWithAttack net472 146μs 86.3ns 334ns 0.659 0 0 4.19 KB
Benchmarks.Trace.AspNetCoreBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendRequest net6.0 170μs 170ns 635ns 0.255 0 0 18.26 KB
master SendRequest netcoreapp3.1 189μs 185ns 717ns 0.189 0 0 20.42 KB
master SendRequest net472 0.000528ns 0.000196ns 0.000735ns 0 0 0 0 b
#5148 SendRequest net6.0 173μs 175ns 678ns 0.257 0 0 18.26 KB
#5148 SendRequest netcoreapp3.1 191μs 241ns 935ns 0.19 0 0 20.42 KB
#5148 SendRequest net472 0.000185ns 8.59E‑05ns 0.000333ns 0 0 0 0 b
Benchmarks.Trace.CIVisibilityProtocolWriterBenchmark - Same speed ✔️ More allocations ⚠️

More allocations ⚠️ in #5148

Benchmark Base Allocated Diff Allocated Change Change %
Benchmarks.Trace.CIVisibilityProtocolWriterBenchmark.WriteAndFlushEnrichedTraces‑net6.0 41.42 KB 41.75 KB 333 B 0.80%

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master WriteAndFlushEnrichedTraces net6.0 534μs 201ns 724ns 0.563 0 0 41.42 KB
master WriteAndFlushEnrichedTraces netcoreapp3.1 653μs 864ns 3.35μs 0.322 0 0 41.92 KB
master WriteAndFlushEnrichedTraces net472 849μs 3.34μs 12.9μs 8.45 2.53 0.422 53.24 KB
#5148 WriteAndFlushEnrichedTraces net6.0 548μs 705ns 2.73μs 0.543 0 0 41.75 KB
#5148 WriteAndFlushEnrichedTraces netcoreapp3.1 647μs 1.49μs 5.79μs 0.321 0 0 41.95 KB
#5148 WriteAndFlushEnrichedTraces net472 848μs 3.62μs 14.9μs 8.45 2.53 0.422 53.23 KB
Benchmarks.Trace.DbCommandBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master ExecuteNonQuery net6.0 1.02μs 0.851ns 3.3ns 0.0107 0 0 776 B
master ExecuteNonQuery netcoreapp3.1 1.47μs 1.45ns 5.43ns 0.0103 0 0 776 B
master ExecuteNonQuery net472 1.73μs 0.953ns 3.69ns 0.117 0 0 738 B
#5148 ExecuteNonQuery net6.0 1.09μs 1.1ns 4.27ns 0.0109 0 0 776 B
#5148 ExecuteNonQuery netcoreapp3.1 1.48μs 0.442ns 1.66ns 0.0104 0 0 776 B
#5148 ExecuteNonQuery net472 1.69μs 0.664ns 2.3ns 0.117 0 0 738 B
Benchmarks.Trace.ElasticsearchBenchmark - Slower ⚠️ Same allocations ✔️

Slower ⚠️ in #5148

Benchmark diff/base Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.ElasticsearchBenchmark.CallElasticsearch‑net6.0 1.168 1,138.62 1,329.88

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master CallElasticsearch net6.0 1.14μs 0.398ns 1.49ns 0.0132 0 0 944 B
master CallElasticsearch netcoreapp3.1 1.46μs 0.551ns 2.13ns 0.013 0 0 944 B
master CallElasticsearch net472 2.45μs 1.14ns 4.41ns 0.152 0 0 963 B
master CallElasticsearchAsync net6.0 1.32μs 0.736ns 2.85ns 0.0132 0 0 920 B
master CallElasticsearchAsync netcoreapp3.1 1.61μs 0.524ns 1.96ns 0.013 0 0 992 B
master CallElasticsearchAsync net472 2.63μs 0.712ns 2.76ns 0.161 0 0 1.02 KB
#5148 CallElasticsearch net6.0 1.33μs 0.661ns 2.56ns 0.0133 0 0 944 B
#5148 CallElasticsearch netcoreapp3.1 1.49μs 0.451ns 1.75ns 0.0127 0 0 944 B
#5148 CallElasticsearch net472 2.54μs 1.3ns 4.86ns 0.153 0 0 963 B
#5148 CallElasticsearchAsync net6.0 1.33μs 0.901ns 3.37ns 0.0128 0 0 920 B
#5148 CallElasticsearchAsync netcoreapp3.1 1.65μs 0.536ns 2.08ns 0.0132 0 0 992 B
#5148 CallElasticsearchAsync net472 2.57μs 0.902ns 3.37ns 0.161 0 0 1.02 KB
Benchmarks.Trace.GraphQLBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master ExecuteAsync net6.0 1.29μs 2.03ns 7.3ns 0.013 0 0 920 B
master ExecuteAsync netcoreapp3.1 1.68μs 3.9ns 14.1ns 0.0123 0 0 920 B
master ExecuteAsync net472 1.85μs 0.732ns 2.83ns 0.14 0 0 883 B
#5148 ExecuteAsync net6.0 1.27μs 0.987ns 3.69ns 0.0128 0 0 920 B
#5148 ExecuteAsync netcoreapp3.1 1.62μs 1.04ns 4.04ns 0.0121 0 0 920 B
#5148 ExecuteAsync net472 1.78μs 0.976ns 3.65ns 0.14 0 0 883 B
Benchmarks.Trace.HttpClientBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendAsync net6.0 4.16μs 1.35ns 5.25ns 0.0291 0 0 2.1 KB
master SendAsync netcoreapp3.1 5μs 3.26ns 12.6ns 0.035 0 0 2.64 KB
master SendAsync net472 7.61μs 3.14ns 12.2ns 0.524 0 0 3.31 KB
#5148 SendAsync net6.0 4.07μs 1.86ns 7.21ns 0.0306 0 0 2.1 KB
#5148 SendAsync netcoreapp3.1 4.82μs 3.16ns 12.2ns 0.0362 0 0 2.64 KB
#5148 SendAsync net472 7.68μs 6.72ns 26ns 0.526 0.00384 0 3.31 KB
Benchmarks.Trace.Iast.StringAspectsBenchmark - Same speed ✔️ More allocations ⚠️

More allocations ⚠️ in #5148

Benchmark Base Allocated Diff Allocated Change Change %
Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatAspectBenchmark‑net472 221.18 KB 226.62 KB 5.43 KB 2.46%

Fewer allocations 🎉 in #5148

Benchmark Base Allocated Diff Allocated Change Change %
Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatAspectBenchmark‑net6.0 215.6 KB 211.7 KB -3.9 KB -1.81%
Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatBenchmark‑net472 62.46 KB 55.78 KB -6.68 KB -10.69%

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StringConcatBenchmark net6.0 50.8μs 164ns 615ns 0 0 0 43.44 KB
master StringConcatBenchmark netcoreapp3.1 52μs 183ns 659ns 0 0 0 42.64 KB
master StringConcatBenchmark net472 37.4μs 87.3ns 315ns 0 0 0 62.46 KB
master StringConcatAspectBenchmark net6.0 277μs 1.39μs 9.35μs 0 0 0 215.6 KB
master StringConcatAspectBenchmark netcoreapp3.1 277μs 1.32μs 8.15μs 0 0 0 202.2 KB
master StringConcatAspectBenchmark net472 233μs 2.59μs 24.7μs 0 0 0 221.18 KB
#5148 StringConcatBenchmark net6.0 58.5μs 747ns 7.4μs 0 0 0 43.44 KB
#5148 StringConcatBenchmark netcoreapp3.1 51.8μs 248ns 960ns 0 0 0 42.64 KB
#5148 StringConcatBenchmark net472 38.1μs 120ns 450ns 0 0 0 55.78 KB
#5148 StringConcatAspectBenchmark net6.0 266μs 1.38μs 9.16μs 0 0 0 211.7 KB
#5148 StringConcatAspectBenchmark netcoreapp3.1 282μs 1.22μs 7.79μs 0 0 0 202.98 KB
#5148 StringConcatAspectBenchmark net472 245μs 3.58μs 34.7μs 0 0 0 226.62 KB
Benchmarks.Trace.ILoggerBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 1.4μs 0.663ns 2.48ns 0.0218 0 0 1.58 KB
master EnrichedLog netcoreapp3.1 2.18μs 0.583ns 2.1ns 0.0217 0 0 1.58 KB
master EnrichedLog net472 2.66μs 1.57ns 5.89ns 0.239 0 0 1.51 KB
#5148 EnrichedLog net6.0 1.47μs 0.958ns 3.58ns 0.0219 0 0 1.58 KB
#5148 EnrichedLog netcoreapp3.1 2.16μs 1.08ns 4.05ns 0.0221 0 0 1.58 KB
#5148 EnrichedLog net472 2.53μs 1.03ns 3.98ns 0.239 0 0 1.51 KB
Benchmarks.Trace.Log4netBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 113μs 184ns 713ns 0.0565 0 0 4.22 KB
master EnrichedLog netcoreapp3.1 119μs 152ns 590ns 0.0591 0 0 4.22 KB
master EnrichedLog net472 148μs 199ns 771ns 0.663 0.221 0 4.4 KB
#5148 EnrichedLog net6.0 112μs 122ns 458ns 0.0557 0 0 4.22 KB
#5148 EnrichedLog netcoreapp3.1 118μs 127ns 477ns 0.0587 0 0 4.22 KB
#5148 EnrichedLog net472 147μs 122ns 455ns 0.66 0.22 0 4.4 KB
Benchmarks.Trace.NLogBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 2.95μs 8.8ns 32.9ns 0.0292 0 0 2.14 KB
master EnrichedLog netcoreapp3.1 4.05μs 2.42ns 9.06ns 0.0284 0 0 2.14 KB
master EnrichedLog net472 4.72μs 5.48ns 21.2ns 0.308 0 0 1.95 KB
#5148 EnrichedLog net6.0 3.15μs 1.86ns 7.2ns 0.0298 0 0 2.14 KB
#5148 EnrichedLog netcoreapp3.1 4.28μs 1.74ns 6.76ns 0.0279 0 0 2.14 KB
#5148 EnrichedLog net472 4.75μs 2.51ns 9.72ns 0.31 0 0 1.95 KB
Benchmarks.Trace.RedisBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendReceive net6.0 1.38μs 0.856ns 3.31ns 0.0158 0 0 1.11 KB
master SendReceive netcoreapp3.1 1.75μs 1.06ns 3.96ns 0.0157 0 0 1.11 KB
master SendReceive net472 1.98μs 0.765ns 2.86ns 0.178 0 0 1.12 KB
#5148 SendReceive net6.0 1.4μs 1.21ns 4.68ns 0.0154 0 0 1.11 KB
#5148 SendReceive netcoreapp3.1 1.71μs 0.947ns 3.67ns 0.0154 0 0 1.11 KB
#5148 SendReceive net472 2.06μs 2.12ns 8.2ns 0.178 0 0 1.12 KB
Benchmarks.Trace.SerilogBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 2.9μs 0.839ns 3.25ns 0.0209 0 0 1.54 KB
master EnrichedLog netcoreapp3.1 3.74μs 1.47ns 5.52ns 0.0208 0 0 1.58 KB
master EnrichedLog net472 4.33μs 1.85ns 7.15ns 0.313 0 0 1.97 KB
#5148 EnrichedLog net6.0 2.71μs 0.99ns 3.7ns 0.0218 0 0 1.54 KB
#5148 EnrichedLog netcoreapp3.1 3.95μs 1.02ns 3.83ns 0.0218 0 0 1.58 KB
#5148 EnrichedLog net472 4.24μs 1.62ns 6.29ns 0.312 0 0 1.97 KB
Benchmarks.Trace.SpanBenchmark - Faster 🎉 Same allocations ✔️

Faster 🎉 in #5148

Benchmark base/diff Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.SpanBenchmark.StartFinishSpan‑netcoreapp3.1 1.129 726.78 643.68
Benchmarks.Trace.SpanBenchmark.StartFinishScope‑net6.0 1.121 596.99 532.55

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StartFinishSpan net6.0 461ns 0.827ns 3.2ns 0.00759 0 0 544 B
master StartFinishSpan netcoreapp3.1 724ns 1.98ns 7.68ns 0.00747 0 0 544 B
master StartFinishSpan net472 723ns 1.66ns 6.42ns 0.0866 0 0 546 B
master StartFinishScope net6.0 597ns 0.85ns 3.29ns 0.00927 0 0 664 B
master StartFinishScope netcoreapp3.1 773ns 1.91ns 7.41ns 0.00881 0 0 664 B
master StartFinishScope net472 987ns 1.82ns 7.05ns 0.0992 0 0 626 B
#5148 StartFinishSpan net6.0 459ns 0.778ns 3.01ns 0.00757 0 0 544 B
#5148 StartFinishSpan netcoreapp3.1 644ns 1.1ns 4.26ns 0.00716 0 0 544 B
#5148 StartFinishSpan net472 734ns 1.68ns 6.52ns 0.0866 0 0 546 B
#5148 StartFinishScope net6.0 533ns 0.985ns 3.81ns 0.00933 0 0 664 B
#5148 StartFinishScope netcoreapp3.1 787ns 1.66ns 6.45ns 0.0086 0 0 664 B
#5148 StartFinishScope net472 998ns 2.05ns 7.95ns 0.0995 0 0 626 B
Benchmarks.Trace.TraceAnnotationsBenchmark - Slower ⚠️ Same allocations ✔️

Slower ⚠️ in #5148

Benchmark diff/base Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.TraceAnnotationsBenchmark.RunOnMethodBegin‑net6.0 1.248 633.23 790.40

Faster 🎉 in #5148

Benchmark base/diff Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.TraceAnnotationsBenchmark.RunOnMethodBegin‑netcoreapp3.1 1.192 1,032.46 866.17

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master RunOnMethodBegin net6.0 632ns 1.01ns 3.91ns 0.00927 0 0 664 B
master RunOnMethodBegin netcoreapp3.1 1.03μs 1.38ns 5.34ns 0.00878 0 0 664 B
master RunOnMethodBegin net472 1.08μs 2.75ns 10.7ns 0.0995 0 0 626 B
#5148 RunOnMethodBegin net6.0 791ns 1.01ns 3.93ns 0.00939 0 0 664 B
#5148 RunOnMethodBegin netcoreapp3.1 867ns 1.69ns 6.53ns 0.00876 0 0 664 B
#5148 RunOnMethodBegin net472 1.08μs 2.08ns 8.05ns 0.0994 0 0 626 B

daniel-romano-DD
daniel-romano-DD approved these changes Feb 13, 2024
View reviewed changes
Copy link
Contributor

@daniel-romano-DD daniel-romano-DD left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work. TY

andrewlock
andrewlock reviewed Feb 15, 2024
View reviewed changes
Copy link
Member

@andrewlock andrewlock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM in general, just some perf suggestions around handling StringValues etc!

tracer/src/Datadog.Trace/AspNet/TracingHttpModule.cs Outdated Show resolved Hide resolved
tracer/src/Datadog.Trace/Iast/InsecureAuthAnalyzer.cs Outdated Show resolved Hide resolved
tracer/src/Datadog.Trace/Iast/InsecureAuthAnalyzer.cs Outdated Show resolved Hide resolved
tracer/src/Datadog.Trace/Iast/InsecureAuthAnalyzer.cs Outdated Show resolved Hide resolved
tracer/src/Datadog.Trace/Iast/InsecureAuthAnalyzer.cs Outdated Show resolved Hide resolved
tracer/src/Datadog.Trace/Iast/InsecureAuthAnalyzer.cs Outdated Show resolved Hide resolved
@e-n-0 e-n-0 requested a review from andrewlock February 20, 2024 13:58
@e-n-0 e-n-0 force-pushed the flavien/asm/iast/insecure_auth branch 3 times, most recently from 2c504ff to 7e02c5a Compare February 21, 2024 15:57
andrewlock
andrewlock approved these changes Feb 28, 2024
View reviewed changes
Copy link
Member

@andrewlock andrewlock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work 👍 Just one tiny suggestion 🙂

tracer/src/Datadog.Trace/Iast/InsecureAuthAnalyzer.cs Outdated Show resolved Hide resolved
@e-n-0 e-n-0 force-pushed the flavien/asm/iast/insecure_auth branch 2 times, most recently from 93fce56 to 4bfdecd Compare February 29, 2024 15:58
@e-n-0 e-n-0 force-pushed the flavien/asm/iast/insecure_auth branch from a9c18e8 to 2ce9f7b Compare March 1, 2024 16:22
@e-n-0 e-n-0 merged commit a7df115 into master Mar 4, 2024
57 of 58 checks passed
@e-n-0 e-n-0 deleted the flavien/asm/iast/insecure_auth branch March 4, 2024 14:55
@github-actions github-actions bot added this to the vNext milestone Mar 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daniel-romano-DD daniel-romano-DD daniel-romano-DD approved these changes

@NachoEchevarria NachoEchevarria NachoEchevarria approved these changes

@andrewlock andrewlock andrewlock approved these changes

Assignees

@e-n-0 e-n-0

Labels
area:asm
Projects
None yet
Milestone
2.49.0
Development

Successfully merging this pull request may close these issues.
4 participants
@e-n-0 @andrewlock @NachoEchevarria @daniel-romano-DD