Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ASM] iast: Fix for NullReferenceException in Stacktrace Walker #6326

Merged
merged 3 commits into from
Nov 21, 2024
Merged

[ASM] iast: Fix for NullReferenceException in Stacktrace Walker #6326

merged 3 commits into from
Nov 21, 2024

Conversation

e-n-0
Copy link
Member

@e-n-0 e-n-0 commented Nov 20, 2024
edited
Loading

Summary of changes

In .NET Framework the GetFrames() method can return null.

Reason for change

Bug detected in telemetry (Error Tracking case).

Implementation details

Create a null array when the method GetFrames() return null in .NET Framework.

@github-actions github-actions bot added area:tracer The core tracer library (Datadog.Trace, does not include OpenTracing, native code, or integrations) area:asm labels Nov 20, 2024
daniel-romano-DD
daniel-romano-DD approved these changes Nov 20, 2024
View reviewed changes
Copy link
Contributor

@daniel-romano-DD daniel-romano-DD left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot

@datadog-ddstaging
Copy link

datadog-ddstaging bot commented Nov 20, 2024
edited
Loading

Datadog Report

Branch report: APPSEC-55923-dotnet-vulnerabilities-null-reference-exception-in-iast-stack-walker
Commit report: 65f5252
Test service: dd-trace-dotnet

✅ 0 Failed, 449857 Passed, 2732 Skipped, 19h 58m 18.04s Total Time

@andrewlock
Copy link
Member

andrewlock commented Nov 20, 2024
edited
Loading

Execution-Time Benchmarks Report ⏱️

Execution-time results for samples comparing the following branches/commits:

Execution-time benchmarks measure the whole time it takes to execute a program. And are intended to measure the one-off costs. Cases where the execution time results for the PR are worse than latest master results are shown in red. The following thresholds were used for comparing the execution times:

  • Welch test with statistical test for significance of 5%
  • Only results indicating a difference greater than 5% and 5 ms are considered.

Note that these results are based on a single point-in-time result for each branch. For full results, see the dashboard.

Graphs show the p99 interval based on the mean and StdDev of the test run, as well as the mean value of the run (shown as a diamond below the graph).

gantt
    title Execution time (ms) FakeDbCommand (.NET Framework 4.6.2) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6326) - mean (72ms)  : 64, 80
     .   : milestone, 72,
    master - mean (72ms)  : 63, 81
     .   : milestone, 72,

    section CallTarget+Inlining+NGEN
    This PR (6326) - mean (1,107ms)  : 1089, 1125
     .   : milestone, 1107,
    master - mean (1,108ms)  : 1088, 1129
     .   : milestone, 1108,
Loading 
gantt
    title Execution time (ms) FakeDbCommand (.NET Core 3.1) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6326) - mean (109ms)  : 106, 111
     .   : milestone, 109,
    master - mean (108ms)  : 106, 111
     .   : milestone, 108,

    section CallTarget+Inlining+NGEN
    This PR (6326) - mean (767ms)  : 748, 787
     .   : milestone, 767,
    master - mean (768ms)  : 749, 787
     .   : milestone, 768,
Loading 
gantt
    title Execution time (ms) FakeDbCommand (.NET 6) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6326) - mean (92ms)  : 90, 94
     .   : milestone, 92,
    master - mean (92ms)  : 90, 93
     .   : milestone, 92,

    section CallTarget+Inlining+NGEN
    This PR (6326) - mean (718ms)  : 703, 732
     .   : milestone, 718,
    master - mean (723ms)  : 707, 739
     .   : milestone, 723,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET Framework 4.6.2) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6326) - mean (191ms)  : 186, 195
     .   : milestone, 191,
    master - mean (191ms)  : 184, 198
     .   : milestone, 191,

    section CallTarget+Inlining+NGEN
    This PR (6326) - mean (1,216ms)  : 1192, 1239
     .   : milestone, 1216,
    master - mean (1,211ms)  : 1185, 1237
     .   : milestone, 1211,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET Core 3.1) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6326) - mean (277ms)  : 272, 282
     .   : milestone, 277,
    master - mean (277ms)  : 272, 281
     .   : milestone, 277,

    section CallTarget+Inlining+NGEN
    This PR (6326) - mean (944ms)  : 928, 961
     .   : milestone, 944,
    master - mean (948ms)  : 926, 970
     .   : milestone, 948,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET 6) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6326) - mean (266ms)  : 263, 270
     .   : milestone, 266,
    master - mean (265ms)  : 261, 270
     .   : milestone, 265,

    section CallTarget+Inlining+NGEN
    This PR (6326) - mean (926ms)  : 908, 944
     .   : milestone, 926,
    master - mean (927ms)  : 908, 945
     .   : milestone, 927,
Loading

@andrewlock
Copy link
Member

andrewlock commented Nov 20, 2024
edited
Loading

Benchmarks Report for tracer 🐌

Benchmarks for #6326 compared to master:

  • 5 benchmarks are faster, with geometric mean 1.170
  • All benchmarks have the same allocations

The following thresholds were used for comparing the benchmark speeds:

  • Mann–Whitney U test with statistical test for significance of 5%
  • Only results indicating a difference greater than 10% and 0.3 ns are considered.

Allocation changes below 0.5% are ignored.

Benchmark details

Benchmarks.Trace.ActivityBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StartStopWithChild net6.0 7.8μs 42ns 230ns 0.0188 0.00753 0 5.61 KB
master StartStopWithChild netcoreapp3.1 10μs 51.3ns 281ns 0.0189 0.00944 0 5.81 KB
master StartStopWithChild net472 16.2μs 43.1ns 167ns 1.05 0.296 0.0961 6.2 KB
#6326 StartStopWithChild net6.0 7.96μs 43.9ns 263ns 0.0161 0.00806 0 5.61 KB
#6326 StartStopWithChild netcoreapp3.1 10.3μs 55.9ns 331ns 0.0201 0.01 0 5.8 KB
#6326 StartStopWithChild net472 16.4μs 49.5ns 192ns 1.03 0.287 0.0982 6.21 KB
Benchmarks.Trace.AgentWriterBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master WriteAndFlushEnrichedTraces net6.0 474μs 258ns 931ns 0 0 0 2.7 KB
master WriteAndFlushEnrichedTraces netcoreapp3.1 664μs 654ns 2.45μs 0 0 0 2.7 KB
master WriteAndFlushEnrichedTraces net472 856μs 427ns 1.6μs 0.428 0 0 3.3 KB
#6326 WriteAndFlushEnrichedTraces net6.0 488μs 245ns 917ns 0 0 0 2.7 KB
#6326 WriteAndFlushEnrichedTraces netcoreapp3.1 650μs 202ns 728ns 0 0 0 2.7 KB
#6326 WriteAndFlushEnrichedTraces net472 853μs 429ns 1.55μs 0.422 0 0 3.3 KB
Benchmarks.Trace.AspNetCoreBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendRequest net6.0 146μs 789ns 4.25μs 0.218 0 0 14.47 KB
master SendRequest netcoreapp3.1 166μs 970ns 8.57μs 0.158 0 0 17.27 KB
master SendRequest net472 0.000716ns 0.000382ns 0.00143ns 0 0 0 0 b
#6326 SendRequest net6.0 154μs 953ns 9.38μs 0.146 0 0 14.47 KB
#6326 SendRequest netcoreapp3.1 166μs 870ns 4.52μs 0.166 0 0 17.27 KB
#6326 SendRequest net472 0.00244ns 0.000894ns 0.00346ns 0 0 0 0 b
Benchmarks.Trace.CIVisibilityProtocolWriterBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master WriteAndFlushEnrichedTraces net6.0 583μs 3.09μs 16μs 0.595 0 0 41.79 KB
master WriteAndFlushEnrichedTraces netcoreapp3.1 679μs 3.14μs 14.4μs 0.345 0 0 41.77 KB
master WriteAndFlushEnrichedTraces net472 869μs 3.17μs 11.9μs 8.13 2.57 0.428 53.33 KB
#6326 WriteAndFlushEnrichedTraces net6.0 596μs 3.16μs 16.7μs 0.561 0 0 41.73 KB
#6326 WriteAndFlushEnrichedTraces netcoreapp3.1 679μs 3.66μs 21.3μs 0.351 0 0 41.64 KB
#6326 WriteAndFlushEnrichedTraces net472 863μs 3.52μs 13.2μs 8.19 2.59 0.431 53.3 KB
Benchmarks.Trace.DbCommandBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master ExecuteNonQuery net6.0 1.24μs 2.91ns 11.3ns 0.0138 0 0 1.02 KB
master ExecuteNonQuery netcoreapp3.1 1.78μs 2.34ns 9.07ns 0.0133 0 0 1.02 KB
master ExecuteNonQuery net472 2.1μs 1.38ns 5.34ns 0.157 0.00105 0 987 B
#6326 ExecuteNonQuery net6.0 1.19μs 1.46ns 5.65ns 0.0143 0 0 1.02 KB
#6326 ExecuteNonQuery netcoreapp3.1 1.76μs 1.21ns 4.53ns 0.0131 0 0 1.02 KB
#6326 ExecuteNonQuery net472 2.11μs 3.94ns 14.8ns 0.157 0.00104 0 987 B
Benchmarks.Trace.ElasticsearchBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master CallElasticsearch net6.0 1.23μs 0.314ns 1.17ns 0.0137 0 0 976 B
master CallElasticsearch netcoreapp3.1 1.49μs 0.862ns 3.11ns 0.0128 0 0 976 B
master CallElasticsearch net472 2.52μs 0.928ns 3.59ns 0.158 0 0 995 B
master CallElasticsearchAsync net6.0 1.29μs 3.82ns 14.8ns 0.0134 0 0 952 B
master CallElasticsearchAsync netcoreapp3.1 1.75μs 1.03ns 3.99ns 0.0139 0 0 1.02 KB
master CallElasticsearchAsync net472 2.65μs 1.02ns 3.95ns 0.167 0 0 1.05 KB
#6326 CallElasticsearch net6.0 1.34μs 0.718ns 2.69ns 0.0135 0 0 976 B
#6326 CallElasticsearch netcoreapp3.1 1.55μs 0.88ns 3.29ns 0.0132 0 0 976 B
#6326 CallElasticsearch net472 2.55μs 2.02ns 7.84ns 0.157 0 0 995 B
#6326 CallElasticsearchAsync net6.0 1.17μs 0.498ns 1.86ns 0.0134 0 0 952 B
#6326 CallElasticsearchAsync netcoreapp3.1 1.59μs 0.502ns 1.88ns 0.0135 0 0 1.02 KB
#6326 CallElasticsearchAsync net472 2.7μs 0.799ns 2.99ns 0.167 0 0 1.05 KB
Benchmarks.Trace.GraphQLBenchmark - Faster 🎉 Same allocations ✔️

Faster 🎉 in #6326

Benchmark base/diff Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.GraphQLBenchmark.ExecuteAsync‑net6.0 1.125 1,350.71 1,200.83

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master ExecuteAsync net6.0 1.35μs 0.484ns 1.88ns 0.0135 0 0 952 B
master ExecuteAsync netcoreapp3.1 1.62μs 0.915ns 3.42ns 0.0129 0 0 952 B
master ExecuteAsync net472 1.84μs 0.611ns 2.29ns 0.145 0 0 915 B
#6326 ExecuteAsync net6.0 1.2μs 0.42ns 1.57ns 0.0132 0 0 952 B
#6326 ExecuteAsync netcoreapp3.1 1.7μs 0.773ns 2.99ns 0.0127 0 0 952 B
#6326 ExecuteAsync net472 1.83μs 0.868ns 3.36ns 0.144 0 0 915 B
Benchmarks.Trace.HttpClientBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendAsync net6.0 4.35μs 1.56ns 6.03ns 0.033 0 0 2.31 KB
master SendAsync netcoreapp3.1 5.38μs 3.21ns 12.4ns 0.0375 0 0 2.85 KB
master SendAsync net472 7.32μs 2.05ns 7.93ns 0.493 0 0 3.12 KB
#6326 SendAsync net6.0 4.35μs 1.92ns 7.18ns 0.0329 0 0 2.31 KB
#6326 SendAsync netcoreapp3.1 5.2μs 4.69ns 18.1ns 0.037 0 0 2.85 KB
#6326 SendAsync net472 7.29μs 1.98ns 7.67ns 0.493 0 0 3.12 KB
Benchmarks.Trace.ILoggerBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 1.59μs 1.74ns 6.76ns 0.0225 0 0 1.64 KB
master EnrichedLog netcoreapp3.1 2.28μs 0.944ns 3.53ns 0.0216 0 0 1.64 KB
master EnrichedLog net472 2.57μs 1.54ns 5.55ns 0.25 0 0 1.57 KB
#6326 EnrichedLog net6.0 1.61μs 0.904ns 3.5ns 0.0225 0 0 1.64 KB
#6326 EnrichedLog netcoreapp3.1 2.21μs 0.744ns 2.88ns 0.0222 0 0 1.64 KB
#6326 EnrichedLog net472 2.6μs 0.893ns 3.22ns 0.249 0 0 1.57 KB
Benchmarks.Trace.Log4netBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 119μs 163ns 630ns 0.0595 0 0 4.28 KB
master EnrichedLog netcoreapp3.1 123μs 273ns 1.06μs 0 0 0 4.28 KB
master EnrichedLog net472 151μs 215ns 834ns 0.682 0.227 0 4.46 KB
#6326 EnrichedLog net6.0 123μs 150ns 581ns 0.0612 0 0 4.28 KB
#6326 EnrichedLog netcoreapp3.1 124μs 140ns 541ns 0 0 0 4.28 KB
#6326 EnrichedLog net472 152μs 198ns 767ns 0.684 0.228 0 4.46 KB
Benchmarks.Trace.NLogBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 3.07μs 1.4ns 5.24ns 0.0299 0 0 2.2 KB
master EnrichedLog netcoreapp3.1 4.09μs 1.16ns 4.35ns 0.0286 0 0 2.2 KB
master EnrichedLog net472 4.92μs 2.69ns 10.4ns 0.32 0 0 2.02 KB
#6326 EnrichedLog net6.0 2.94μs 0.795ns 3.08ns 0.031 0 0 2.2 KB
#6326 EnrichedLog netcoreapp3.1 4.08μs 2.45ns 9.5ns 0.0286 0 0 2.2 KB
#6326 EnrichedLog net472 4.83μs 1.11ns 4.14ns 0.319 0 0 2.02 KB
Benchmarks.Trace.RedisBenchmark - Faster 🎉 Same allocations ✔️

Faster 🎉 in #6326

Benchmark base/diff Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.RedisBenchmark.SendReceive‑net6.0 1.138 1,458.89 1,282.38

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendReceive net6.0 1.46μs 0.875ns 3.39ns 0.016 0 0 1.14 KB
master SendReceive netcoreapp3.1 1.8μs 1.04ns 4.03ns 0.0152 0 0 1.14 KB
master SendReceive net472 2.13μs 1.07ns 3.85ns 0.183 0 0 1.16 KB
#6326 SendReceive net6.0 1.28μs 0.944ns 3.53ns 0.0161 0 0 1.14 KB
#6326 SendReceive netcoreapp3.1 1.73μs 0.514ns 1.92ns 0.0156 0 0 1.14 KB
#6326 SendReceive net472 2.09μs 1.55ns 5.98ns 0.183 0 0 1.16 KB
Benchmarks.Trace.SerilogBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 2.66μs 1.2ns 4.65ns 0.0226 0 0 1.6 KB
master EnrichedLog netcoreapp3.1 3.78μs 1.52ns 5.67ns 0.0227 0 0 1.65 KB
master EnrichedLog net472 4.29μs 2.97ns 11.5ns 0.323 0 0 2.04 KB
#6326 EnrichedLog net6.0 2.79μs 1.3ns 5.04ns 0.0222 0 0 1.6 KB
#6326 EnrichedLog netcoreapp3.1 3.83μs 1.49ns 5.76ns 0.0212 0 0 1.65 KB
#6326 EnrichedLog net472 4.36μs 2.79ns 10.8ns 0.324 0 0 2.04 KB
Benchmarks.Trace.SpanBenchmark - Faster 🎉 Same allocations ✔️

Faster 🎉 in #6326

Benchmark base/diff Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.SpanBenchmark.StartFinishSpan‑net6.0 1.239 490.55 395.84
Benchmarks.Trace.SpanBenchmark.StartFinishScope‑net6.0 1.143 553.29 483.97

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StartFinishSpan net6.0 490ns 1.16ns 4.49ns 0.00816 0 0 576 B
master StartFinishSpan netcoreapp3.1 598ns 0.944ns 3.53ns 0.0079 0 0 576 B
master StartFinishSpan net472 635ns 1.16ns 4.5ns 0.0916 0 0 578 B
master StartFinishScope net6.0 553ns 0.346ns 1.29ns 0.00974 0 0 696 B
master StartFinishScope netcoreapp3.1 708ns 0.648ns 2.51ns 0.0095 0 0 696 B
master StartFinishScope net472 836ns 1.26ns 4.86ns 0.104 0 0 658 B
#6326 StartFinishSpan net6.0 397ns 0.639ns 2.47ns 0.008 0 0 576 B
#6326 StartFinishSpan netcoreapp3.1 571ns 1.01ns 3.9ns 0.00769 0 0 576 B
#6326 StartFinishSpan net472 690ns 1.84ns 7.13ns 0.0916 0 0 578 B
#6326 StartFinishScope net6.0 484ns 0.373ns 1.35ns 0.00982 0 0 696 B
#6326 StartFinishScope netcoreapp3.1 663ns 0.933ns 3.61ns 0.00931 0 0 696 B
#6326 StartFinishScope net472 787ns 1.77ns 6.85ns 0.105 0 0 658 B
Benchmarks.Trace.TraceAnnotationsBenchmark - Faster 🎉 Same allocations ✔️

Faster 🎉 in #6326

Benchmark base/diff Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.TraceAnnotationsBenchmark.RunOnMethodBegin‑net6.0 1.212 723.96 597.45

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master RunOnMethodBegin net6.0 724ns 1.13ns 4.39ns 0.00982 0 0 696 B
master RunOnMethodBegin netcoreapp3.1 920ns 0.973ns 3.64ns 0.00926 0 0 696 B
master RunOnMethodBegin net472 1.09μs 2.49ns 9.66ns 0.104 0 0 658 B
#6326 RunOnMethodBegin net6.0 598ns 1.09ns 4.23ns 0.00965 0 0 696 B
#6326 RunOnMethodBegin netcoreapp3.1 887ns 1.73ns 6.69ns 0.00931 0 0 696 B
#6326 RunOnMethodBegin net472 1.07μs 1.39ns 5.38ns 0.104 0 0 658 B

@e-n-0 e-n-0 marked this pull request as ready for review November 21, 2024 17:06
@e-n-0 e-n-0 requested a review from a team as a code owner November 21, 2024 17:06
@andrewlock
Copy link
Member

Benchmarks Report for appsec 🐌

Benchmarks for #6326 compared to master:

  • 1 benchmarks are faster, with geometric mean 1.183
  • 2 benchmarks have more allocations

The following thresholds were used for comparing the benchmark speeds:

  • Mann–Whitney U test with statistical test for significance of 5%
  • Only results indicating a difference greater than 10% and 0.3 ns are considered.

Allocation changes below 0.5% are ignored.

Benchmark details

Benchmarks.Trace.Asm.AppSecBodyBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master AllCycleSimpleBody net6.0 216μs 101ns 348ns 2.5 0.109 0 176.82 KB
master AllCycleSimpleBody netcoreapp3.1 315μs 164ns 593ns 2.53 0 0 184.26 KB
master AllCycleSimpleBody net472 276μs 113ns 436ns 33.3 2.51 0 210.04 KB
master AllCycleMoreComplexBody net6.0 221μs 115ns 432ns 2.53 0 0 180.33 KB
master AllCycleMoreComplexBody netcoreapp3.1 323μs 103ns 357ns 2.6 0 0 187.68 KB
master AllCycleMoreComplexBody net472 286μs 139ns 521ns 33.9 2.57 0 213.56 KB
master ObjectExtractorSimpleBody net6.0 140ns 0.105ns 0.379ns 0.00395 0 0 280 B
master ObjectExtractorSimpleBody netcoreapp3.1 215ns 0.466ns 1.81ns 0.00367 0 0 272 B
master ObjectExtractorSimpleBody net472 210ns 0.13ns 0.486ns 0.0446 0 0 281 B
master ObjectExtractorMoreComplexBody net6.0 3.02μs 1.53ns 5.72ns 0.053 0 0 3.78 KB
master ObjectExtractorMoreComplexBody netcoreapp3.1 4.06μs 3.32ns 12.9ns 0.0504 0 0 3.69 KB
master ObjectExtractorMoreComplexBody net472 4.44μs 2.21ns 8.57ns 0.602 0.00666 0 3.8 KB
#6326 AllCycleSimpleBody net6.0 216μs 79.7ns 298ns 2.48 0 0 176.82 KB
#6326 AllCycleSimpleBody netcoreapp3.1 317μs 117ns 436ns 2.39 0 0 184.26 KB
#6326 AllCycleSimpleBody net472 278μs 91.9ns 331ns 33.3 2.53 0 210.04 KB
#6326 AllCycleMoreComplexBody net6.0 223μs 145ns 562ns 2.57 0 0 180.33 KB
#6326 AllCycleMoreComplexBody netcoreapp3.1 329μs 100ns 387ns 2.48 0 0 187.68 KB
#6326 AllCycleMoreComplexBody net472 284μs 217ns 812ns 33.8 2.56 0 213.56 KB
#6326 ObjectExtractorSimpleBody net6.0 141ns 0.216ns 0.837ns 0.00393 0 0 280 B
#6326 ObjectExtractorSimpleBody netcoreapp3.1 206ns 0.501ns 1.94ns 0.0037 0 0 272 B
#6326 ObjectExtractorSimpleBody net472 210ns 0.256ns 0.992ns 0.0446 0 0 281 B
#6326 ObjectExtractorMoreComplexBody net6.0 3.08μs 2.06ns 7.72ns 0.0536 0 0 3.78 KB
#6326 ObjectExtractorMoreComplexBody netcoreapp3.1 4μs 1.48ns 5.35ns 0.0502 0 0 3.69 KB
#6326 ObjectExtractorMoreComplexBody net472 4.38μs 2.6ns 9.73ns 0.602 0.00657 0 3.8 KB
Benchmarks.Trace.Asm.AppSecEncoderBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EncodeArgs net6.0 36.9μs 21.7ns 84.2ns 0.445 0 0 32.4 KB
master EncodeArgs netcoreapp3.1 53.8μs 23.6ns 91.6ns 0.43 0 0 32.4 KB
master EncodeArgs net472 67.2μs 25.5ns 98.6ns 5.15 0.0669 0 32.5 KB
master EncodeLegacyArgs net6.0 76.7μs 409ns 2.28μs 0 0 0 2.14 KB
master EncodeLegacyArgs netcoreapp3.1 105μs 120ns 417ns 0 0 0 2.14 KB
master EncodeLegacyArgs net472 155μs 129ns 502ns 0.309 0 0 2.15 KB
#6326 EncodeArgs net6.0 37.6μs 21.8ns 84.3ns 0.451 0 0 32.4 KB
#6326 EncodeArgs netcoreapp3.1 55.2μs 166ns 642ns 0.433 0 0 32.4 KB
#6326 EncodeArgs net472 67.4μs 23.6ns 91.6ns 5.13 0.0675 0 32.5 KB
#6326 EncodeLegacyArgs net6.0 74.3μs 405ns 2.29μs 0 0 0 2.14 KB
#6326 EncodeLegacyArgs netcoreapp3.1 104μs 109ns 407ns 0 0 0 2.14 KB
#6326 EncodeLegacyArgs net472 158μs 108ns 419ns 0.314 0 0 2.15 KB
Benchmarks.Trace.Asm.AppSecWafBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master RunWafRealisticBenchmark net6.0 182μs 76.1ns 285ns 0 0 0 2.44 KB
master RunWafRealisticBenchmark netcoreapp3.1 192μs 109ns 406ns 0 0 0 2.39 KB
master RunWafRealisticBenchmark net472 207μs 81.3ns 315ns 0.31 0 0 2.46 KB
master RunWafRealisticBenchmarkWithAttack net6.0 122μs 148ns 574ns 0 0 0 1.47 KB
master RunWafRealisticBenchmarkWithAttack netcoreapp3.1 129μs 42.8ns 148ns 0 0 0 1.46 KB
master RunWafRealisticBenchmarkWithAttack net472 139μs 27.6ns 99.7ns 0.209 0 0 1.49 KB
#6326 RunWafRealisticBenchmark net6.0 184μs 86.1ns 334ns 0 0 0 2.44 KB
#6326 RunWafRealisticBenchmark netcoreapp3.1 193μs 132ns 510ns 0 0 0 2.39 KB
#6326 RunWafRealisticBenchmark net472 209μs 50.7ns 190ns 0.314 0 0 2.46 KB
#6326 RunWafRealisticBenchmarkWithAttack net6.0 123μs 38.2ns 138ns 0 0 0 1.47 KB
#6326 RunWafRealisticBenchmarkWithAttack netcoreapp3.1 130μs 128ns 497ns 0 0 0 1.46 KB
#6326 RunWafRealisticBenchmarkWithAttack net472 140μs 122ns 441ns 0.21 0 0 1.48 KB
Benchmarks.Trace.Iast.StringAspectsBenchmark - Faster 🎉 More allocations ⚠️

Faster 🎉 in #6326

Benchmark base/diff Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatBenchmark‑net6.0 1.183 61,300.00 51,800.00 bimodal

More allocations ⚠️ in #6326

Benchmark Base Allocated Diff Allocated Change Change %
Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatAspectBenchmark‑net6.0 253.27 KB 321.37 KB 68.1 KB 26.89%
Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatBenchmark‑net472 59.18 KB 60.16 KB 984 B 1.66%

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StringConcatBenchmark net6.0 59.6μs 589ns 5.77μs 0 0 0 43.44 KB
master StringConcatBenchmark netcoreapp3.1 58.1μs 712ns 6.94μs 0 0 0 42.64 KB
master StringConcatBenchmark net472 37.7μs 137ns 514ns 0 0 0 59.18 KB
master StringConcatAspectBenchmark net6.0 301μs 1.7μs 12.3μs 0 0 0 253.27 KB
master StringConcatAspectBenchmark netcoreapp3.1 346μs 1.45μs 7.66μs 0 0 0 253.8 KB
master StringConcatAspectBenchmark net472 291μs 6.86μs 67.6μs 0 0 0 278.53 KB
#6326 StringConcatBenchmark net6.0 52μs 228ns 1.02μs 0 0 0 43.44 KB
#6326 StringConcatBenchmark netcoreapp3.1 52.3μs 220ns 851ns 0 0 0 42.64 KB
#6326 StringConcatBenchmark net472 37.9μs 54.1ns 187ns 0 0 0 60.16 KB
#6326 StringConcatAspectBenchmark net6.0 311μs 5.85μs 57.3μs 0 0 0 321.37 KB
#6326 StringConcatAspectBenchmark netcoreapp3.1 346μs 2.82μs 27.2μs 0 0 0 254.08 KB
#6326 StringConcatAspectBenchmark net472 284μs 6.07μs 58.2μs 0 0 0 278.53 KB

andrewlock
andrewlock approved these changes Nov 21, 2024
View reviewed changes
Copy link
Member

@andrewlock andrewlock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@e-n-0 e-n-0 merged commit fb950f7 into master Nov 21, 2024
75 of 78 checks passed
@e-n-0 e-n-0 deleted the APPSEC-55923-dotnet-vulnerabilities-null-reference-exception-in-iast-stack-walker branch November 21, 2024 18:44
@github-actions github-actions bot added this to the vNext-v3 milestone Nov 21, 2024
andrewlock pushed a commit that referenced this pull request Nov 22, 2024
@e-n-0 @andrewlock
[ASM] iast: Fix for NullReferenceException in Stacktrace Walker (#6326)
6cb0268 
## Summary of changes

In .NET Framework the `GetFrames()` method can return null.

## Reason for change

Bug detected in telemetry ([Error Tracking
case](https://app.datadoghq.com/error-tracking?query=service%3Ainstrumentation-telemetry-data%20%40lib_language%3Adotnet%20%40tracer_version%3A3.6.0.0&fromUser=false&issue_states=&issueId=4ddc4722-7f47-11ef-afd5-da7ad0900002&refresh_mode=sliding&source=all&view=spans&from_ts=1732196777908&to_ts=1732211177908&live=true)).

## Implementation details

Create a null array when the method `GetFrames()` return null in .NET
Framework.
@andrewlock andrewlock modified the milestones: vNext-v3, 3.6.1 Nov 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daniel-romano-DD daniel-romano-DD daniel-romano-DD approved these changes

@NachoEchevarria NachoEchevarria NachoEchevarria approved these changes

@andrewlock andrewlock andrewlock approved these changes

@robertpi robertpi robertpi approved these changes

Assignees
No one assigned
Labels
area:asm area:tracer The core tracer library (Datadog.Trace, does not include OpenTracing, native code, or integrations) identified-by:telemetry
Projects
None yet
Milestone
3.6.1
Development

Successfully merging this pull request may close these issues.
6 participants
@e-n-0 @andrewlock @robertpi @NachoEchevarria @daniel-romano-DD @kevingosse