Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ASM][IAST] Add source tainting for Grpc dotnet #5473

Merged
merged 24 commits into from
May 7, 2024
Merged

[ASM][IAST] Add source tainting for Grpc dotnet #5473

merged 24 commits into from
May 7, 2024

Conversation

e-n-0
Copy link
Member

@e-n-0 e-n-0 commented Apr 19, 2024
edited
Loading

Summary of changes

Add Grpc source tainting to Grpc for IAST.

Implementation details

This PR use the new call target ref struct changes.

Add a new call target instrumentation on the Google.Protobuf assembly:

  • System.String Google.Protobuf.ParsingPrimitives::ReadRawString

All strings parsed of all messages will be tainted.

Test coverage

Add Iast tests to the existing Samples.GrpcDotnet.
These tests are enabled through the environment variable IAST_GRPC_SOURCE_TEST.

All messages transmissions are tested:

  • unary
  • server streaming
  • client streaming
  • both ways

@e-n-0 e-n-0 force-pushed the flavien/asm/iast/grpc_source branch from 9442d17 to 99b53b3 Compare April 19, 2024 15:29
@e-n-0 e-n-0 marked this pull request as ready for review April 19, 2024 15:48
@e-n-0 e-n-0 requested review from a team as code owners April 19, 2024 15:48
@e-n-0 e-n-0 self-assigned this Apr 19, 2024
@e-n-0 e-n-0 force-pushed the flavien/asm/iast/grpc_source branch from 99b53b3 to 3897009 Compare April 19, 2024 15:54
@datadog-ddstaging
Copy link

datadog-ddstaging bot commented Apr 19, 2024
edited
Loading

Datadog Report

Branch report: flavien/asm/iast/grpc_source
Commit report: aecb079
Test service: dd-trace-dotnet

✅ 0 Failed, 327244 Passed, 1550 Skipped, 49m 47.38s Wall Time
❄️ 1 New Flaky

New Flaky Tests (1)

  • TelemetryControllerShouldUpdateGitMetadataWithTelemetry - Datadog.Trace.Tests.Telemetry.TelemetryControllerTests - Last Failure

    Expand for error 
     Expected data.FirstOrDefault().Application.RepositoryUrl to be "testCommitSha", but found <null>.

@andrewlock
Copy link
Member

andrewlock commented Apr 19, 2024
edited
Loading

Execution-Time Benchmarks Report ⏱️

Execution-time results for samples comparing the following branches/commits:

Execution-time benchmarks measure the whole time it takes to execute a program. And are intended to measure the one-off costs. Cases where the execution time results for the PR are worse than latest master results are shown in red. The following thresholds were used for comparing the execution times:

  • Welch test with statistical test for significance of 5%
  • Only results indicating a difference greater than 5% and 5 ms are considered.

Note that these results are based on a single point-in-time result for each branch. For full results, see the dashboard.

Graphs show the p99 interval based on the mean and StdDev of the test run, as well as the mean value of the run (shown as a diamond below the graph).

gantt
    title Execution time (ms) FakeDbCommand (.NET Framework 4.6.2) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5473) - mean (73ms)  : 66, 79
     .   : milestone, 73,
    master - mean (74ms)  : 64, 84
     .   : milestone, 74,

    section CallTarget+Inlining+NGEN
    This PR (5473) - mean (1,017ms)  : 998, 1036
     .   : milestone, 1017,
    master - mean (1,015ms)  : 994, 1036
     .   : milestone, 1015,
Loading 
gantt
    title Execution time (ms) FakeDbCommand (.NET Core 3.1) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5473) - mean (110ms)  : 106, 115
     .   : milestone, 110,
    master - mean (111ms)  : 108, 114
     .   : milestone, 111,

    section CallTarget+Inlining+NGEN
    This PR (5473) - mean (737ms)  : 713, 760
     .   : milestone, 737,
    master - mean (737ms)  : 714, 761
     .   : milestone, 737,
Loading 
gantt
    title Execution time (ms) FakeDbCommand (.NET 6) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5473) - mean (94ms)  : 91, 96
     .   : milestone, 94,
    master - mean (95ms)  : 91, 98
     .   : milestone, 95,

    section CallTarget+Inlining+NGEN
    This PR (5473) - mean (684ms)  : 656, 712
     .   : milestone, 684,
    master - mean (691ms)  : 667, 716
     .   : milestone, 691,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET Framework 4.6.2) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5473) - mean (193ms)  : 188, 198
     .   : milestone, 193,
    master - mean (195ms)  : 189, 201
     .   : milestone, 195,

    section CallTarget+Inlining+NGEN
    This PR (5473) - mean (1,091ms)  : 1069, 1113
     .   : milestone, 1091,
    master - mean (1,099ms)  : 1071, 1127
     .   : milestone, 1099,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET Core 3.1) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5473) - mean (279ms)  : 273, 284
     .   : milestone, 279,
    master - mean (284ms)  : 277, 292
     .   : milestone, 284,

    section CallTarget+Inlining+NGEN
    This PR (5473) - mean (889ms)  : 865, 913
     .   : milestone, 889,
    master - mean (897ms)  : 877, 917
     .   : milestone, 897,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET 6) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5473) - mean (264ms)  : 260, 268
     .   : milestone, 264,
    master - mean (267ms)  : 261, 274
     .   : milestone, 267,

    section CallTarget+Inlining+NGEN
    This PR (5473) - mean (869ms)  : 843, 895
     .   : milestone, 869,
    master - mean (873ms)  : 850, 897
     .   : milestone, 873,
Loading

@andrewlock
Copy link
Member

andrewlock commented Apr 19, 2024
edited
Loading

Benchmarks Report for tracer 🐌

Benchmarks for #5473 compared to master:

  • All benchmarks have the same speed
  • All benchmarks have the same allocations

The following thresholds were used for comparing the benchmark speeds:

  • Mann–Whitney U test with statistical test for significance of 5%
  • Only results indicating a difference greater than 10% and 0.3 ns are considered.

Allocation changes below 0.5% are ignored.

Benchmark details

Benchmarks.Trace.ActivityBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StartStopWithChild net6.0 8.63μs 30.2ns 117ns 0.0218 0.00871 0 7.55 KB
master StartStopWithChild netcoreapp3.1 10.8μs 55.9ns 280ns 0.031 0.0155 0 7.64 KB
master StartStopWithChild net472 17μs 25.4ns 95.1ns 1.37 0.39 0.136 8.1 KB
#5473 StartStopWithChild net6.0 8.83μs 49ns 329ns 0.0213 0.00853 0 7.56 KB
#5473 StartStopWithChild netcoreapp3.1 11.1μs 57.6ns 288ns 0.0162 0.0108 0 7.65 KB
#5473 StartStopWithChild net472 17.1μs 51.3ns 199ns 1.34 0.325 0.0941 8.08 KB
Benchmarks.Trace.AgentWriterBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master WriteAndFlushEnrichedTraces net6.0 471μs 281ns 1.05μs 0 0 0 2.7 KB
master WriteAndFlushEnrichedTraces netcoreapp3.1 621μs 332ns 1.24μs 0 0 0 2.7 KB
master WriteAndFlushEnrichedTraces net472 837μs 281ns 1.09μs 0.417 0 0 3.3 KB
#5473 WriteAndFlushEnrichedTraces net6.0 472μs 261ns 1.01μs 0 0 0 2.7 KB
#5473 WriteAndFlushEnrichedTraces netcoreapp3.1 628μs 164ns 592ns 0 0 0 2.7 KB
#5473 WriteAndFlushEnrichedTraces net472 834μs 510ns 1.98μs 0.411 0 0 3.3 KB
Benchmarks.Trace.AspNetCoreBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendRequest net6.0 170μs 178ns 690ns 0.253 0 0 18.49 KB
master SendRequest netcoreapp3.1 190μs 160ns 599ns 0.189 0 0 20.65 KB
master SendRequest net472 0ns 0ns 0ns 0 0 0 0 b
#5473 SendRequest net6.0 171μs 183ns 707ns 0.258 0 0 18.49 KB
#5473 SendRequest netcoreapp3.1 192μs 366ns 1.42μs 0.192 0 0 20.65 KB
#5473 SendRequest net472 0.000978ns 0.00045ns 0.00174ns 0 0 0 0 b
Benchmarks.Trace.CIVisibilityProtocolWriterBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master WriteAndFlushEnrichedTraces net6.0 542μs 996ns 3.86μs 0.546 0 0 41.57 KB
master WriteAndFlushEnrichedTraces netcoreapp3.1 652μs 1.75μs 6.78μs 0.329 0 0 41.83 KB
master WriteAndFlushEnrichedTraces net472 866μs 3.45μs 13.4μs 8.13 2.57 0.428 53.25 KB
#5473 WriteAndFlushEnrichedTraces net6.0 546μs 502ns 1.88μs 0.541 0 0 41.62 KB
#5473 WriteAndFlushEnrichedTraces netcoreapp3.1 648μs 1.92μs 7.45μs 0.326 0 0 41.68 KB
#5473 WriteAndFlushEnrichedTraces net472 849μs 2.73μs 10.6μs 8.45 2.53 0.422 53.25 KB
Benchmarks.Trace.DbCommandBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master ExecuteNonQuery net6.0 1.14μs 0.482ns 1.87ns 0.0114 0 0 808 B
master ExecuteNonQuery netcoreapp3.1 1.5μs 3.69ns 14.3ns 0.0104 0 0 808 B
master ExecuteNonQuery net472 1.78μs 1.51ns 5.65ns 0.122 0 0 770 B
#5473 ExecuteNonQuery net6.0 1.13μs 0.251ns 0.938ns 0.0113 0 0 808 B
#5473 ExecuteNonQuery netcoreapp3.1 1.54μs 1.12ns 4.35ns 0.0108 0 0 808 B
#5473 ExecuteNonQuery net472 1.81μs 0.801ns 3.1ns 0.122 0 0 770 B
Benchmarks.Trace.ElasticsearchBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master CallElasticsearch net6.0 1.28μs 0.652ns 2.44ns 0.0147 0 0 1.03 KB
master CallElasticsearch netcoreapp3.1 1.61μs 0.988ns 3.7ns 0.0139 0 0 1.03 KB
master CallElasticsearch net472 2.56μs 2.18ns 8.15ns 0.165 0 0 1.04 KB
master CallElasticsearchAsync net6.0 1.38μs 0.829ns 3.1ns 0.0137 0 0 1.01 KB
master CallElasticsearchAsync netcoreapp3.1 1.75μs 0.558ns 2.09ns 0.015 0 0 1.08 KB
master CallElasticsearchAsync net472 2.69μs 2.59ns 9.33ns 0.175 0.00134 0 1.1 KB
#5473 CallElasticsearch net6.0 1.28μs 0.587ns 2.12ns 0.0142 0 0 1.03 KB
#5473 CallElasticsearch netcoreapp3.1 1.63μs 0.908ns 3.4ns 0.0139 0 0 1.03 KB
#5473 CallElasticsearch net472 2.46μs 1.22ns 4.24ns 0.166 0 0 1.04 KB
#5473 CallElasticsearchAsync net6.0 1.34μs 0.624ns 2.42ns 0.0141 0 0 1.01 KB
#5473 CallElasticsearchAsync netcoreapp3.1 1.74μs 0.9ns 3.49ns 0.0139 0 0 1.08 KB
#5473 CallElasticsearchAsync net472 2.6μs 0.698ns 2.52ns 0.174 0 0 1.1 KB
Benchmarks.Trace.GraphQLBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master ExecuteAsync net6.0 1.26μs 0.394ns 1.48ns 0.0134 0 0 952 B
master ExecuteAsync netcoreapp3.1 1.74μs 0.952ns 3.69ns 0.0127 0 0 952 B
master ExecuteAsync net472 1.79μs 0.595ns 2.3ns 0.145 0.000895 0 915 B
#5473 ExecuteAsync net6.0 1.29μs 0.732ns 2.83ns 0.0136 0 0 952 B
#5473 ExecuteAsync netcoreapp3.1 1.72μs 0.982ns 3.8ns 0.0129 0 0 952 B
#5473 ExecuteAsync net472 1.83μs 2.25ns 8.73ns 0.145 0 0 915 B
Benchmarks.Trace.HttpClientBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendAsync net6.0 4.2μs 2.33ns 9.02ns 0.0317 0 0 2.27 KB
master SendAsync netcoreapp3.1 5.35μs 1.48ns 5.55ns 0.0374 0 0 2.81 KB
master SendAsync net472 7.92μs 3.39ns 12.7ns 0.503 0 0 3.18 KB
#5473 SendAsync net6.0 4.28μs 1.76ns 6.58ns 0.0323 0 0 2.27 KB
#5473 SendAsync netcoreapp3.1 5.18μs 4.29ns 16.1ns 0.0389 0 0 2.81 KB
#5473 SendAsync net472 7.83μs 2.22ns 8.29ns 0.502 0 0 3.18 KB
Benchmarks.Trace.ILoggerBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 1.62μs 1.76ns 6.6ns 0.0241 0 0 1.7 KB
master EnrichedLog netcoreapp3.1 2.3μs 0.637ns 2.38ns 0.0223 0 0 1.7 KB
master EnrichedLog net472 2.66μs 1.33ns 4.78ns 0.256 0 0 1.62 KB
#5473 EnrichedLog net6.0 1.5μs 2.63ns 10.2ns 0.0241 0 0 1.7 KB
#5473 EnrichedLog netcoreapp3.1 2.1μs 0.891ns 3.33ns 0.0234 0 0 1.7 KB
#5473 EnrichedLog net472 2.65μs 5.02ns 19.4ns 0.258 0 0 1.62 KB
Benchmarks.Trace.Log4netBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 113μs 191ns 741ns 0.0572 0 0 4.28 KB
master EnrichedLog netcoreapp3.1 120μs 133ns 514ns 0 0 0 4.28 KB
master EnrichedLog net472 149μs 166ns 622ns 0.665 0.222 0 4.46 KB
#5473 EnrichedLog net6.0 115μs 150ns 581ns 0.0566 0 0 4.28 KB
#5473 EnrichedLog netcoreapp3.1 118μs 152ns 588ns 0.0589 0 0 4.28 KB
#5473 EnrichedLog net472 151μs 253ns 981ns 0.671 0.224 0 4.46 KB
Benchmarks.Trace.NLogBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 3.02μs 1.34ns 5.01ns 0.0316 0 0 2.25 KB
master EnrichedLog netcoreapp3.1 4.24μs 2.08ns 7.8ns 0.0297 0 0 2.25 KB
master EnrichedLog net472 4.79μs 1.93ns 7.47ns 0.327 0 0 2.07 KB
#5473 EnrichedLog net6.0 2.92μs 1.18ns 4.57ns 0.0307 0 0 2.25 KB
#5473 EnrichedLog netcoreapp3.1 4.37μs 1.26ns 4.88ns 0.031 0 0 2.25 KB
#5473 EnrichedLog net472 4.82μs 2.72ns 10.5ns 0.327 0 0 2.07 KB
Benchmarks.Trace.RedisBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendReceive net6.0 1.46μs 0.892ns 3.34ns 0.0168 0 0 1.2 KB
master SendReceive netcoreapp3.1 1.9μs 6.06ns 23.5ns 0.0159 0 0 1.2 KB
master SendReceive net472 2.27μs 3.7ns 14.3ns 0.191 0 0 1.2 KB
#5473 SendReceive net6.0 1.39μs 0.665ns 2.49ns 0.0166 0 0 1.2 KB
#5473 SendReceive netcoreapp3.1 1.95μs 1.16ns 4.5ns 0.0161 0 0 1.2 KB
#5473 SendReceive net472 2.33μs 1.73ns 6.48ns 0.19 0 0 1.2 KB
Benchmarks.Trace.SerilogBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 2.78μs 0.951ns 3.68ns 0.0223 0 0 1.6 KB
master EnrichedLog netcoreapp3.1 3.9μs 2.78ns 10.7ns 0.0213 0 0 1.65 KB
master EnrichedLog net472 4.61μs 3.34ns 13ns 0.322 0 0 2.04 KB
#5473 EnrichedLog net6.0 2.8μs 0.867ns 3.24ns 0.0225 0 0 1.6 KB
#5473 EnrichedLog netcoreapp3.1 3.87μs 1.19ns 4.6ns 0.0212 0 0 1.65 KB
#5473 EnrichedLog net472 4.44μs 2.06ns 7.71ns 0.323 0 0 2.04 KB
Benchmarks.Trace.SpanBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StartFinishSpan net6.0 599ns 0.333ns 1.25ns 0.00802 0 0 576 B
master StartFinishSpan netcoreapp3.1 829ns 0.18ns 0.651ns 0.00782 0 0 576 B
master StartFinishSpan net472 800ns 0.208ns 0.804ns 0.0915 0 0 578 B
master StartFinishScope net6.0 605ns 0.207ns 0.775ns 0.00973 0 0 696 B
master StartFinishScope netcoreapp3.1 875ns 0.293ns 1.01ns 0.00922 0 0 696 B
master StartFinishScope net472 1.01μs 0.568ns 2.05ns 0.104 0 0 658 B
#5473 StartFinishSpan net6.0 553ns 0.331ns 1.24ns 0.00809 0 0 576 B
#5473 StartFinishSpan netcoreapp3.1 826ns 0.26ns 0.974ns 0.00744 0 0 576 B
#5473 StartFinishSpan net472 760ns 0.371ns 1.44ns 0.0915 0 0 578 B
#5473 StartFinishScope net6.0 552ns 0.191ns 0.714ns 0.00984 0 0 696 B
#5473 StartFinishScope netcoreapp3.1 939ns 4.95ns 24.3ns 0.00898 0 0 696 B
#5473 StartFinishScope net472 1.01μs 0.501ns 1.94ns 0.104 0 0 658 B
Benchmarks.Trace.TraceAnnotationsBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master RunOnMethodBegin net6.0 631ns 0.487ns 1.89ns 0.00958 0 0 696 B
master RunOnMethodBegin netcoreapp3.1 940ns 0.807ns 3.13ns 0.00917 0 0 696 B
master RunOnMethodBegin net472 1.06μs 0.405ns 1.57ns 0.104 0 0 658 B
#5473 RunOnMethodBegin net6.0 613ns 1.83ns 7.1ns 0.00967 0 0 696 B
#5473 RunOnMethodBegin netcoreapp3.1 1μs 1.36ns 5.27ns 0.00954 0 0 696 B
#5473 RunOnMethodBegin net472 1.14μs 3.35ns 12.1ns 0.104 0 0 658 B

@andrewlock
Copy link
Member

andrewlock commented Apr 19, 2024
edited
Loading

Benchmarks Report for appsec 🐌

Benchmarks for #5473 compared to master:

  • All benchmarks have the same speed
  • 1 benchmarks have fewer allocations
  • 1 benchmarks have more allocations

The following thresholds were used for comparing the benchmark speeds:

  • Mann–Whitney U test with statistical test for significance of 5%
  • Only results indicating a difference greater than 10% and 0.3 ns are considered.

Allocation changes below 0.5% are ignored.

Benchmark details

Benchmarks.Trace.Asm.AppSecBodyBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master AllCycleSimpleBody net6.0 72.2μs 71.7ns 268ns 0.0719 0 0 6 KB
master AllCycleSimpleBody netcoreapp3.1 61.5μs 62.1ns 232ns 0.0912 0 0 6.94 KB
master AllCycleSimpleBody net472 47.9μs 78.3ns 293ns 1.32 0 0 8.33 KB
master AllCycleMoreComplexBody net6.0 77.4μs 83.8ns 314ns 0.116 0 0 9.5 KB
master AllCycleMoreComplexBody netcoreapp3.1 68.4μs 74.1ns 287ns 0.137 0 0 10.36 KB
master AllCycleMoreComplexBody net472 54.5μs 86.4ns 335ns 1.86 0.0273 0 11.84 KB
master ObjectExtractorSimpleBody net6.0 143ns 0.0923ns 0.345ns 0.00391 0 0 280 B
master ObjectExtractorSimpleBody netcoreapp3.1 210ns 0.615ns 2.38ns 0.00367 0 0 272 B
master ObjectExtractorSimpleBody net472 169ns 0.256ns 0.991ns 0.0446 0 0 281 B
master ObjectExtractorMoreComplexBody net6.0 3.02μs 1.46ns 5.26ns 0.0532 0 0 3.78 KB
master ObjectExtractorMoreComplexBody netcoreapp3.1 4.04μs 1.96ns 7.6ns 0.0506 0 0 3.69 KB
master ObjectExtractorMoreComplexBody net472 3.76μs 2.08ns 7.49ns 0.602 0.00563 0 3.8 KB
#5473 AllCycleSimpleBody net6.0 71.5μs 185ns 715ns 0.0707 0 0 6 KB
#5473 AllCycleSimpleBody netcoreapp3.1 63.6μs 105ns 406ns 0.0945 0 0 6.94 KB
#5473 AllCycleSimpleBody net472 47.4μs 67.9ns 254ns 1.32 0 0 8.33 KB
#5473 AllCycleMoreComplexBody net6.0 77.2μs 122ns 439ns 0.117 0 0 9.5 KB
#5473 AllCycleMoreComplexBody netcoreapp3.1 70.4μs 91ns 353ns 0.14 0 0 10.36 KB
#5473 AllCycleMoreComplexBody net472 54.3μs 46.4ns 173ns 1.87 0.0271 0 11.84 KB
#5473 ObjectExtractorSimpleBody net6.0 137ns 0.181ns 0.7ns 0.00393 0 0 280 B
#5473 ObjectExtractorSimpleBody netcoreapp3.1 205ns 0.197ns 0.736ns 0.00379 0 0 272 B
#5473 ObjectExtractorSimpleBody net472 167ns 0.375ns 1.3ns 0.0446 0 0 281 B
#5473 ObjectExtractorMoreComplexBody net6.0 3.07μs 2.5ns 9.35ns 0.0522 0 0 3.78 KB
#5473 ObjectExtractorMoreComplexBody netcoreapp3.1 3.97μs 4.88ns 18.9ns 0.0514 0 0 3.69 KB
#5473 ObjectExtractorMoreComplexBody net472 3.79μs 2.58ns 9.66ns 0.602 0.00566 0 3.8 KB
Benchmarks.Trace.Asm.AppSecEncoderBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EncodeArgs net6.0 41.2μs 29.7ns 115ns 0.457 0 0 32.4 KB
master EncodeArgs netcoreapp3.1 55.4μs 19.4ns 75.1ns 0.443 0 0 32.4 KB
master EncodeArgs net472 68.3μs 42.2ns 164ns 5.16 0.0688 0 32.5 KB
master EncodeLegacyArgs net6.0 75.3μs 410ns 2.25μs 0 0 0 2.14 KB
master EncodeLegacyArgs netcoreapp3.1 106μs 289ns 1.12μs 0 0 0 2.14 KB
master EncodeLegacyArgs net472 151μs 78.7ns 284ns 0.301 0 0 2.15 KB
#5473 EncodeArgs net6.0 39.4μs 26.6ns 95.7ns 0.453 0 0 32.4 KB
#5473 EncodeArgs netcoreapp3.1 56.1μs 38.3ns 148ns 0.442 0 0 32.4 KB
#5473 EncodeArgs net472 68.6μs 89.3ns 346ns 5.15 0.0682 0 32.5 KB
#5473 EncodeLegacyArgs net6.0 76.6μs 428ns 2.9μs 0 0 0 2.14 KB
#5473 EncodeLegacyArgs netcoreapp3.1 106μs 363ns 1.41μs 0 0 0 2.14 KB
#5473 EncodeLegacyArgs net472 153μs 372ns 1.39μs 0.303 0 0 2.15 KB
Benchmarks.Trace.Asm.AppSecWafBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master RunWafRealisticBenchmark net6.0 187μs 146ns 566ns 0 0 0 2.34 KB
master RunWafRealisticBenchmark netcoreapp3.1 200μs 210ns 812ns 0 0 0 2.3 KB
master RunWafRealisticBenchmark net472 218μs 67.3ns 261ns 0.327 0 0 2.36 KB
master RunWafRealisticBenchmarkWithAttack net6.0 124μs 123ns 478ns 0 0 0 1.44 KB
master RunWafRealisticBenchmarkWithAttack netcoreapp3.1 132μs 88.6ns 332ns 0 0 0 1.42 KB
master RunWafRealisticBenchmarkWithAttack net472 143μs 86.4ns 335ns 0.214 0 0 1.45 KB
#5473 RunWafRealisticBenchmark net6.0 189μs 92.6ns 359ns 0 0 0 2.34 KB
#5473 RunWafRealisticBenchmark netcoreapp3.1 198μs 150ns 560ns 0 0 0 2.3 KB
#5473 RunWafRealisticBenchmark net472 218μs 116ns 433ns 0.326 0 0 2.36 KB
#5473 RunWafRealisticBenchmarkWithAttack net6.0 124μs 81.5ns 316ns 0 0 0 1.44 KB
#5473 RunWafRealisticBenchmarkWithAttack netcoreapp3.1 132μs 149ns 576ns 0 0 0 1.42 KB
#5473 RunWafRealisticBenchmarkWithAttack net472 142μs 46ns 172ns 0.214 0 0 1.45 KB
Benchmarks.Trace.Iast.StringAspectsBenchmark - Same speed ✔️ More allocations ⚠️

More allocations ⚠️ in #5473

Benchmark Base Allocated Diff Allocated Change Change %
Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatAspectBenchmark‑netcoreapp3.1 203.51 KB 211.95 KB 8.44 KB 4.15%

Fewer allocations 🎉 in #5473

Benchmark Base Allocated Diff Allocated Change Change %
Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatAspectBenchmark‑net6.0 215.61 KB 213.94 KB -1.66 KB -0.77%

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StringConcatBenchmark net6.0 60.4μs 757ns 7.49μs 0 0 0 43.44 KB
master StringConcatBenchmark netcoreapp3.1 62.7μs 847ns 8.47μs 0 0 0 42.64 KB
master StringConcatBenchmark net472 37.6μs 74.3ns 257ns 0 0 0 61.87 KB
master StringConcatAspectBenchmark net6.0 303μs 1.31μs 8.09μs 0 0 0 215.61 KB
master StringConcatAspectBenchmark netcoreapp3.1 307μs 1.42μs 5.13μs 0 0 0 203.51 KB
master StringConcatAspectBenchmark net472 264μs 4.87μs 46.4μs 0 0 0 221.18 KB
#5473 StringConcatBenchmark net6.0 60.8μs 931ns 9.31μs 0 0 0 43.44 KB
#5473 StringConcatBenchmark netcoreapp3.1 61.4μs 907ns 8.8μs 0 0 0 42.64 KB
#5473 StringConcatBenchmark net472 37.2μs 80.8ns 302ns 0 0 0 61.82 KB
#5473 StringConcatAspectBenchmark net6.0 290μs 1.29μs 4.83μs 0 0 0 213.94 KB
#5473 StringConcatAspectBenchmark netcoreapp3.1 310μs 1.42μs 7.37μs 0 0 0 211.95 KB
#5473 StringConcatAspectBenchmark net472 238μs 3.07μs 30μs 0 0 0 221.18 KB

daniel-romano-DD
daniel-romano-DD approved these changes Apr 22, 2024
View reviewed changes
Copy link
Contributor

@daniel-romano-DD daniel-romano-DD left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. Thank you

@andrewlock
Copy link
Member

andrewlock commented Apr 22, 2024
edited
Loading

Throughput/Crank Report:zap:

Throughput results for AspNetCoreSimpleController comparing the following branches/commits:

Cases where throughput results for the PR are worse than latest master (5% drop or greater), results are shown in red.

Note that these results are based on a single point-in-time result for each branch. For full results, see one of the many, many dashboards!

gantt
    title Throughput Linux x64 (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (5473) (11.477M)   : 0, 11477354
    master (11.692M)   : 0, 11692244
    benchmarks/2.9.0 (11.965M)   : 0, 11965184

    section Automatic
    This PR (5473) (7.673M)   : 0, 7673264
    master (7.853M)   : 0, 7853275
    benchmarks/2.9.0 (8.522M)   : 0, 8521981

    section Trace stats
    master (8.249M)   : 0, 8248908

    section Manual
    This PR (5473) (10.167M)   : 0, 10166539
    master (10.073M)   : 0, 10072568

    section Manual + Automatic
    This PR (5473) (7.460M)   : 0, 7460287
    master (7.364M)   : 0, 7363516

    section Version Conflict
    master (6.579M)   : 0, 6579336
Loading 
gantt
    title Throughput Linux arm64 (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (5473) (9.510M)   : 0, 9510397
    master (9.426M)   : 0, 9426051
    benchmarks/2.9.0 (9.684M)   : 0, 9683662

    section Automatic
    This PR (5473) (6.363M)   : 0, 6363153
    master (6.685M)   : 0, 6684971

    section Trace stats
    master (6.782M)   : 0, 6781528

    section Manual
    This PR (5473) (8.235M)   : 0, 8235370
    master (8.176M)   : 0, 8176096

    section Manual + Automatic
    This PR (5473) (6.171M)   : 0, 6170650
    master (6.104M)   : 0, 6104327

    section Version Conflict
    master (5.580M)   : 0, 5580419
Loading 
gantt
    title Throughput Windows x64 (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (5473) (9.942M)   : 0, 9941920
    master (9.405M)   : 0, 9405155
    benchmarks/2.9.0 (9.684M)   : 0, 9683680

    section Automatic
    This PR (5473) (6.881M)   : 0, 6880532
    master (6.833M)   : 0, 6832698
    benchmarks/2.9.0 (7.178M)   : 0, 7177843

    section Trace stats
    master (7.114M)   : 0, 7113893

    section Manual
    This PR (5473) (8.461M)   : 0, 8461092
    master (8.420M)   : 0, 8420465

    section Manual + Automatic
    This PR (5473) (6.616M)   : 0, 6615788
    master (6.522M)   : 0, 6521941

    section Version Conflict
    master (5.925M)   : 0, 5924905
Loading

@e-n-0 e-n-0 force-pushed the flavien/asm/iast/grpc_source branch 2 times, most recently from 2ec8010 to 696bf39 Compare April 23, 2024 13:20
@e-n-0 e-n-0 force-pushed the flavien/asm/iast/grpc_source branch 7 times, most recently from 9f32463 to 8b5e57d Compare May 3, 2024 12:52
andrewlock
andrewlock approved these changes May 3, 2024
View reviewed changes
Copy link
Member

@andrewlock andrewlock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

tracer/test/Datadog.Trace.Security.IntegrationTests/IAST/Grpc/GrpcDotNetTests.cs Show resolved Hide resolved
tracer/test/Datadog.Trace.Security.IntegrationTests/IAST/Grpc/GrpcDotNetTests.cs Outdated Show resolved Hide resolved
tonyredondo and others added 19 commits May 6, 2024 17:51
@tonyredondo @e-n-0
revert
c66e46c
@e-n-0
Add instrumentation on grpc request object + Visitor to track strings…
31bf8db 
… and taint them
@e-n-0
Add new sample + integration test
0b9d07b
@e-n-0
Add grpc Source Type
ec8fb60
@e-n-0
Update Sample to add more tests
c5a3481
@e-n-0
Add problematic instrumentation
b04b8db
@e-n-0
Implement new instrumentation for reading grpc messages strings
077ee83
@e-n-0
Move Sample + Working integration tests
3c5e7e3
@e-n-0
Add the missing telemetry
a43b2a7
@e-n-0
Revert debug on triming file
74acca3
@e-n-0
Remove Security Sample
f67a813
@e-n-0
Update integration tests on existing APM sample
60a01b6
@e-n-0
Lower the minimum version of Google.Protobuf to support older versions
5570cb5
@e-n-0
Missing integration in the group
b5c5816
@e-n-0
Exclude net fx
7409458
@e-n-0
Skip build on unsupported
471dce6
@e-n-0
Update snapshot with deduplication enabled
038fd0e
@e-n-0
Scrub location
6927c7a
@e-n-0
Applied comments
aecb079
@e-n-0 e-n-0 force-pushed the flavien/asm/iast/grpc_source branch from daf703e to aecb079 Compare May 6, 2024 16:01
@e-n-0 e-n-0 merged commit 5abac7c into master May 7, 2024
60 checks passed
@e-n-0 e-n-0 deleted the flavien/asm/iast/grpc_source branch May 7, 2024 08:48
@github-actions github-actions bot added this to the vNext-v2 milestone May 7, 2024
tonyredondo added a commit that referenced this pull request May 10, 2024
@e-n-0 @tonyredondo
[ASM][IAST] Add source tainting for Grpc (#5473)
7aad726 
* Initial commit with the CallTargetRefStruct.cs readonly struct

* Managed test

* Native code implementation

* fixes

* Fixes and test suite

* revert

* Add instrumentation on grpc request object + Visitor to track strings and taint them

* Add new sample + integration test

* Add grpc Source Type

* Update Sample to add more tests

* Add problematic instrumentation

* Implement new instrumentation for reading grpc messages strings

* Move Sample + Working integration tests

* Add the missing telemetry

* Revert debug on triming file

* Remove Security Sample

* Update integration tests on existing APM sample

* Lower the minimum version of Google.Protobuf to support older versions

* Missing integration in the group

* Exclude net fx

* Skip build on unsupported

* Update snapshot with deduplication enabled

* Scrub location

* Applied comments

---------

Co-authored-by: Tony Redondo <tony.redondo@datadoghq.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daniel-romano-DD daniel-romano-DD daniel-romano-DD approved these changes

@andrewlock andrewlock andrewlock approved these changes

Assignees

@e-n-0 e-n-0

Labels
area:asm
Projects
None yet
Milestone
2.52.0
Development

Successfully merging this pull request may close these issues.
4 participants
@e-n-0 @andrewlock @daniel-romano-DD @tonyredondo