Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ASM] Attacker fingerprint #5982

Merged
merged 19 commits into from
Sep 17, 2024
Merged

[ASM] Attacker fingerprint #5982

merged 19 commits into from
Sep 17, 2024

Conversation

NachoEchevarria
Copy link
Contributor

@NachoEchevarria NachoEchevarria commented Sep 4, 2024
edited
Loading

Summary of changes

Fingerprinting is a technique used to identify and track users through the use of available data which, when combined through a certain set of algorithms, can provide a unique fingerprint for said user. Fingerprinting can be performed on many contexts with different data sets, such as the browser, which can provide the algorithm with specific data about the user’s software and hardware stack, or the server, which typically provides data at the different levels of the network stack.

This PR contains the implementation of the attacker fingerprint feature described in this RFC.

Reason for change

Implementation details

There are two small issues detected that seem related to the WAF:
If we don't send the request body, no endpoint fingerprint (_dd.appsec.fp.http.endpoint) is generated.
The agent header fingerprint is not generated if we send a value in a dictionary instead of a regular string.

These issues will be discussed with the libdwaf team.

Test coverage

Some unit tests have been added.

Since this feature will be enabled by default and, in order to cover different situations while not impacting the CI performance, the ASM integration tests have been modified to include the fingerprint in the snapshots.

Other details

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 4, 2024
edited
Loading

Snapshots difference summary

The following differences have been observed in committed snapshots. It is meant to help the reviewer.
The diff is simplistic, so please check some files anyway while we improve it.

101 occurrences of :

+      _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63,
+      _dd.appsec.fp.http.network: net-0-1000000000,

28 occurrences of :

+      http.request.headers.accept-language: en_UK,

6 occurrences of :

+      _dd.appsec.fp.http.header: hdr-0100000001--3-bf93958a,
+      _dd.appsec.fp.http.network: net-0-1000000000,

17 occurrences of :

+      _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738,
+      _dd.appsec.fp.http.network: net-0-1000000000,

14 occurrences of :

+      _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a,
+      _dd.appsec.fp.http.network: net-0-1000000000,

17 occurrences of :

+      _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738,
+      _dd.appsec.fp.http.network: net-0-1000000000,

2 occurrences of :

+      _dd.appsec.fp.http.endpoint: http-post-a13f66cb--6f45fc03,
+      _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311,
+      _dd.appsec.fp.http.network: net-0-1000000000,

8 occurrences of :

+      _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe,
+      _dd.appsec.fp.http.network: net-0-1000000000,

2 occurrences of :

+      _dd.appsec.fp.http.endpoint: http-post-a13f66cb--6f45fc03,
+      _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2,
+      _dd.appsec.fp.http.network: net-0-1000000000,

8 occurrences of :

+      _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63,
+      _dd.appsec.fp.http.network: net-0-1000000000,

35 occurrences of :

+      _dd.appsec.fp.http.header: <HeaderPrint>
+      _dd.appsec.fp.http.network: net-0-1000000000,

1 occurrences of :

+      _dd.appsec.fp.http.header: hdr-0000000010--1-4740ae63,
+      _dd.appsec.fp.http.network: net-0-1000000000,

5 occurrences of :

+      _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7,
+      _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311,
+      _dd.appsec.fp.http.network: net-0-1000000000,

1 occurrences of :

+      _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7,
+      _dd.appsec.fp.http.header: hdr-0100000100--3-4d739311,
+      _dd.appsec.fp.http.network: net-0-1000000000,

4 occurrences of :

+      _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7,
+      _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311,
+      _dd.appsec.fp.http.network: net-0-1000000000,

5 occurrences of :

+      _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7,
+      _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311,
+      _dd.appsec.fp.http.network: net-0-1000000000,

74 occurrences of :

+      _dd.appsec.fp.http.header: hdr-0000000000--3-98425651,
+      _dd.appsec.fp.http.network: net-0-1000000000,

5 occurrences of :

+      _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7,
+      _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2,
+      _dd.appsec.fp.http.network: net-0-1000000000,

5 occurrences of :

+      _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7,
+      _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2,
+      _dd.appsec.fp.http.network: net-0-1000000000,

1 occurrences of :

+      _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7,
+      _dd.appsec.fp.http.header: hdr-0100000100--5-07490af2,
+      _dd.appsec.fp.http.network: net-0-1000000000,

4 occurrences of :

+      _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7,
+      _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2,
+      _dd.appsec.fp.http.network: net-0-1000000000,

2 occurrences of :

+      _dd.appsec.fp.http.header: hdr-0100000000--3-98425651,
+      _dd.appsec.fp.http.network: net-0-1000000000,

5 occurrences of :

+      _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7,
+      _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311,
+      _dd.appsec.fp.http.network: net-0-1000000000,

5 occurrences of :

+      _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7,
+      _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2,
+      _dd.appsec.fp.http.network: net-0-1000000000,

5 occurrences of :

+      _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe,
+      _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311,
+      _dd.appsec.fp.http.network: net-0-1000000000,

1 occurrences of :

+      _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe,
+      _dd.appsec.fp.http.header: hdr-0100000100--5-07490af2,
+      _dd.appsec.fp.http.network: net-0-1000000000,

4 occurrences of :

+      _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe,
+      _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2,
+      _dd.appsec.fp.http.network: net-0-1000000000,

@NachoEchevarria NachoEchevarria changed the title Nacho/attacker fingerprint [ASM] Attacker fingerprint Sep 4, 2024
@datadog-ddstaging
Copy link

datadog-ddstaging bot commented Sep 4, 2024
edited
Loading

Datadog Report

Branch report: nacho/AttackerFingerprint
Commit report: 3472074
Test service: dd-trace-dotnet

✅ 0 Failed, 468238 Passed, 3234 Skipped, 31h 44m 43.02s Total Time

@andrewlock
Copy link
Member

andrewlock commented Sep 4, 2024
edited
Loading

Execution-Time Benchmarks Report ⏱️

Execution-time results for samples comparing the following branches/commits:

Execution-time benchmarks measure the whole time it takes to execute a program. And are intended to measure the one-off costs. Cases where the execution time results for the PR are worse than latest master results are shown in red. The following thresholds were used for comparing the execution times:

  • Welch test with statistical test for significance of 5%
  • Only results indicating a difference greater than 5% and 5 ms are considered.

Note that these results are based on a single point-in-time result for each branch. For full results, see the dashboard.

Graphs show the p99 interval based on the mean and StdDev of the test run, as well as the mean value of the run (shown as a diamond below the graph).

gantt
    title Execution time (ms) FakeDbCommand (.NET Framework 4.6.2) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5982) - mean (69ms)  : 67, 72
     .   : milestone, 69,
    master - mean (69ms)  : 67, 72
     .   : milestone, 69,

    section CallTarget+Inlining+NGEN
    This PR (5982) - mean (1,115ms)  : 1093, 1137
     .   : milestone, 1115,
    master - mean (1,117ms)  : 1090, 1144
     .   : milestone, 1117,
Loading 
gantt
    title Execution time (ms) FakeDbCommand (.NET Core 3.1) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5982) - mean (108ms)  : 105, 111
     .   : milestone, 108,
    master - mean (109ms)  : 105, 114
     .   : milestone, 109,

    section CallTarget+Inlining+NGEN
    This PR (5982) - mean (812ms)  : 794, 830
     .   : milestone, 812,
    master - mean (812ms)  : 784, 840
     .   : milestone, 812,
Loading 
gantt
    title Execution time (ms) FakeDbCommand (.NET 6) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5982) - mean (91ms)  : 90, 93
     .   : milestone, 91,
    master - mean (93ms)  : 88, 99
     .   : milestone, 93,

    section CallTarget+Inlining+NGEN
    This PR (5982) - mean (765ms)  : 744, 787
     .   : milestone, 765,
    master - mean (764ms)  : 739, 788
     .   : milestone, 764,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET Framework 4.6.2) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5982) - mean (190ms)  : 187, 194
     .   : milestone, 190,
    master - mean (190ms)  : 187, 194
     .   : milestone, 190,

    section CallTarget+Inlining+NGEN
    This PR (5982) - mean (1,198ms)  : 1170, 1226
     .   : milestone, 1198,
    master - mean (1,194ms)  : 1172, 1217
     .   : milestone, 1194,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET Core 3.1) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5982) - mean (276ms)  : 272, 281
     .   : milestone, 276,
    master - mean (277ms)  : 272, 283
     .   : milestone, 277,

    section CallTarget+Inlining+NGEN
    This PR (5982) - mean (964ms)  : 943, 985
     .   : milestone, 964,
    master - mean (969ms)  : 949, 989
     .   : milestone, 969,
Loading 
gantt
    title Execution time (ms) HttpMessageHandler (.NET 6) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (5982) - mean (265ms)  : 261, 268
     .   : milestone, 265,
    master - mean (265ms)  : 260, 269
     .   : milestone, 265,

    section CallTarget+Inlining+NGEN
    This PR (5982) - mean (950ms)  : 928, 972
     .   : milestone, 950,
    master - mean (946ms)  : 922, 970
     .   : milestone, 946,
Loading

@andrewlock
Copy link
Member

andrewlock commented Sep 4, 2024
edited
Loading

Benchmarks Report for appsec 🐌

Benchmarks for #5982 compared to master:

  • 2 benchmarks are faster, with geometric mean 1.155
  • 6 benchmarks have more allocations

The following thresholds were used for comparing the benchmark speeds:

  • Mann–Whitney U test with statistical test for significance of 5%
  • Only results indicating a difference greater than 10% and 0.3 ns are considered.

Allocation changes below 0.5% are ignored.

Benchmark details

Benchmarks.Trace.Asm.AppSecBodyBenchmark - Faster 🎉 Same allocations ✔️

Faster 🎉 in #5982

Benchmark base/diff Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.Asm.AppSecBodyBenchmark.ObjectExtractorMoreComplexBody‑net472 1.161 4,892.42 4,213.72
Benchmarks.Trace.Asm.AppSecBodyBenchmark.ObjectExtractorSimpleBody‑netcoreapp3.1 1.149 226.93 197.56

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master AllCycleSimpleBody net6.0 73μs 113ns 440ns 0.0731 0 0 6.01 KB
master AllCycleSimpleBody netcoreapp3.1 62.4μs 111ns 429ns 0.0939 0 0 6.95 KB
master AllCycleSimpleBody net472 49.6μs 51.6ns 193ns 1.31 0 0 8.34 KB
master AllCycleMoreComplexBody net6.0 78.3μs 80.1ns 278ns 0.118 0 0 9.51 KB
master AllCycleMoreComplexBody netcoreapp3.1 69.8μs 95.6ns 370ns 0.138 0 0 10.36 KB
master AllCycleMoreComplexBody net472 57.1μs 83.7ns 313ns 1.88 0.0285 0 11.85 KB
master ObjectExtractorSimpleBody net6.0 147ns 0.298ns 1.15ns 0.00391 0 0 280 B
master ObjectExtractorSimpleBody netcoreapp3.1 227ns 0.175ns 0.68ns 0.00367 0 0 272 B
master ObjectExtractorSimpleBody net472 211ns 0.126ns 0.471ns 0.0446 0 0 281 B
master ObjectExtractorMoreComplexBody net6.0 3.11μs 1.62ns 5.83ns 0.053 0 0 3.78 KB
master ObjectExtractorMoreComplexBody netcoreapp3.1 4.02μs 3.03ns 11.7ns 0.0503 0 0 3.69 KB
master ObjectExtractorMoreComplexBody net472 4.89μs 12.7ns 49.1ns 0.602 0.00488 0 3.8 KB
#5982 AllCycleSimpleBody net6.0 72.9μs 95ns 368ns 0.0728 0 0 6.01 KB
#5982 AllCycleSimpleBody netcoreapp3.1 62.3μs 134ns 519ns 0.093 0 0 6.95 KB
#5982 AllCycleSimpleBody net472 48.5μs 50.1ns 194ns 1.32 0 0 8.34 KB
#5982 AllCycleMoreComplexBody net6.0 78.4μs 81.8ns 295ns 0.119 0 0 9.51 KB
#5982 AllCycleMoreComplexBody netcoreapp3.1 70.4μs 118ns 457ns 0.141 0 0 10.37 KB
#5982 AllCycleMoreComplexBody net472 57μs 102ns 394ns 1.86 0.0282 0 11.85 KB
#5982 ObjectExtractorSimpleBody net6.0 155ns 0.387ns 1.5ns 0.00395 0 0 280 B
#5982 ObjectExtractorSimpleBody netcoreapp3.1 198ns 0.428ns 1.54ns 0.00374 0 0 272 B
#5982 ObjectExtractorSimpleBody net472 224ns 0.363ns 1.41ns 0.0446 0 0 281 B
#5982 ObjectExtractorMoreComplexBody net6.0 3.16μs 11.6ns 45ns 0.053 0 0 3.78 KB
#5982 ObjectExtractorMoreComplexBody netcoreapp3.1 3.94μs 2.87ns 10.7ns 0.0494 0 0 3.69 KB
#5982 ObjectExtractorMoreComplexBody net472 4.22μs 5.52ns 19.9ns 0.603 0.00633 0 3.8 KB
Benchmarks.Trace.Asm.AppSecEncoderBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EncodeArgs net6.0 38.1μs 24.6ns 95.5ns 0.458 0 0 32.4 KB
master EncodeArgs netcoreapp3.1 55.2μs 38.8ns 150ns 0.446 0 0 32.4 KB
master EncodeArgs net472 65.5μs 48.3ns 181ns 5.14 0.065 0 32.5 KB
master EncodeLegacyArgs net6.0 79.2μs 127ns 493ns 0 0 0 2.14 KB
master EncodeLegacyArgs netcoreapp3.1 105μs 92.5ns 346ns 0 0 0 2.14 KB
master EncodeLegacyArgs net472 151μs 143ns 555ns 0.303 0 0 2.15 KB
#5982 EncodeArgs net6.0 37.3μs 52.2ns 202ns 0.45 0 0 32.4 KB
#5982 EncodeArgs netcoreapp3.1 54.1μs 19ns 71.2ns 0.431 0 0 32.4 KB
#5982 EncodeArgs net472 66μs 36.2ns 130ns 5.14 0.0659 0 32.5 KB
#5982 EncodeLegacyArgs net6.0 74.4μs 423ns 3.08μs 0 0 0 2.14 KB
#5982 EncodeLegacyArgs netcoreapp3.1 104μs 134ns 519ns 0 0 0 2.14 KB
#5982 EncodeLegacyArgs net472 152μs 142ns 549ns 0.301 0 0 2.15 KB
Benchmarks.Trace.Asm.AppSecWafBenchmark - Same speed ✔️ More allocations ⚠️

More allocations ⚠️ in #5982

Benchmark Base Allocated Diff Allocated Change Change %
Benchmarks.Trace.Asm.AppSecWafBenchmark.RunWafRealisticBenchmark‑net472 2.43 KB 2.46 KB 26 B 1.07%
Benchmarks.Trace.Asm.AppSecWafBenchmark.RunWafRealisticBenchmark‑netcoreapp3.1 2.37 KB 2.39 KB 24 B 1.01%
Benchmarks.Trace.Asm.AppSecWafBenchmark.RunWafRealisticBenchmark‑net6.0 2.42 KB 2.44 KB 24 B 0.99%
Benchmarks.Trace.Asm.AppSecWafBenchmark.RunWafRealisticBenchmarkWithAttack‑netcoreapp3.1 1.45 KB 1.46 KB 9 B 0.62%
Benchmarks.Trace.Asm.AppSecWafBenchmark.RunWafRealisticBenchmarkWithAttack‑net6.0 1.46 KB 1.47 KB 8 B 0.55%
Benchmarks.Trace.Asm.AppSecWafBenchmark.RunWafRealisticBenchmarkWithAttack‑net472 1.48 KB 1.49 KB 8 B 0.54%

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master RunWafRealisticBenchmark net6.0 185μs 100ns 388ns 0 0 0 2.42 KB
master RunWafRealisticBenchmark netcoreapp3.1 199μs 223ns 863ns 0 0 0 2.37 KB
master RunWafRealisticBenchmark net472 211μs 49ns 190ns 0.312 0 0 2.43 KB
master RunWafRealisticBenchmarkWithAttack net6.0 123μs 33.6ns 121ns 0 0 0 1.46 KB
master RunWafRealisticBenchmarkWithAttack netcoreapp3.1 131μs 246ns 919ns 0 0 0 1.45 KB
master RunWafRealisticBenchmarkWithAttack net472 139μs 51ns 197ns 0.209 0 0 1.48 KB
#5982 RunWafRealisticBenchmark net6.0 183μs 116ns 450ns 0 0 0 2.44 KB
#5982 RunWafRealisticBenchmark netcoreapp3.1 198μs 182ns 704ns 0 0 0 2.39 KB
#5982 RunWafRealisticBenchmark net472 213μs 93ns 360ns 0.32 0 0 2.46 KB
#5982 RunWafRealisticBenchmarkWithAttack net6.0 126μs 34.9ns 121ns 0 0 0 1.47 KB
#5982 RunWafRealisticBenchmarkWithAttack netcoreapp3.1 133μs 119ns 446ns 0 0 0 1.46 KB
#5982 RunWafRealisticBenchmarkWithAttack net472 143μs 39.6ns 153ns 0.214 0 0 1.49 KB
Benchmarks.Trace.Iast.StringAspectsBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StringConcatBenchmark net6.0 61.3μs 799ns 7.95μs 0 0 0 43.44 KB
master StringConcatBenchmark netcoreapp3.1 64.4μs 864ns 8.6μs 0 0 0 42.64 KB
master StringConcatBenchmark net472 38.9μs 203ns 1.01μs 0 0 0 57.26 KB
master StringConcatAspectBenchmark net6.0 345μs 5.04μs 47.8μs 0 0 0 267.41 KB
master StringConcatAspectBenchmark netcoreapp3.1 361μs 2.43μs 22.9μs 0 0 0 254.96 KB
master StringConcatAspectBenchmark net472 295μs 5.93μs 58.1μs 0 0 0 278.53 KB
#5982 StringConcatBenchmark net6.0 62.9μs 766ns 7.47μs 0 0 0 43.44 KB
#5982 StringConcatBenchmark netcoreapp3.1 61.8μs 948ns 9.34μs 0 0 0 42.64 KB
#5982 StringConcatBenchmark net472 37.7μs 164ns 615ns 0 0 0 57.34 KB
#5982 StringConcatAspectBenchmark net6.0 326μs 1.76μs 10.7μs 0 0 0 266.54 KB
#5982 StringConcatAspectBenchmark netcoreapp3.1 341μs 1.86μs 10.8μs 0 0 0 254.22 KB
#5982 StringConcatAspectBenchmark net472 285μs 5.61μs 53.8μs 0 0 0 278.53 KB

@andrewlock
Copy link
Member

andrewlock commented Sep 4, 2024
edited
Loading

Benchmarks Report for tracer 🐌

Benchmarks for #5982 compared to master:

  • 1 benchmarks are slower, with geometric mean 1.141
  • All benchmarks have the same allocations

The following thresholds were used for comparing the benchmark speeds:

  • Mann–Whitney U test with statistical test for significance of 5%
  • Only results indicating a difference greater than 10% and 0.3 ns are considered.

Allocation changes below 0.5% are ignored.

Benchmark details

Benchmarks.Trace.ActivityBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StartStopWithChild net6.0 7.78μs 44.5ns 324ns 0.0112 0.00374 0 5.43 KB
master StartStopWithChild netcoreapp3.1 9.85μs 43.4ns 157ns 0.0143 0.00476 0 5.62 KB
master StartStopWithChild net472 16.1μs 33ns 123ns 1.03 0.313 0.102 6.06 KB
#5982 StartStopWithChild net6.0 7.82μs 44.2ns 303ns 0.0118 0.00394 0 5.43 KB
#5982 StartStopWithChild netcoreapp3.1 9.93μs 53.4ns 287ns 0.024 0.00959 0 5.62 KB
#5982 StartStopWithChild net472 15.9μs 57.7ns 224ns 1.03 0.318 0.0955 6.07 KB
Benchmarks.Trace.AgentWriterBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master WriteAndFlushEnrichedTraces net6.0 481μs 158ns 549ns 0 0 0 2.7 KB
master WriteAndFlushEnrichedTraces netcoreapp3.1 625μs 304ns 1.18μs 0 0 0 2.7 KB
master WriteAndFlushEnrichedTraces net472 844μs 342ns 1.33μs 0.419 0 0 3.3 KB
#5982 WriteAndFlushEnrichedTraces net6.0 477μs 245ns 918ns 0 0 0 2.7 KB
#5982 WriteAndFlushEnrichedTraces netcoreapp3.1 632μs 284ns 1.03μs 0 0 0 2.7 KB
#5982 WriteAndFlushEnrichedTraces net472 837μs 682ns 2.64μs 0.414 0 0 3.3 KB
Benchmarks.Trace.AspNetCoreBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendRequest net6.0 203μs 1.17μs 9.62μs 0.197 0 0 18.45 KB
master SendRequest netcoreapp3.1 225μs 1.29μs 9.79μs 0.216 0 0 20.61 KB
master SendRequest net472 0.00235ns 0.000752ns 0.00291ns 0 0 0 0 b
#5982 SendRequest net6.0 192μs 1.03μs 5.72μs 0.189 0 0 18.45 KB
#5982 SendRequest netcoreapp3.1 221μs 1.28μs 10.9μs 0.231 0 0 20.61 KB
#5982 SendRequest net472 0.000946ns 0.000253ns 0.000913ns 0 0 0 0 b
Benchmarks.Trace.CIVisibilityProtocolWriterBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master WriteAndFlushEnrichedTraces net6.0 562μs 2.9μs 16.2μs 0.558 0 0 41.65 KB
master WriteAndFlushEnrichedTraces netcoreapp3.1 697μs 3.34μs 13.8μs 0.326 0 0 41.87 KB
master WriteAndFlushEnrichedTraces net472 862μs 2.83μs 11μs 8.45 2.53 0.422 53.29 KB
#5982 WriteAndFlushEnrichedTraces net6.0 559μs 2.61μs 12.5μs 0.576 0 0 41.46 KB
#5982 WriteAndFlushEnrichedTraces netcoreapp3.1 679μs 3.2μs 12.8μs 0.342 0 0 41.7 KB
#5982 WriteAndFlushEnrichedTraces net472 856μs 2.85μs 11μs 8.33 2.5 0.417 53.31 KB
Benchmarks.Trace.DbCommandBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master ExecuteNonQuery net6.0 1.27μs 0.95ns 3.68ns 0.014 0 0 1.02 KB
master ExecuteNonQuery netcoreapp3.1 1.73μs 1.25ns 4.84ns 0.0131 0 0 1.02 KB
master ExecuteNonQuery net472 2.04μs 2.14ns 8.31ns 0.156 0 0 987 B
#5982 ExecuteNonQuery net6.0 1.29μs 1.34ns 5.19ns 0.0142 0 0 1.02 KB
#5982 ExecuteNonQuery netcoreapp3.1 1.8μs 3.36ns 13ns 0.0134 0 0 1.02 KB
#5982 ExecuteNonQuery net472 2.05μs 1.42ns 5.51ns 0.157 0 0 987 B
Benchmarks.Trace.ElasticsearchBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master CallElasticsearch net6.0 1.23μs 0.454ns 1.7ns 0.0136 0 0 976 B
master CallElasticsearch netcoreapp3.1 1.56μs 1.79ns 6.7ns 0.0132 0 0 976 B
master CallElasticsearch net472 2.61μs 2.1ns 8.13ns 0.158 0.0013 0 995 B
master CallElasticsearchAsync net6.0 1.35μs 0.955ns 3.58ns 0.0135 0 0 952 B
master CallElasticsearchAsync netcoreapp3.1 1.65μs 0.667ns 2.41ns 0.0133 0 0 1.02 KB
master CallElasticsearchAsync net472 2.64μs 1.14ns 4.11ns 0.166 0.00133 0 1.05 KB
#5982 CallElasticsearch net6.0 1.22μs 0.796ns 2.98ns 0.0135 0 0 976 B
#5982 CallElasticsearch netcoreapp3.1 1.5μs 0.691ns 2.59ns 0.0127 0 0 976 B
#5982 CallElasticsearch net472 2.44μs 1.93ns 7.2ns 0.158 0.00123 0 995 B
#5982 CallElasticsearchAsync net6.0 1.3μs 0.611ns 2.29ns 0.0131 0 0 952 B
#5982 CallElasticsearchAsync netcoreapp3.1 1.57μs 0.875ns 3.27ns 0.0134 0 0 1.02 KB
#5982 CallElasticsearchAsync net472 2.65μs 2.99ns 11.6ns 0.166 0 0 1.05 KB
Benchmarks.Trace.GraphQLBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master ExecuteAsync net6.0 1.27μs 1.22ns 4.71ns 0.0133 0 0 952 B
master ExecuteAsync netcoreapp3.1 1.62μs 0.891ns 3.21ns 0.0129 0 0 952 B
master ExecuteAsync net472 1.82μs 2.47ns 9.55ns 0.145 0 0 915 B
#5982 ExecuteAsync net6.0 1.35μs 2.07ns 7.75ns 0.0133 0 0 952 B
#5982 ExecuteAsync netcoreapp3.1 1.56μs 0.574ns 2.15ns 0.0125 0 0 952 B
#5982 ExecuteAsync net472 1.83μs 0.981ns 3.8ns 0.144 0 0 915 B
Benchmarks.Trace.HttpClientBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendAsync net6.0 4.15μs 0.911ns 3.29ns 0.0312 0 0 2.22 KB
master SendAsync netcoreapp3.1 5.2μs 20.1ns 78ns 0.036 0 0 2.76 KB
master SendAsync net472 7.84μs 1.8ns 6.98ns 0.496 0 0 3.15 KB
#5982 SendAsync net6.0 4.1μs 2.25ns 8.42ns 0.0309 0 0 2.22 KB
#5982 SendAsync netcoreapp3.1 5.03μs 25.8ns 118ns 0.0374 0 0 2.76 KB
#5982 SendAsync net472 7.66μs 1.77ns 6.86ns 0.497 0 0 3.15 KB
Benchmarks.Trace.ILoggerBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 1.43μs 0.752ns 2.81ns 0.0229 0 0 1.64 KB
master EnrichedLog netcoreapp3.1 2.25μs 1.17ns 4.36ns 0.0225 0 0 1.64 KB
master EnrichedLog net472 2.53μs 0.603ns 2.26ns 0.25 0 0 1.57 KB
#5982 EnrichedLog net6.0 1.42μs 0.537ns 2.01ns 0.023 0 0 1.64 KB
#5982 EnrichedLog netcoreapp3.1 2.1μs 0.907ns 3.39ns 0.0222 0 0 1.64 KB
#5982 EnrichedLog net472 2.61μs 2.14ns 7.71ns 0.249 0 0 1.57 KB
Benchmarks.Trace.Log4netBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 113μs 165ns 594ns 0.0572 0 0 4.28 KB
master EnrichedLog netcoreapp3.1 117μs 98.7ns 382ns 0.0589 0 0 4.28 KB
master EnrichedLog net472 145μs 54.4ns 211ns 0.654 0.218 0 4.46 KB
#5982 EnrichedLog net6.0 116μs 181ns 702ns 0.0577 0 0 4.28 KB
#5982 EnrichedLog netcoreapp3.1 117μs 108ns 419ns 0 0 0 4.28 KB
#5982 EnrichedLog net472 146μs 78.5ns 294ns 0.655 0.218 0 4.46 KB
Benchmarks.Trace.NLogBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 3.04μs 1.35ns 5.05ns 0.0305 0 0 2.2 KB
master EnrichedLog netcoreapp3.1 4.31μs 1.12ns 4.36ns 0.0302 0 0 2.2 KB
master EnrichedLog net472 4.89μs 0.944ns 3.66ns 0.32 0 0 2.02 KB
#5982 EnrichedLog net6.0 3μs 1.15ns 4.14ns 0.0316 0 0 2.2 KB
#5982 EnrichedLog netcoreapp3.1 4.14μs 1.09ns 4.08ns 0.0291 0 0 2.2 KB
#5982 EnrichedLog net472 4.76μs 1.39ns 5.4ns 0.319 0 0 2.02 KB
Benchmarks.Trace.RedisBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master SendReceive net6.0 1.38μs 0.582ns 2.18ns 0.0159 0 0 1.14 KB
master SendReceive netcoreapp3.1 1.77μs 0.981ns 3.8ns 0.015 0 0 1.14 KB
master SendReceive net472 2.07μs 1.26ns 4.86ns 0.183 0.00103 0 1.16 KB
#5982 SendReceive net6.0 1.34μs 1.43ns 5.54ns 0.0161 0 0 1.14 KB
#5982 SendReceive netcoreapp3.1 1.71μs 0.827ns 3.2ns 0.0154 0 0 1.14 KB
#5982 SendReceive net472 2.01μs 1.23ns 4.77ns 0.183 0.001 0 1.16 KB
Benchmarks.Trace.SerilogBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master EnrichedLog net6.0 2.69μs 10.2ns 39.3ns 0.0225 0 0 1.6 KB
master EnrichedLog netcoreapp3.1 4.03μs 1.14ns 4.41ns 0.0221 0 0 1.65 KB
master EnrichedLog net472 4.38μs 3.19ns 12.3ns 0.322 0 0 2.04 KB
#5982 EnrichedLog net6.0 2.81μs 0.889ns 3.44ns 0.0225 0 0 1.6 KB
#5982 EnrichedLog netcoreapp3.1 3.98μs 2.51ns 9.74ns 0.022 0 0 1.65 KB
#5982 EnrichedLog net472 4.34μs 2.33ns 8.73ns 0.322 0 0 2.04 KB
Benchmarks.Trace.SpanBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master StartFinishSpan net6.0 412ns 0.227ns 0.819ns 0.00803 0 0 576 B
master StartFinishSpan netcoreapp3.1 579ns 0.265ns 0.99ns 0.00795 0 0 576 B
master StartFinishSpan net472 679ns 0.578ns 2.24ns 0.0918 0 0 578 B
master StartFinishScope net6.0 508ns 0.277ns 1.07ns 0.0097 0 0 696 B
master StartFinishScope netcoreapp3.1 704ns 0.446ns 1.67ns 0.00933 0 0 696 B
master StartFinishScope net472 856ns 1.78ns 6.89ns 0.104 0 0 658 B
#5982 StartFinishSpan net6.0 398ns 0.26ns 1.01ns 0.008 0 0 576 B
#5982 StartFinishSpan netcoreapp3.1 603ns 0.359ns 1.29ns 0.00808 0 0 576 B
#5982 StartFinishSpan net472 752ns 0.773ns 2.99ns 0.0915 0 0 578 B
#5982 StartFinishScope net6.0 475ns 0.375ns 1.45ns 0.00981 0 0 696 B
#5982 StartFinishScope netcoreapp3.1 775ns 0.503ns 1.95ns 0.0092 0 0 696 B
#5982 StartFinishScope net472 922ns 1.03ns 3.98ns 0.104 0 0 658 B
Benchmarks.Trace.TraceAnnotationsBenchmark - Slower ⚠️ Same allocations ✔️

Slower ⚠️ in #5982

Benchmark diff/base Base Median (ns) Diff Median (ns) Modality
Benchmarks.Trace.TraceAnnotationsBenchmark.RunOnMethodBegin‑netcoreapp3.1 1.141 905.91 1,033.66

Raw results

Branch Method Toolchain Mean StdError StdDev Gen 0 Gen 1 Gen 2 Allocated
master RunOnMethodBegin net6.0 653ns 0.484ns 1.88ns 0.00979 0 0 696 B
master RunOnMethodBegin netcoreapp3.1 895ns 4.29ns 17.1ns 0.00925 0 0 696 B
master RunOnMethodBegin net472 1.12μs 1.12ns 4.33ns 0.104 0 0 658 B
#5982 RunOnMethodBegin net6.0 598ns 0.275ns 1.07ns 0.00959 0 0 696 B
#5982 RunOnMethodBegin netcoreapp3.1 1.03μs 0.696ns 2.7ns 0.00926 0 0 696 B
#5982 RunOnMethodBegin net472 1.04μs 0.864ns 3.35ns 0.104 0 0 658 B

NachoEchevarria
NachoEchevarria commented Sep 5, 2024
View reviewed changes
tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetCoreWithExternalRulesFileBase.cs
@@ -41,6 +41,7 @@ public async Task TestBlockedHeader(string test, HttpStatusCode expectedStatusCo
var agent = Fixture.Agent;
var sanitisedUrl = VerifyHelper.SanitisePathsForVerify(url);
var settings = VerifyHelper.GetSpanVerifierSettings(test, (int)expectedStatusCode, sanitisedUrl);
ScrubFingerprintHeaders(settings);
Copy link
Contributor Author

@NachoEchevarria NachoEchevarria Sep 5, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These particular tests share snapshots but they send different headers, resulting in a different fingerprint.

@NachoEchevarria NachoEchevarria marked this pull request as ready for review September 5, 2024 16:00
@NachoEchevarria NachoEchevarria requested review from a team as code owners September 5, 2024 16:00
daniel-romano-DD
daniel-romano-DD approved these changes Sep 5, 2024
View reviewed changes
Copy link
Contributor

@daniel-romano-DD daniel-romano-DD left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@andrewlock
Copy link
Member

andrewlock commented Sep 10, 2024
edited
Loading

Throughput/Crank Report ⚡

Throughput results for AspNetCoreSimpleController comparing the following branches/commits:

Cases where throughput results for the PR are worse than latest master (5% drop or greater), results are shown in red.

Note that these results are based on a single point-in-time result for each branch. For full results, see one of the many, many dashboards!

gantt
    title Throughput Linux x64 (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (5982) (10.952M)   : 0, 10952357
    master (10.867M)   : 0, 10866655
    benchmarks/2.9.0 (11.081M)   : 0, 11080577

    section Automatic
    This PR (5982) (7.259M)   : 0, 7258635
    master (7.063M)   : 0, 7062638
    benchmarks/2.9.0 (7.732M)   : 0, 7732233

    section Trace stats
    master (7.364M)   : 0, 7364303

    section Manual
    master (10.824M)   : 0, 10823898

    section Manual + Automatic
    This PR (5982) (6.728M)   : 0, 6727852
    master (6.575M)   : 0, 6575042

    section DD_TRACE_ENABLED=0
    master (9.990M)   : 0, 9989817
Loading 
gantt
    title Throughput Linux arm64 (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (5982) (9.646M)   : 0, 9646079
    master (9.746M)   : 0, 9746139
    benchmarks/2.9.0 (9.798M)   : 0, 9798067

    section Automatic
    This PR (5982) (6.469M)   : 0, 6468793
    master (6.518M)   : 0, 6518443

    section Trace stats
    master (6.791M)   : 0, 6791013

    section Manual
    master (9.554M)   : 0, 9554347

    section Manual + Automatic
    This PR (5982) (6.171M)   : 0, 6170797
    master (6.054M)   : 0, 6053863

    section DD_TRACE_ENABLED=0
    master (8.868M)   : 0, 8868379
Loading 
gantt
    title Throughput Windows x64 (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (5982) (10.175M)   : 0, 10175228
    master (10.125M)   : 0, 10125159
    benchmarks/2.9.0 (10.067M)   : 0, 10067315

    section Automatic
    This PR (5982) (6.753M)   : 0, 6752766
    master (6.789M)   : 0, 6788744
    benchmarks/2.9.0 (7.552M)   : 0, 7552193

    section Trace stats
    master (7.427M)   : 0, 7426998

    section Manual
    master (10.349M)   : 0, 10348694

    section Manual + Automatic
    This PR (5982) (6.128M)   : 0, 6127914
    master (6.321M)   : 0, 6321226

    section DD_TRACE_ENABLED=0
    master (9.558M)   : 0, 9557791
Loading

andrewlock
andrewlock approved these changes Sep 16, 2024
View reviewed changes
Copy link
Member

@andrewlock andrewlock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Didn't do much of a review of the actual fingerprinting side; will leave someone from ASM to check that 😄 Fine from the tracing side obviously!

tracer/src/Datadog.Trace/AppSec/AttackerFingerprint/AttackerFingerprintHelper.cs Outdated
else
{
// This should not happen
Log.Warning("Fingerprint derivative {DerivativeKey} has no value", derivative.Key);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any concern that if we do hit this for some weird reason, then we could end up writing a lot of logs? If we have any concerns about it, we could either

  1. convert this to debug
  2. Add a flag to make sure we only right this once?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that the second option it's better. If it happens, we should know but we don't want to flood the log. Thanks!

tracer/src/Datadog.Trace/AppSec/Waf/RCMCapabilitiesHelper.cs Outdated
@@ -17,8 +17,12 @@ internal static class RCMCapabilitiesHelper
{
private static readonly IDatadogLogger Log = DatadogLogging.GetLoggerFor(typeof(RCMCapabilitiesHelper));

private static readonly Dictionary<BigInteger, Version> _CapabilitiesVersion = new Dictionary<BigInteger, Version>()
private static readonly Dictionary<BigInteger, Version> _CapabilitiesByWafVersion = new Dictionary<BigInteger, Version>()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: standard naming would make this _capabilitiesByWafVersion

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Fixed!

tracer/test/Datadog.Trace.Security.IntegrationTests/RASP/AspNetCore5Rasp.cs
@@ -108,6 +106,12 @@ public async Task TryStartApp()
[Trait("RunOnWindows", "True")]
public async Task TestRaspRequest(string url, string exploit)
{
AddHeaders(new()
{
{ "Accept-Language", "en_UK" },
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this isn't actually a "normal" value, usually it has a format like this: en-GB. Does that matter?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really. I copied that from a waf test to compare. It would only affects to the hash result.

@NachoEchevarria
Copy link
Contributor Author

Thanks you for the reviews!

@NachoEchevarria NachoEchevarria merged commit 3847923 into master Sep 17, 2024
74 checks passed
@NachoEchevarria NachoEchevarria deleted the nacho/AttackerFingerprint branch September 17, 2024 13:00
@github-actions github-actions bot added this to the vNext-v3 milestone Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daniel-romano-DD daniel-romano-DD daniel-romano-DD approved these changes

@andrewlock andrewlock andrewlock approved these changes

Assignees
No one assigned
Labels
area:asm type:new-feature
Projects
None yet
Milestone
3.4.0
Development

Successfully merging this pull request may close these issues.
3 participants
@NachoEchevarria @andrewlock @daniel-romano-DD