Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to libddwaf 1.16.0 (libsqreen 9.0.1) #6658

Merged
merged 1 commit into from
Feb 12, 2024
Merged

Upgrade to libddwaf 1.16.0 (libsqreen 9.0.1) #6658

merged 1 commit into from
Feb 12, 2024

Conversation

ValentinZakharov
Copy link
Contributor

@ValentinZakharov ValentinZakharov commented Feb 9, 2024
edited by smola
Loading

What Does This Do

Upgraded libddwaf to the latest version, see:

Motivation

To proceed #6375 we need critical updates from latest version of libddwaf.

Additional Notes

Jira ticket: APPSEC-51687

@pr-commenter
Copy link

pr-commenter bot commented Feb 9, 2024

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master vzakharov/update-libddwaf-1.16.0
git_commit_date 1707488197 1707506755
git_commit_sha a3eb733 9c101fd
release_version 1.31.0-SNAPSHOT~a3eb7336df 1.31.0-SNAPSHOT~9c101fd5b5
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1707509809 1707509809
ci_job_id 430859416 430859416
ci_pipeline_id 28065659 28065659
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 41 metrics, 13 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.31.0-SNAPSHOT~9c101fd5b5, baseline=1.31.0-SNAPSHOT~a3eb7336df

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.061 s) : 0, 1060616
Total [baseline] (9.316 s) : 0, 9316486
Agent [candidate] (1.069 s) : 0, 1069056
Total [candidate] (9.374 s) : 0, 9374368
section appsec
Agent [baseline] (1.173 s) : 0, 1173263
Total [baseline] (9.506 s) : 0, 9506383
Agent [candidate] (1.16 s) : 0, 1159987
Total [candidate] (9.456 s) : 0, 9455693
section iast
Agent [baseline] (1.182 s) : 0, 1182232
Total [baseline] (9.728 s) : 0, 9728175
Agent [candidate] (1.196 s) : 0, 1195580
Total [candidate] (9.681 s) : 0, 9681202
section profiling
Agent [baseline] (1.275 s) : 0, 1274891
Total [baseline] (9.599 s) : 0, 9598904
Agent [candidate] (1.277 s) : 0, 1277024
Total [candidate] (9.591 s) : 0, 9591126
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.061 s -
Agent appsec 1.173 s 112.647 ms (10.6%)
Agent iast 1.182 s 121.616 ms (11.5%)
Agent profiling 1.275 s 214.275 ms (20.2%)
Total tracing 9.316 s -
Total appsec 9.506 s 189.897 ms (2.0%)
Total iast 9.728 s 411.69 ms (4.4%)
Total profiling 9.599 s 282.419 ms (3.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.069 s -
Agent appsec 1.16 s 90.931 ms (8.5%)
Agent iast 1.196 s 126.524 ms (11.8%)
Agent profiling 1.277 s 207.968 ms (19.5%)
Total tracing 9.374 s -
Total appsec 9.456 s 81.325 ms (0.9%)
Total iast 9.681 s 306.833 ms (3.3%)
Total profiling 9.591 s 216.758 ms (2.3%) 
gantt
    title petclinic - break down per module: candidate=1.31.0-SNAPSHOT~9c101fd5b5, baseline=1.31.0-SNAPSHOT~a3eb7336df

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (667.797 ms) : 0, 667797
BytebuddyAgent [candidate] (673.387 ms) : 0, 673387
GlobalTracer [baseline] (298.506 ms) : 0, 298506
GlobalTracer [candidate] (300.568 ms) : 0, 300568
AppSec [baseline] (51.527 ms) : 0, 51527
AppSec [candidate] (52.126 ms) : 0, 52126
Remote Config [baseline] (693.14 µs) : 0, 693
Remote Config [candidate] (690.137 µs) : 0, 690
Telemetry [baseline] (7.598 ms) : 0, 7598
Telemetry [candidate] (7.695 ms) : 0, 7695
section appsec
BytebuddyAgent [baseline] (677.621 ms) : 0, 677621
BytebuddyAgent [candidate] (668.378 ms) : 0, 668378
GlobalTracer [baseline] (301.626 ms) : 0, 301626
GlobalTracer [candidate] (298.343 ms) : 0, 298343
AppSec [baseline] (151.561 ms) : 0, 151561
AppSec [candidate] (151.406 ms) : 0, 151406
Remote Config [baseline] (667.984 µs) : 0, 668
Remote Config [candidate] (651.78 µs) : 0, 652
Telemetry [baseline] (6.948 ms) : 0, 6948
Telemetry [candidate] (6.789 ms) : 0, 6789
section iast
BytebuddyAgent [baseline] (777.824 ms) : 0, 777824
BytebuddyAgent [candidate] (785.902 ms) : 0, 785902
GlobalTracer [baseline] (288.373 ms) : 0, 288373
GlobalTracer [candidate] (291.64 ms) : 0, 291640
AppSec [baseline] (52.229 ms) : 0, 52229
AppSec [candidate] (52.888 ms) : 0, 52888
Remote Config [baseline] (664.374 µs) : 0, 664
Remote Config [candidate] (624.87 µs) : 0, 625
Telemetry [baseline] (7.363 ms) : 0, 7363
Telemetry [candidate] (6.664 ms) : 0, 6664
IAST [baseline] (21.362 ms) : 0, 21362
IAST [candidate] (23.181 ms) : 0, 23181
section profiling
BytebuddyAgent [baseline] (664.241 ms) : 0, 664241
BytebuddyAgent [candidate] (665.873 ms) : 0, 665873
GlobalTracer [baseline] (381.088 ms) : 0, 381088
GlobalTracer [candidate] (381.688 ms) : 0, 381688
AppSec [baseline] (51.87 ms) : 0, 51870
AppSec [candidate] (52.005 ms) : 0, 52005
Remote Config [baseline] (664.145 µs) : 0, 664
Remote Config [candidate] (657.684 µs) : 0, 658
Telemetry [baseline] (9.547 ms) : 0, 9547
Telemetry [candidate] (10.111 ms) : 0, 10111
ProfilingAgent [baseline] (112.894 ms) : 0, 112894
ProfilingAgent [candidate] (112.017 ms) : 0, 112017
Profiling [baseline] (112.918 ms) : 0, 112918
Profiling [candidate] (112.042 ms) : 0, 112042
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-02-09T19:52:49 2024-02-09T20:11:46
git_branch master vzakharov/update-libddwaf-1.16.0
git_commit_date 1707488197 1707506755
git_commit_sha a3eb733 9c101fd
release_version 1.31.0-SNAPSHOT~a3eb7336df 1.31.0-SNAPSHOT~9c101fd5b5
start_time 2024-02-09T19:52:36 2024-02-09T20:11:33
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1707509809 1707509809
ci_job_id 430859416 430859416
ci_pipeline_id 28065659 28065659
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 16 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.31.0-SNAPSHOT~9c101fd5b5, baseline=1.31.0-SNAPSHOT~a3eb7336df
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.356 ms) : 1338, 1375
.   : milestone, 1356,
appsec (1.77 ms) : 1745, 1795
.   : milestone, 1770,
iast (1.503 ms) : 1478, 1528
.   : milestone, 1503,
profiling (1.518 ms) : 1493, 1543
.   : milestone, 1518,
tracing (1.511 ms) : 1486, 1537
.   : milestone, 1511,
section candidate
no_agent (1.339 ms) : 1320, 1358
.   : milestone, 1339,
appsec (1.756 ms) : 1730, 1782
.   : milestone, 1756,
iast (1.534 ms) : 1509, 1558
.   : milestone, 1534,
profiling (1.504 ms) : 1477, 1530
.   : milestone, 1504,
tracing (1.495 ms) : 1470, 1520
.   : milestone, 1495,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.356 ms [1.338 ms, 1.375 ms] -
appsec 1.77 ms [1.745 ms, 1.795 ms] 413.636 µs (30.5%)
iast 1.503 ms [1.478 ms, 1.528 ms] 146.228 µs (10.8%)
profiling 1.518 ms [1.493 ms, 1.543 ms] 161.906 µs (11.9%)
tracing 1.511 ms [1.486 ms, 1.537 ms] 154.969 µs (11.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.339 ms [1.32 ms, 1.358 ms] -
appsec 1.756 ms [1.73 ms, 1.782 ms] 416.8 µs (31.1%)
iast 1.534 ms [1.509 ms, 1.558 ms] 194.44 µs (14.5%)
profiling 1.504 ms [1.477 ms, 1.53 ms] 164.494 µs (12.3%)
tracing 1.495 ms [1.47 ms, 1.52 ms] 156.22 µs (11.7%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.31.0-SNAPSHOT~9c101fd5b5, baseline=1.31.0-SNAPSHOT~a3eb7336df
    dateFormat X
    axisFormat %s
section baseline
no_agent (360.073 µs) : 340, 380
.   : milestone, 360,
iast (474.265 µs) : 453, 496
.   : milestone, 474,
iast_FULL (535.635 µs) : 515, 556
.   : milestone, 536,
iast_GLOBAL (497.926 µs) : 477, 519
.   : milestone, 498,
iast_HARDCODED_SECRET_DISABLED (479.1 µs) : 457, 501
.   : milestone, 479,
iast_INACTIVE (443.088 µs) : 422, 464
.   : milestone, 443,
iast_TELEMETRY_OFF (478.548 µs) : 457, 500
.   : milestone, 479,
tracing (440.84 µs) : 420, 462
.   : milestone, 441,
section candidate
no_agent (366.857 µs) : 347, 387
.   : milestone, 367,
iast (465.409 µs) : 444, 487
.   : milestone, 465,
iast_FULL (539.032 µs) : 519, 560
.   : milestone, 539,
iast_GLOBAL (498.903 µs) : 478, 520
.   : milestone, 499,
iast_HARDCODED_SECRET_DISABLED (469.794 µs) : 449, 491
.   : milestone, 470,
iast_INACTIVE (445.473 µs) : 424, 467
.   : milestone, 445,
iast_TELEMETRY_OFF (464.165 µs) : 444, 485
.   : milestone, 464,
tracing (447.809 µs) : 427, 468
.   : milestone, 448,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 360.073 µs [340.168 µs, 379.978 µs] -
iast 474.265 µs [452.977 µs, 495.554 µs] 114.192 µs (31.7%)
iast_FULL 535.635 µs [514.958 µs, 556.311 µs] 175.562 µs (48.8%)
iast_GLOBAL 497.926 µs [476.725 µs, 519.126 µs] 137.853 µs (38.3%)
iast_HARDCODED_SECRET_DISABLED 479.1 µs [457.498 µs, 500.703 µs] 119.027 µs (33.1%)
iast_INACTIVE 443.088 µs [422.032 µs, 464.145 µs] 83.015 µs (23.1%)
iast_TELEMETRY_OFF 478.548 µs [457.287 µs, 499.809 µs] 118.475 µs (32.9%)
tracing 440.84 µs [419.739 µs, 461.94 µs] 80.767 µs (22.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 366.857 µs [346.853 µs, 386.861 µs] -
iast 465.409 µs [444.269 µs, 486.549 µs] 98.552 µs (26.9%)
iast_FULL 539.032 µs [518.535 µs, 559.528 µs] 172.175 µs (46.9%)
iast_GLOBAL 498.903 µs [478.258 µs, 519.547 µs] 132.045 µs (36.0%)
iast_HARDCODED_SECRET_DISABLED 469.794 µs [448.947 µs, 490.642 µs] 102.937 µs (28.1%)
iast_INACTIVE 445.473 µs [424.22 µs, 466.726 µs] 78.615 µs (21.4%)
iast_TELEMETRY_OFF 464.165 µs [443.545 µs, 484.784 µs] 97.307 µs (26.5%)
tracing 447.809 µs [427.429 µs, 468.189 µs] 80.952 µs (22.1%)

@ValentinZakharov ValentinZakharov marked this pull request as ready for review February 10, 2024 00:02
@ValentinZakharov ValentinZakharov requested a review from a team as a code owner February 10, 2024 00:02
@smola smola changed the title Upgrade to libddwaf 1.16.0/libsqreen 9.0.1 Upgrade to libddwaf 1.16.0 (libsqreen 9.0.1) Feb 12, 2024
@smola smola added the comp: asm waf Application Security Management (WAF) label Feb 12, 2024
@ValentinZakharov ValentinZakharov merged commit d2d8296 into master Feb 12, 2024
81 checks passed
@ValentinZakharov ValentinZakharov deleted the vzakharov/update-libddwaf-1.16.0 branch February 12, 2024 10:03
@github-actions github-actions bot added this to the 1.30.0 milestone Feb 12, 2024
@ValentinZakharov ValentinZakharov self-assigned this Feb 15, 2024
@ValentinZakharov ValentinZakharov mentioned this pull request Feb 15, 2024
Merged
jandro996 pushed a commit that referenced this pull request Feb 16, 2024
@ValentinZakharov @jandro996
Upgrade to libddwaf 1.16.0 (#6658)
953bc59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smola smola smola approved these changes

@jandro996 jandro996 Awaiting requested review from jandro996 jandro996 is a code owner automatically assigned from DataDog/asm-java

Assignees

@ValentinZakharov ValentinZakharov

Labels
comp: asm waf Application Security Management (WAF)
Projects
None yet
Milestone
1.30.0
Development

Successfully merging this pull request may close these issues.
2 participants
@ValentinZakharov @smola