Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update user lifecycle tracking to V3 #8108

Merged
merged 6 commits into from
Jan 2, 2025
Merged

Update user lifecycle tracking to V3 #8108

merged 6 commits into from
Jan 2, 2025

Conversation

manuel-alvarez-alvarez
Copy link
Member

@manuel-alvarez-alvarez manuel-alvarez-alvarez commented Dec 18, 2024
edited
Loading

What Does This Do

This pull request updates the user lifecycle tracking logic to align with the latest specifications. The key changes include:

  1. Refactored Business Logic: Consolidated all handling of trace tags and WAF (Web Application Firewall) interactions within the com.datadog.appsec.gateway.GatewayBridge. This centralization enhances maintainability and clarity.

  2. New Address for User Login Property: Introduced a new address dedicated to the usr.login property.

  3. Renamed Telemetry Metric: The metric previously named instrum.user_auth.missing_user_id has been renamed to instrum.user_auth.missing_user_login. Additionally, two new tags have been integrated: one for the framework and another for the event type, providing more granular telemetry data.

Motivation

This pull request is driven by the need to implement changes based on a newly issued RFC that consolidates all previous specifications. The RFC introduces several minor modifications, including a crucial distinction between user IDs and user logins. By adhering to this updated specification, we aim to enhance our system's accuracy and consistency in tracking user lifecycle events.

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-55579
RFC: Automated user lifecycle tracking

@manuel-alvarez-alvarez manuel-alvarez-alvarez added the comp: asm waf Application Security Management (WAF) label Dec 18, 2024
@pr-commenter
Copy link

pr-commenter bot commented Dec 18, 2024
edited
Loading

Benchmarks

Startup

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2025-01-02T11:16:48 2025-01-02T11:23:46
git_branch master malvarez/waf-ato-v3
git_commit_date 1735815904 1735815934
git_commit_sha c24db36 6cd2d89
release_version 1.45.0-SNAPSHOT~c24db361be 1.45.0-SNAPSHOT~6cd2d892eb
start_time 2025-01-02T11:16:35 2025-01-02T11:23:33
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1735817378 1735817378
ci_job_id 752279442 752279442
ci_pipeline_id 51993198 51993198
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 16 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.45.0-SNAPSHOT~6cd2d892eb, baseline=1.45.0-SNAPSHOT~c24db361be
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.356 ms) : 1335, 1376
.   : milestone, 1356,
appsec (1.761 ms) : 1738, 1784
.   : milestone, 1761,
appsec_no_iast (1.761 ms) : 1735, 1786
.   : milestone, 1761,
iast (1.501 ms) : 1478, 1524
.   : milestone, 1501,
profiling (1.522 ms) : 1499, 1546
.   : milestone, 1522,
tracing (1.483 ms) : 1457, 1508
.   : milestone, 1483,
section candidate
no_agent (1.343 ms) : 1324, 1362
.   : milestone, 1343,
appsec (1.765 ms) : 1741, 1788
.   : milestone, 1765,
appsec_no_iast (1.756 ms) : 1732, 1780
.   : milestone, 1756,
iast (1.491 ms) : 1469, 1514
.   : milestone, 1491,
profiling (1.487 ms) : 1464, 1510
.   : milestone, 1487,
tracing (1.486 ms) : 1462, 1510
.   : milestone, 1486,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.356 ms [1.335 ms, 1.376 ms] -
appsec 1.761 ms [1.738 ms, 1.784 ms] 405.108 µs (29.9%)
appsec_no_iast 1.761 ms [1.735 ms, 1.786 ms] 404.808 µs (29.9%)
iast 1.501 ms [1.478 ms, 1.524 ms] 145.119 µs (10.7%)
profiling 1.522 ms [1.499 ms, 1.546 ms] 166.59 µs (12.3%)
tracing 1.483 ms [1.457 ms, 1.508 ms] 126.853 µs (9.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.343 ms [1.324 ms, 1.362 ms] -
appsec 1.765 ms [1.741 ms, 1.788 ms] 422.081 µs (31.4%)
appsec_no_iast 1.756 ms [1.732 ms, 1.78 ms] 412.952 µs (30.8%)
iast 1.491 ms [1.469 ms, 1.514 ms] 148.756 µs (11.1%)
profiling 1.487 ms [1.464 ms, 1.51 ms] 144.055 µs (10.7%)
tracing 1.486 ms [1.462 ms, 1.51 ms] 143.361 µs (10.7%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.45.0-SNAPSHOT~6cd2d892eb, baseline=1.45.0-SNAPSHOT~c24db361be
    dateFormat X
    axisFormat %s
section baseline
no_agent (384.206 µs) : 364, 404
.   : milestone, 384,
iast (495.251 µs) : 474, 517
.   : milestone, 495,
iast_FULL (661.994 µs) : 640, 684
.   : milestone, 662,
iast_GLOBAL (529.49 µs) : 507, 552
.   : milestone, 529,
iast_HARDCODED_SECRET_DISABLED (492.654 µs) : 471, 514
.   : milestone, 493,
iast_INACTIVE (462.133 µs) : 440, 484
.   : milestone, 462,
iast_TELEMETRY_OFF (483.389 µs) : 462, 505
.   : milestone, 483,
tracing (452.947 µs) : 432, 474
.   : milestone, 453,
section candidate
no_agent (368.025 µs) : 348, 388
.   : milestone, 368,
iast (488.371 µs) : 467, 510
.   : milestone, 488,
iast_FULL (654.308 µs) : 633, 676
.   : milestone, 654,
iast_GLOBAL (520.701 µs) : 498, 543
.   : milestone, 521,
iast_HARDCODED_SECRET_DISABLED (489.235 µs) : 468, 511
.   : milestone, 489,
iast_INACTIVE (452.514 µs) : 431, 474
.   : milestone, 453,
iast_TELEMETRY_OFF (485.772 µs) : 464, 507
.   : milestone, 486,
tracing (442.733 µs) : 423, 463
.   : milestone, 443,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 384.206 µs [364.131 µs, 404.281 µs] -
iast 495.251 µs [473.796 µs, 516.707 µs] 111.045 µs (28.9%)
iast_FULL 661.994 µs [640.385 µs, 683.604 µs] 277.788 µs (72.3%)
iast_GLOBAL 529.49 µs [506.764 µs, 552.216 µs] 145.284 µs (37.8%)
iast_HARDCODED_SECRET_DISABLED 492.654 µs [471.196 µs, 514.112 µs] 108.448 µs (28.2%)
iast_INACTIVE 462.133 µs [439.965 µs, 484.302 µs] 77.927 µs (20.3%)
iast_TELEMETRY_OFF 483.389 µs [462.046 µs, 504.731 µs] 99.183 µs (25.8%)
tracing 452.947 µs [432.203 µs, 473.691 µs] 68.741 µs (17.9%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 368.025 µs [348.126 µs, 387.923 µs] -
iast 488.371 µs [466.778 µs, 509.964 µs] 120.346 µs (32.7%)
iast_FULL 654.308 µs [632.619 µs, 675.997 µs] 286.283 µs (77.8%)
iast_GLOBAL 520.701 µs [498.441 µs, 542.961 µs] 152.676 µs (41.5%)
iast_HARDCODED_SECRET_DISABLED 489.235 µs [467.832 µs, 510.638 µs] 121.21 µs (32.9%)
iast_INACTIVE 452.514 µs [431.239 µs, 473.788 µs] 84.489 µs (23.0%)
iast_TELEMETRY_OFF 485.772 µs [464.242 µs, 507.302 µs] 117.747 µs (32.0%)
tracing 442.733 µs [422.567 µs, 462.899 µs] 74.708 µs (20.3%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/waf-ato-v3
git_commit_date 1735815904 1735815934
git_commit_sha c24db36 6cd2d89
release_version 1.45.0-SNAPSHOT~c24db361be 1.45.0-SNAPSHOT~6cd2d892eb
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1735817926 1735817926
ci_job_id 752279443 752279443
ci_pipeline_id 51993198 51993198
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.45.0-SNAPSHOT~6cd2d892eb, baseline=1.45.0-SNAPSHOT~c24db361be
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.468 ms) : 1457, 1479
.   : milestone, 1468,
appsec (2.355 ms) : 2314, 2397
.   : milestone, 2355,
iast (2.09 ms) : 2037, 2143
.   : milestone, 2090,
iast_GLOBAL (2.127 ms) : 2074, 2180
.   : milestone, 2127,
profiling (1.946 ms) : 1904, 1988
.   : milestone, 1946,
tracing (1.93 ms) : 1889, 1970
.   : milestone, 1930,
section candidate
no_agent (1.468 ms) : 1456, 1479
.   : milestone, 1468,
appsec (2.337 ms) : 2295, 2379
.   : milestone, 2337,
iast (2.091 ms) : 2038, 2144
.   : milestone, 2091,
iast_GLOBAL (2.134 ms) : 2081, 2187
.   : milestone, 2134,
profiling (1.95 ms) : 1908, 1992
.   : milestone, 1950,
tracing (1.937 ms) : 1896, 1977
.   : milestone, 1937,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.468 ms [1.457 ms, 1.479 ms] -
appsec 2.355 ms [2.314 ms, 2.397 ms] 887.288 µs (60.4%)
iast 2.09 ms [2.037 ms, 2.143 ms] 622.299 µs (42.4%)
iast_GLOBAL 2.127 ms [2.074 ms, 2.18 ms] 659.419 µs (44.9%)
profiling 1.946 ms [1.904 ms, 1.988 ms] 478.105 µs (32.6%)
tracing 1.93 ms [1.889 ms, 1.97 ms] 461.779 µs (31.5%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.468 ms [1.456 ms, 1.479 ms] -
appsec 2.337 ms [2.295 ms, 2.379 ms] 869.445 µs (59.2%)
iast 2.091 ms [2.038 ms, 2.144 ms] 623.603 µs (42.5%)
iast_GLOBAL 2.134 ms [2.081 ms, 2.187 ms] 666.376 µs (45.4%)
profiling 1.95 ms [1.908 ms, 1.992 ms] 482.48 µs (32.9%)
tracing 1.937 ms [1.896 ms, 1.977 ms] 468.846 µs (31.9%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.45.0-SNAPSHOT~6cd2d892eb, baseline=1.45.0-SNAPSHOT~c24db361be
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.962 s) : 14962000, 14962000
.   : milestone, 14962000,
appsec (15.011 s) : 15011000, 15011000
.   : milestone, 15011000,
iast (18.799 s) : 18799000, 18799000
.   : milestone, 18799000,
iast_GLOBAL (18.238 s) : 18238000, 18238000
.   : milestone, 18238000,
profiling (14.905 s) : 14905000, 14905000
.   : milestone, 14905000,
tracing (15.219 s) : 15219000, 15219000
.   : milestone, 15219000,
section candidate
no_agent (14.923 s) : 14923000, 14923000
.   : milestone, 14923000,
appsec (15.061 s) : 15061000, 15061000
.   : milestone, 15061000,
iast (18.796 s) : 18796000, 18796000
.   : milestone, 18796000,
iast_GLOBAL (17.82 s) : 17820000, 17820000
.   : milestone, 17820000,
profiling (15.088 s) : 15088000, 15088000
.   : milestone, 15088000,
tracing (14.909 s) : 14909000, 14909000
.   : milestone, 14909000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.962 s [14.962 s, 14.962 s] -
appsec 15.011 s [15.011 s, 15.011 s] 49.0 ms (0.3%)
iast 18.799 s [18.799 s, 18.799 s] 3.837 s (25.6%)
iast_GLOBAL 18.238 s [18.238 s, 18.238 s] 3.276 s (21.9%)
profiling 14.905 s [14.905 s, 14.905 s] -57.0 ms (-0.4%)
tracing 15.219 s [15.219 s, 15.219 s] 257.0 ms (1.7%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.923 s [14.923 s, 14.923 s] -
appsec 15.061 s [15.061 s, 15.061 s] 138.0 ms (0.9%)
iast 18.796 s [18.796 s, 18.796 s] 3.873 s (26.0%)
iast_GLOBAL 17.82 s [17.82 s, 17.82 s] 2.897 s (19.4%)
profiling 15.088 s [15.088 s, 15.088 s] 165.0 ms (1.1%)
tracing 14.909 s [14.909 s, 14.909 s] -14.0 ms (-0.1%)

@manuel-alvarez-alvarez manuel-alvarez-alvarez marked this pull request as ready for review December 18, 2024 14:06
@github-actions GitHub Actions
Copy link
Contributor

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/waf-ato-v3 branch 3 times, most recently from 25c9ab7 to 1464796 Compare December 19, 2024 22:28
@manuel-alvarez-alvarez manuel-alvarez-alvarez mentioned this pull request Dec 20, 2024
Merged
7 tasks
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/waf-ato-v3 branch 2 times, most recently from 222ceb5 to 798c61d Compare January 2, 2025 08:52
@manuel-alvarez-alvarez manuel-alvarez-alvarez merged commit a9dc3be into master Jan 2, 2025
149 checks passed
@manuel-alvarez-alvarez manuel-alvarez-alvarez deleted the malvarez/waf-ato-v3 branch January 2, 2025 13:31
@github-actions github-actions bot added this to the 1.45.0 milestone Jan 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jandro996 jandro996 jandro996 approved these changes

@smola smola smola approved these changes

@ValentinZakharov ValentinZakharov Awaiting requested review from ValentinZakharov ValentinZakharov is a code owner automatically assigned from DataDog/asm-java

Assignees
No one assigned
Labels
comp: asm waf Application Security Management (WAF) type: enhancement
Projects
None yet
Milestone
1.45.0
Development

Successfully merging this pull request may close these issues.
3 participants
@manuel-alvarez-alvarez @smola @jandro996