Skip to content

Fix IAST gRPC handler with null superclass #8984

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fix IAST gRPC handler with null superclass #8984

wants to merge 2 commits into from

Conversation

smola
Copy link
Member

@smola smola commented Jun 13, 2025
edited
Loading

Summary

  • avoid NPE when class has no superclass in gRPC handler
  • test handling of classes without super class

Testing

  • ./gradlew :dd-java-agent:agent-iast:test

This was an OpenAI Codex trial run, with prompt:

Find a critical bug in some important part of the dd-java-agent/agent-iast module, fix it, and include a test for the fix.

https://chatgpt.com/codex/tasks/task_b_684c29513b90832ea66f4215df35a943

@smola smola requested a review from a team as a code owner June 13, 2025 15:56
@smola smola added the codex label Jun 13, 2025 — with ChatGPT Connector
@github-actions GitHub Actions
Copy link
Contributor

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

@smola smola added type: bug comp: asm iast Application Security Management (IAST) labels Jun 13, 2025
@smola smola changed the title Fix gRPC handler null superclass Fix IAST gRPC handler with null superclass Jun 13, 2025
@pr-commenter
Copy link

pr-commenter bot commented Jun 13, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master codex/find-and-fix-critical-bug-in-dd-java-agent/agent-iast
git_commit_date 1750059786 1750064238
git_commit_sha 88aa5b2 8739467
release_version 1.50.0-SNAPSHOT~88aa5b2174 1.50.0-SNAPSHOT~873946741e
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1750066463 1750066463
ci_job_id 982954226 982954226
ci_pipeline_id 67814734 67814734
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-63wmvl1-project-304-concurrent-3-e4mj020u 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-63wmvl1-project-304-concurrent-3-e4mj020u 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 60 metrics, 11 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.50.0-SNAPSHOT~873946741e, baseline=1.50.0-SNAPSHOT~88aa5b2174

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.027 s) : 0, 1026775
Total [baseline] (8.551 s) : 0, 8550818
Agent [candidate] (1.024 s) : 0, 1024109
Total [candidate] (8.522 s) : 0, 8521945
section iast
Agent [baseline] (1.153 s) : 0, 1153484
Total [baseline] (9.21 s) : 0, 9210320
Agent [candidate] (1.169 s) : 0, 1168792
Total [candidate] (9.242 s) : 0, 9242084
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.154 s) : 0, 1154381
Total [baseline] (9.178 s) : 0, 9178133
Agent [candidate] (1.164 s) : 0, 1163756
Total [candidate] (9.212 s) : 0, 9211752
section iast_TELEMETRY_OFF
Agent [baseline] (1.146 s) : 0, 1146327
Total [baseline] (9.207 s) : 0, 9207054
Agent [candidate] (1.15 s) : 0, 1150269
Total [candidate] (9.194 s) : 0, 9193647
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.027 s -
Agent iast 1.153 s 126.709 ms (12.3%)
Agent iast_HARDCODED_SECRET_DISABLED 1.154 s 127.607 ms (12.4%)
Agent iast_TELEMETRY_OFF 1.146 s 119.553 ms (11.6%)
Total tracing 8.551 s -
Total iast 9.21 s 659.501 ms (7.7%)
Total iast_HARDCODED_SECRET_DISABLED 9.178 s 627.314 ms (7.3%)
Total iast_TELEMETRY_OFF 9.207 s 656.236 ms (7.7%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.024 s -
Agent iast 1.169 s 144.683 ms (14.1%)
Agent iast_HARDCODED_SECRET_DISABLED 1.164 s 139.647 ms (13.6%)
Agent iast_TELEMETRY_OFF 1.15 s 126.16 ms (12.3%)
Total tracing 8.522 s -
Total iast 9.242 s 720.139 ms (8.5%)
Total iast_HARDCODED_SECRET_DISABLED 9.212 s 689.807 ms (8.1%)
Total iast_TELEMETRY_OFF 9.194 s 671.701 ms (7.9%) 
gantt
    title insecure-bank - break down per module: candidate=1.50.0-SNAPSHOT~873946741e, baseline=1.50.0-SNAPSHOT~88aa5b2174

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (683.196 ms) : 0, 683196
BytebuddyAgent [candidate] (681.713 ms) : 0, 681713
GlobalTracer [baseline] (240.256 ms) : 0, 240256
GlobalTracer [candidate] (239.914 ms) : 0, 239914
AppSec [baseline] (58.072 ms) : 0, 58072
AppSec [candidate] (58.253 ms) : 0, 58253
Debugger [baseline] (6.24 ms) : 0, 6240
Debugger [candidate] (6.163 ms) : 0, 6163
Remote Config [baseline] (776.712 µs) : 0, 777
Remote Config [candidate] (741.869 µs) : 0, 742
Telemetry [baseline] (14.603 ms) : 0, 14603
Telemetry [candidate] (13.7 ms) : 0, 13700
section iast
BytebuddyAgent [baseline] (802.299 ms) : 0, 802299
BytebuddyAgent [candidate] (814.431 ms) : 0, 814431
GlobalTracer [baseline] (230.456 ms) : 0, 230456
GlobalTracer [candidate] (233.476 ms) : 0, 233476
IAST [baseline] (26.8 ms) : 0, 26800
IAST [candidate] (29.054 ms) : 0, 29054
AppSec [baseline] (55.772 ms) : 0, 55772
AppSec [candidate] (53.562 ms) : 0, 53562
Debugger [baseline] (5.99 ms) : 0, 5990
Debugger [candidate] (6.004 ms) : 0, 6004
Remote Config [baseline] (607.537 µs) : 0, 608
Remote Config [candidate] (587.481 µs) : 0, 587
Telemetry [baseline] (7.894 ms) : 0, 7894
Telemetry [candidate] (7.903 ms) : 0, 7903
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (803.15 ms) : 0, 803150
BytebuddyAgent [candidate] (809.935 ms) : 0, 809935
GlobalTracer [baseline] (230.9 ms) : 0, 230900
GlobalTracer [candidate] (232.444 ms) : 0, 232444
IAST [baseline] (27.61 ms) : 0, 27610
IAST [candidate] (28.788 ms) : 0, 28788
AppSec [baseline] (54.608 ms) : 0, 54608
AppSec [candidate] (54.22 ms) : 0, 54220
Debugger [baseline] (6.009 ms) : 0, 6009
Debugger [candidate] (6.024 ms) : 0, 6024
Remote Config [baseline] (601.077 µs) : 0, 601
Remote Config [candidate] (608.03 µs) : 0, 608
Telemetry [baseline] (7.921 ms) : 0, 7921
Telemetry [candidate] (8.056 ms) : 0, 8056
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (796.305 ms) : 0, 796305
BytebuddyAgent [candidate] (799.287 ms) : 0, 799287
GlobalTracer [baseline] (230.3 ms) : 0, 230300
GlobalTracer [candidate] (231.084 ms) : 0, 231084
IAST [baseline] (26.334 ms) : 0, 26334
IAST [candidate] (29.874 ms) : 0, 29874
AppSec [baseline] (54.725 ms) : 0, 54725
AppSec [candidate] (51.954 ms) : 0, 51954
Debugger [baseline] (5.993 ms) : 0, 5993
Debugger [candidate] (5.968 ms) : 0, 5968
Remote Config [baseline] (609.705 µs) : 0, 610
Remote Config [candidate] (592.867 µs) : 0, 593
Telemetry [baseline] (7.873 ms) : 0, 7873
Telemetry [candidate] (7.856 ms) : 0, 7856
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.50.0-SNAPSHOT~873946741e, baseline=1.50.0-SNAPSHOT~88aa5b2174

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.03 s) : 0, 1030173
Total [baseline] (10.545 s) : 0, 10544617
Agent [candidate] (1.029 s) : 0, 1028918
Total [candidate] (10.541 s) : 0, 10541272
section appsec
Agent [baseline] (1.177 s) : 0, 1177474
Total [baseline] (10.674 s) : 0, 10673760
Agent [candidate] (1.184 s) : 0, 1183831
Total [candidate] (10.674 s) : 0, 10673914
section iast
Agent [baseline] (1.153 s) : 0, 1153446
Total [baseline] (10.822 s) : 0, 10822418
Agent [candidate] (1.164 s) : 0, 1163782
Total [candidate] (10.939 s) : 0, 10939357
section profiling
Agent [baseline] (1.274 s) : 0, 1273640
Total [baseline] (10.92 s) : 0, 10919599
Agent [candidate] (1.278 s) : 0, 1277669
Total [candidate] (10.879 s) : 0, 10878831
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.03 s -
Agent appsec 1.177 s 147.301 ms (14.3%)
Agent iast 1.153 s 123.272 ms (12.0%)
Agent profiling 1.274 s 243.467 ms (23.6%)
Total tracing 10.545 s -
Total appsec 10.674 s 129.143 ms (1.2%)
Total iast 10.822 s 277.801 ms (2.6%)
Total profiling 10.92 s 374.982 ms (3.6%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.029 s -
Agent appsec 1.184 s 154.913 ms (15.1%)
Agent iast 1.164 s 134.864 ms (13.1%)
Agent profiling 1.278 s 248.751 ms (24.2%)
Total tracing 10.541 s -
Total appsec 10.674 s 132.642 ms (1.3%)
Total iast 10.939 s 398.085 ms (3.8%)
Total profiling 10.879 s 337.559 ms (3.2%) 
gantt
    title petclinic - break down per module: candidate=1.50.0-SNAPSHOT~873946741e, baseline=1.50.0-SNAPSHOT~88aa5b2174

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (684.882 ms) : 0, 684882
BytebuddyAgent [candidate] (683.624 ms) : 0, 683624
GlobalTracer [baseline] (241.011 ms) : 0, 241011
GlobalTracer [candidate] (240.777 ms) : 0, 240777
AppSec [baseline] (60.584 ms) : 0, 60584
AppSec [candidate] (57.963 ms) : 0, 57963
Debugger [baseline] (6.219 ms) : 0, 6219
Debugger [candidate] (6.248 ms) : 0, 6248
Remote Config [baseline] (753.671 µs) : 0, 754
Remote Config [candidate] (773.936 µs) : 0, 774
Telemetry [baseline] (12.967 ms) : 0, 12967
Telemetry [candidate] (15.996 ms) : 0, 15996
section appsec
BytebuddyAgent [baseline] (705.142 ms) : 0, 705142
BytebuddyAgent [candidate] (709.201 ms) : 0, 709201
GlobalTracer [baseline] (234.03 ms) : 0, 234030
GlobalTracer [candidate] (235.899 ms) : 0, 235899
AppSec [baseline] (179.066 ms) : 0, 179066
AppSec [candidate] (179.212 ms) : 0, 179212
Debugger [baseline] (5.896 ms) : 0, 5896
Debugger [candidate] (5.861 ms) : 0, 5861
Remote Config [baseline] (615.571 µs) : 0, 616
Remote Config [candidate] (624.807 µs) : 0, 625
Telemetry [baseline] (7.315 ms) : 0, 7315
Telemetry [candidate] (7.323 ms) : 0, 7323
IAST [baseline] (21.842 ms) : 0, 21842
IAST [candidate] (22.022 ms) : 0, 22022
section iast
BytebuddyAgent [baseline] (802.232 ms) : 0, 802232
BytebuddyAgent [candidate] (809.146 ms) : 0, 809146
GlobalTracer [baseline] (230.749 ms) : 0, 230749
GlobalTracer [candidate] (233.069 ms) : 0, 233069
AppSec [baseline] (56.109 ms) : 0, 56109
AppSec [candidate] (57.737 ms) : 0, 57737
Debugger [baseline] (6.025 ms) : 0, 6025
Debugger [candidate] (6.018 ms) : 0, 6018
Remote Config [baseline] (589.186 µs) : 0, 589
Remote Config [candidate] (596.564 µs) : 0, 597
Telemetry [baseline] (7.884 ms) : 0, 7884
Telemetry [candidate] (8.014 ms) : 0, 8014
IAST [baseline] (26.273 ms) : 0, 26273
IAST [candidate] (25.519 ms) : 0, 25519
section profiling
ProfilingAgent [baseline] (106.7 ms) : 0, 106700
ProfilingAgent [candidate] (108.009 ms) : 0, 108009
BytebuddyAgent [baseline] (676.185 ms) : 0, 676185
BytebuddyAgent [candidate] (677.102 ms) : 0, 677102
GlobalTracer [baseline] (360.847 ms) : 0, 360847
GlobalTracer [candidate] (362.093 ms) : 0, 362093
AppSec [baseline] (64.003 ms) : 0, 64003
AppSec [candidate] (64.513 ms) : 0, 64513
Debugger [baseline] (6.166 ms) : 0, 6166
Debugger [candidate] (6.177 ms) : 0, 6177
Remote Config [baseline] (676.047 µs) : 0, 676
Remote Config [candidate] (659.535 µs) : 0, 660
Telemetry [baseline] (8.167 ms) : 0, 8167
Telemetry [candidate] (8.233 ms) : 0, 8233
Profiling [baseline] (106.726 ms) : 0, 106726
Profiling [candidate] (108.034 ms) : 0, 108034
Loading

Load

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master codex/find-and-fix-critical-bug-in-dd-java-agent/agent-iast
git_commit_date 1750059786 1750064238
git_commit_sha 88aa5b2 8739467
release_version 1.50.0-SNAPSHOT~88aa5b2174 1.50.0-SNAPSHOT~873946741e
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1750066180 1750066180
ci_job_id 982954228 982954228
ci_pipeline_id 67814734 67814734
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-63wmvl1-project-304-concurrent-5-p6vcnpy1 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-63wmvl1-project-304-concurrent-5-p6vcnpy1 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~873946741e, baseline=1.50.0-SNAPSHOT~88aa5b2174
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.656 s) : 15656000, 15656000
.   : milestone, 15656000,
appsec (15.045 s) : 15045000, 15045000
.   : milestone, 15045000,
iast (18.753 s) : 18753000, 18753000
.   : milestone, 18753000,
iast_GLOBAL (18.292 s) : 18292000, 18292000
.   : milestone, 18292000,
profiling (15.211 s) : 15211000, 15211000
.   : milestone, 15211000,
tracing (14.91 s) : 14910000, 14910000
.   : milestone, 14910000,
section candidate
no_agent (15.004 s) : 15004000, 15004000
.   : milestone, 15004000,
appsec (14.872 s) : 14872000, 14872000
.   : milestone, 14872000,
iast (18.666 s) : 18666000, 18666000
.   : milestone, 18666000,
iast_GLOBAL (17.969 s) : 17969000, 17969000
.   : milestone, 17969000,
profiling (15.227 s) : 15227000, 15227000
.   : milestone, 15227000,
tracing (14.97 s) : 14970000, 14970000
.   : milestone, 14970000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.656 s [15.656 s, 15.656 s] -
appsec 15.045 s [15.045 s, 15.045 s] -611.0 ms (-3.9%)
iast 18.753 s [18.753 s, 18.753 s] 3.097 s (19.8%)
iast_GLOBAL 18.292 s [18.292 s, 18.292 s] 2.636 s (16.8%)
profiling 15.211 s [15.211 s, 15.211 s] -445.0 ms (-2.8%)
tracing 14.91 s [14.91 s, 14.91 s] -746.0 ms (-4.8%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.004 s [15.004 s, 15.004 s] -
appsec 14.872 s [14.872 s, 14.872 s] -132.0 ms (-0.9%)
iast 18.666 s [18.666 s, 18.666 s] 3.662 s (24.4%)
iast_GLOBAL 17.969 s [17.969 s, 17.969 s] 2.965 s (19.8%)
profiling 15.227 s [15.227 s, 15.227 s] 223.0 ms (1.5%)
tracing 14.97 s [14.97 s, 14.97 s] -34.0 ms (-0.2%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~873946741e, baseline=1.50.0-SNAPSHOT~88aa5b2174
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.482 ms) : 1470, 1493
.   : milestone, 1482,
appsec (2.424 ms) : 2374, 2474
.   : milestone, 2424,
iast (2.202 ms) : 2140, 2264
.   : milestone, 2202,
iast_GLOBAL (2.243 ms) : 2180, 2306
.   : milestone, 2243,
profiling (2.502 ms) : 2323, 2680
.   : milestone, 2502,
tracing (2.013 ms) : 1965, 2062
.   : milestone, 2013,
section candidate
no_agent (1.476 ms) : 1465, 1488
.   : milestone, 1476,
appsec (2.413 ms) : 2364, 2463
.   : milestone, 2413,
iast (2.201 ms) : 2138, 2263
.   : milestone, 2201,
iast_GLOBAL (2.236 ms) : 2174, 2298
.   : milestone, 2236,
profiling (2.045 ms) : 1994, 2096
.   : milestone, 2045,
tracing (2.03 ms) : 1982, 2079
.   : milestone, 2030,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.482 ms [1.47 ms, 1.493 ms] -
appsec 2.424 ms [2.374 ms, 2.474 ms] 942.029 µs (63.6%)
iast 2.202 ms [2.14 ms, 2.264 ms] 719.839 µs (48.6%)
iast_GLOBAL 2.243 ms [2.18 ms, 2.306 ms] 761.211 µs (51.4%)
profiling 2.502 ms [2.323 ms, 2.68 ms] 1.02 ms (68.8%)
tracing 2.013 ms [1.965 ms, 2.062 ms] 531.614 µs (35.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.476 ms [1.465 ms, 1.488 ms] -
appsec 2.413 ms [2.364 ms, 2.463 ms] 936.84 µs (63.5%)
iast 2.201 ms [2.138 ms, 2.263 ms] 724.152 µs (49.0%)
iast_GLOBAL 2.236 ms [2.174 ms, 2.298 ms] 759.847 µs (51.5%)
profiling 2.045 ms [1.994 ms, 2.096 ms] 568.694 µs (38.5%)
tracing 2.03 ms [1.982 ms, 2.079 ms] 553.837 µs (37.5%)

@PerfectSlayer PerfectSlayer added tag: ai generated Based on context generated by AI and removed codex labels Jun 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@robertpi robertpi Awaiting requested review from robertpi robertpi is a code owner automatically assigned from DataDog/asm-java

Assignees
No one assigned
Labels
comp: asm iast Application Security Management (IAST) tag: ai generated Based on context generated by AI type: bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@smola @manuel-alvarez-alvarez @PerfectSlayer