Prevent before callsites targeting constructors in super calls #8549

manuel-alvarez-alvarez · 2025-03-13T10:37:07Z

What Does This Do

Disallows the usage of before call sites in calls to super in constructors which is not allowed by the JVM.

Motivation

We got a report from a customer with an issue blocking the startup of a app due to:

java.lang.VerifyError: Bad type on operand stack
Exception Details:
  Location:
    org/redisson/codec/CustomObjectInputStream.<init>(Ljava/lang/ClassLoader;Ljava/io/InputStream;Ljava/util/Set;)V @32: invokestatic
  Reason:
    Type uninitializedThis (current frame, stack[3]) is not assignable to 'java/io/InputStream'
  Current Frame:
    bci: @32
    flags: { flagThisUninit }
    locals: { uninitializedThis, 'java/lang/ClassLoader', 'java/io/InputStream', 'java/util/Set' }
    stack: { '[Ljava/lang/Object;', uninitializedThis, 'java/io/InputStream', uninitializedThis }
  Bytecode:
    0000000: 2a2c b200 8110 1e04 b800 8604 bd00 885a
    0000010: 5f10 005f 535a 5903 32c0 008a 5f57 1900
    0000020: b800 8fb7 0001 2a2b b500 072a 2db5 000d
    0000030: b1

Additional Notes

Contributor Checklist

Format the title according the contribution guidelines
Assign the type: and (comp: or inst:) labels in addition to any usefull labels
Don't use close, fix or any linking keywords when referencing an issue.
Use solves instead, and assign the PR milestone to the issue
Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-56992

pr-commenter · 2025-03-13T11:05:12Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/iast-fix-before-ctor-callsites
git_commit_date	1742206348	1742209689
git_commit_sha	`0bc5b2f`	`70c362c`
release_version	1.48.0-SNAPSHOT~0bc5b2f9a1	1.48.0-SNAPSHOT~70c362cff4

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1742212169	1742212169
ci_job_id	850376071	850376071
ci_pipeline_id	59010422	59010422
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-hvxyazeg-project-304-concurrent-0-s54tzwxu 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-hvxyazeg-project-304-concurrent-0-s54tzwxu 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 59 metrics, 4 unstable metrics.

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.04 s) : 0, 1040087
Total [baseline] (10.413 s) : 0, 10413473
Agent [candidate] (1.056 s) : 0, 1056301
Total [candidate] (10.481 s) : 0, 10481097
section appsec
Agent [baseline] (1.184 s) : 0, 1184315
Total [baseline] (10.764 s) : 0, 10764024
Agent [candidate] (1.183 s) : 0, 1182965
Total [candidate] (10.744 s) : 0, 10743895
section iast
Agent [baseline] (1.178 s) : 0, 1177853
Total [baseline] (11.041 s) : 0, 11040958
Agent [candidate] (1.172 s) : 0, 1172466
Total [candidate] (10.976 s) : 0, 10975662
section profiling
Agent [baseline] (1.258 s) : 0, 1258041
Total [baseline] (10.841 s) : 0, 10841134
Agent [candidate] (1.264 s) : 0, 1263647
Total [candidate] (10.849 s) : 0, 10849124

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.04 s	-
Agent	appsec	1.184 s	144.228 ms (13.9%)
Agent	iast	1.178 s	137.765 ms (13.2%)
Agent	profiling	1.258 s	217.954 ms (21.0%)
Total	tracing	10.413 s	-
Total	appsec	10.764 s	350.55 ms (3.4%)
Total	iast	11.041 s	627.485 ms (6.0%)
Total	profiling	10.841 s	427.661 ms (4.1%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.056 s	-
Agent	appsec	1.183 s	126.665 ms (12.0%)
Agent	iast	1.172 s	116.165 ms (11.0%)
Agent	profiling	1.264 s	207.347 ms (19.6%)
Total	tracing	10.481 s	-
Total	appsec	10.744 s	262.798 ms (2.5%)
Total	iast	10.976 s	494.566 ms (4.7%)
Total	profiling	10.849 s	368.027 ms (3.5%)

gantt
    title petclinic - break down per module: candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (718.121 ms) : 0, 718121
BytebuddyAgent [candidate] (729.096 ms) : 0, 729096
GlobalTracer [baseline] (239.172 ms) : 0, 239172
GlobalTracer [candidate] (243.299 ms) : 0, 243299
AppSec [baseline] (54.484 ms) : 0, 54484
AppSec [candidate] (55.51 ms) : 0, 55510
Remote Config [baseline] (690.232 µs) : 0, 690
Remote Config [candidate] (704.063 µs) : 0, 704
Telemetry [baseline] (12.342 ms) : 0, 12342
Telemetry [candidate] (12.296 ms) : 0, 12296
section appsec
BytebuddyAgent [baseline] (736.352 ms) : 0, 736352
BytebuddyAgent [candidate] (735.28 ms) : 0, 735280
GlobalTracer [baseline] (236.539 ms) : 0, 236539
GlobalTracer [candidate] (236.207 ms) : 0, 236207
AppSec [baseline] (176.527 ms) : 0, 176527
AppSec [candidate] (176.55 ms) : 0, 176550
Remote Config [baseline] (665.284 µs) : 0, 665
Remote Config [candidate] (667.167 µs) : 0, 667
Telemetry [baseline] (8.252 ms) : 0, 8252
Telemetry [candidate] (8.257 ms) : 0, 8257
IAST [baseline] (21.444 ms) : 0, 21444
IAST [candidate] (21.605 ms) : 0, 21605
section iast
BytebuddyAgent [baseline] (842.145 ms) : 0, 842145
BytebuddyAgent [candidate] (838.67 ms) : 0, 838670
GlobalTracer [baseline] (231.341 ms) : 0, 231341
GlobalTracer [candidate] (230.307 ms) : 0, 230307
AppSec [baseline] (56.433 ms) : 0, 56433
AppSec [candidate] (56.263 ms) : 0, 56263
Remote Config [baseline] (619.09 µs) : 0, 619
Remote Config [candidate] (606.552 µs) : 0, 607
Telemetry [baseline] (8.847 ms) : 0, 8847
Telemetry [candidate] (8.664 ms) : 0, 8664
IAST [baseline] (23.164 ms) : 0, 23164
IAST [candidate] (22.69 ms) : 0, 22690
section profiling
BytebuddyAgent [baseline] (708.791 ms) : 0, 708791
BytebuddyAgent [candidate] (711.217 ms) : 0, 711217
GlobalTracer [baseline] (348.674 ms) : 0, 348674
GlobalTracer [candidate] (351.495 ms) : 0, 351495
AppSec [baseline] (54.261 ms) : 0, 54261
AppSec [candidate] (53.707 ms) : 0, 53707
Remote Config [baseline] (675.667 µs) : 0, 676
Remote Config [candidate] (675.325 µs) : 0, 675
Telemetry [baseline] (8.9 ms) : 0, 8900
Telemetry [candidate] (9.072 ms) : 0, 9072
ProfilingAgent [baseline] (96.019 ms) : 0, 96019
ProfilingAgent [candidate] (96.625 ms) : 0, 96625
Profiling [baseline] (96.044 ms) : 0, 96044
Profiling [candidate] (96.649 ms) : 0, 96649

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.04 s) : 0, 1040197
Total [baseline] (8.662 s) : 0, 8661694
Agent [candidate] (1.043 s) : 0, 1042774
Total [candidate] (8.681 s) : 0, 8680524
section iast
Agent [baseline] (1.172 s) : 0, 1172172
Total [baseline] (9.247 s) : 0, 9247035
Agent [candidate] (1.175 s) : 0, 1175106
Total [candidate] (9.246 s) : 0, 9245875
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.171 s) : 0, 1170644
Total [baseline] (9.248 s) : 0, 9247567
Agent [candidate] (1.174 s) : 0, 1173558
Total [candidate] (9.211 s) : 0, 9211303
section iast_TELEMETRY_OFF
Agent [baseline] (1.165 s) : 0, 1164740
Total [baseline] (9.243 s) : 0, 9243354
Agent [candidate] (1.171 s) : 0, 1170934
Total [candidate] (9.242 s) : 0, 9242290

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.04 s	-
Agent	iast	1.172 s	131.975 ms (12.7%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.171 s	130.447 ms (12.5%)
Agent	iast_TELEMETRY_OFF	1.165 s	124.543 ms (12.0%)
Total	tracing	8.662 s	-
Total	iast	9.247 s	585.34 ms (6.8%)
Total	iast_HARDCODED_SECRET_DISABLED	9.248 s	585.872 ms (6.8%)
Total	iast_TELEMETRY_OFF	9.243 s	581.659 ms (6.7%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.043 s	-
Agent	iast	1.175 s	132.332 ms (12.7%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.174 s	130.784 ms (12.5%)
Agent	iast_TELEMETRY_OFF	1.171 s	128.16 ms (12.3%)
Total	tracing	8.681 s	-
Total	iast	9.246 s	565.352 ms (6.5%)
Total	iast_HARDCODED_SECRET_DISABLED	9.211 s	530.779 ms (6.1%)
Total	iast_TELEMETRY_OFF	9.242 s	561.767 ms (6.5%)

gantt
    title insecure-bank - break down per module: candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (718.509 ms) : 0, 718509
BytebuddyAgent [candidate] (717.457 ms) : 0, 717457
GlobalTracer [baseline] (239.327 ms) : 0, 239327
GlobalTracer [candidate] (240.13 ms) : 0, 240130
AppSec [baseline] (54.265 ms) : 0, 54265
AppSec [candidate] (54.809 ms) : 0, 54809
Remote Config [baseline] (685.297 µs) : 0, 685
Remote Config [candidate] (683.784 µs) : 0, 684
Telemetry [baseline] (12.147 ms) : 0, 12147
Telemetry [candidate] (14.42 ms) : 0, 14420
section iast
BytebuddyAgent [baseline] (838.052 ms) : 0, 838052
BytebuddyAgent [candidate] (841.575 ms) : 0, 841575
GlobalTracer [baseline] (230.456 ms) : 0, 230456
GlobalTracer [candidate] (230.029 ms) : 0, 230029
IAST [baseline] (22.796 ms) : 0, 22796
IAST [candidate] (23.707 ms) : 0, 23707
AppSec [baseline] (56.184 ms) : 0, 56184
AppSec [candidate] (55.282 ms) : 0, 55282
Remote Config [baseline] (605.562 µs) : 0, 606
Remote Config [candidate] (624.784 µs) : 0, 625
Telemetry [baseline] (8.761 ms) : 0, 8761
Telemetry [candidate] (8.585 ms) : 0, 8585
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (836.67 ms) : 0, 836670
BytebuddyAgent [candidate] (839.005 ms) : 0, 839005
GlobalTracer [baseline] (230.29 ms) : 0, 230290
GlobalTracer [candidate] (230.768 ms) : 0, 230768
IAST [baseline] (22.948 ms) : 0, 22948
IAST [candidate] (22.972 ms) : 0, 22972
AppSec [baseline] (56.103 ms) : 0, 56103
AppSec [candidate] (56.157 ms) : 0, 56157
Remote Config [baseline] (608.05 µs) : 0, 608
Remote Config [candidate] (603.569 µs) : 0, 604
Telemetry [baseline] (8.642 ms) : 0, 8642
Telemetry [candidate] (8.714 ms) : 0, 8714
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (832.413 ms) : 0, 832413
BytebuddyAgent [candidate] (836.731 ms) : 0, 836731
GlobalTracer [baseline] (229.795 ms) : 0, 229795
GlobalTracer [candidate] (230.872 ms) : 0, 230872
IAST [baseline] (22.128 ms) : 0, 22128
IAST [candidate] (22.546 ms) : 0, 22546
AppSec [baseline] (56.07 ms) : 0, 56070
AppSec [candidate] (56.302 ms) : 0, 56302
Remote Config [baseline] (608.47 µs) : 0, 608
Remote Config [candidate] (608.508 µs) : 0, 609
Telemetry [baseline] (8.487 ms) : 0, 8487
Telemetry [candidate] (8.577 ms) : 0, 8577

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2025-03-17T11:19:44	2025-03-17T11:27:26
git_branch	master	malvarez/iast-fix-before-ctor-callsites
git_commit_date	1742206348	1742209689
git_commit_sha	`0bc5b2f`	`70c362c`
release_version	1.48.0-SNAPSHOT~0bc5b2f9a1	1.48.0-SNAPSHOT~70c362cff4
start_time	2025-03-17T11:19:31	2025-03-17T11:27:12

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1742211242	1742211242
ci_job_id	850376072	850376072
ci_pipeline_id	59010422	59010422
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-hvxyazeg-project-304-concurrent-1-xvrlk127 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-hvxyazeg-project-304-concurrent-1-xvrlk127 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 18 unstable metrics.

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1
    dateFormat X
    axisFormat %s
section baseline
no_agent (375.973 µs) : 356, 396
.   : milestone, 376,
iast (506.209 µs) : 485, 528
.   : milestone, 506,
iast_FULL (725.863 µs) : 704, 748
.   : milestone, 726,
iast_GLOBAL (549.198 µs) : 528, 571
.   : milestone, 549,
iast_HARDCODED_SECRET_DISABLED (505.3 µs) : 483, 527
.   : milestone, 505,
iast_INACTIVE (457.977 µs) : 437, 479
.   : milestone, 458,
iast_TELEMETRY_OFF (489.571 µs) : 467, 512
.   : milestone, 490,
tracing (454.165 µs) : 433, 475
.   : milestone, 454,
section candidate
no_agent (377.554 µs) : 358, 397
.   : milestone, 378,
iast (514.8 µs) : 493, 537
.   : milestone, 515,
iast_FULL (720.236 µs) : 698, 742
.   : milestone, 720,
iast_GLOBAL (552.896 µs) : 531, 574
.   : milestone, 553,
iast_HARDCODED_SECRET_DISABLED (507.609 µs) : 486, 529
.   : milestone, 508,
iast_INACTIVE (459.036 µs) : 437, 481
.   : milestone, 459,
iast_TELEMETRY_OFF (493.639 µs) : 472, 516
.   : milestone, 494,
tracing (456.244 µs) : 434, 478
.   : milestone, 456,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	375.973 µs [356.332 µs, 395.615 µs]	-
iast	506.209 µs [484.597 µs, 527.82 µs]	130.235 µs (34.6%)
iast_FULL	725.863 µs [704.027 µs, 747.7 µs]	349.89 µs (93.1%)
iast_GLOBAL	549.198 µs [527.538 µs, 570.857 µs]	173.224 µs (46.1%)
iast_HARDCODED_SECRET_DISABLED	505.3 µs [483.129 µs, 527.471 µs]	129.327 µs (34.4%)
iast_INACTIVE	457.977 µs [436.561 µs, 479.393 µs]	82.003 µs (21.8%)
iast_TELEMETRY_OFF	489.571 µs [467.28 µs, 511.862 µs]	113.597 µs (30.2%)
tracing	454.165 µs [433.159 µs, 475.171 µs]	78.192 µs (20.8%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	377.554 µs [357.945 µs, 397.163 µs]	-
iast	514.8 µs [492.638 µs, 536.962 µs]	137.246 µs (36.4%)
iast_FULL	720.236 µs [698.16 µs, 742.312 µs]	342.682 µs (90.8%)
iast_GLOBAL	552.896 µs [531.304 µs, 574.488 µs]	175.342 µs (46.4%)
iast_HARDCODED_SECRET_DISABLED	507.609 µs [485.81 µs, 529.407 µs]	130.055 µs (34.4%)
iast_INACTIVE	459.036 µs [437.435 µs, 480.637 µs]	81.482 µs (21.6%)
iast_TELEMETRY_OFF	493.639 µs [471.686 µs, 515.592 µs]	116.085 µs (30.7%)
tracing	456.244 µs [434.206 µs, 478.282 µs]	78.69 µs (20.8%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.353 ms) : 1334, 1373
.   : milestone, 1353,
appsec (1.713 ms) : 1689, 1737
.   : milestone, 1713,
appsec_no_iast (1.752 ms) : 1729, 1776
.   : milestone, 1752,
code_origins (1.677 ms) : 1650, 1705
.   : milestone, 1677,
iast (1.506 ms) : 1482, 1531
.   : milestone, 1506,
profiling (1.528 ms) : 1502, 1554
.   : milestone, 1528,
tracing (1.469 ms) : 1444, 1494
.   : milestone, 1469,
section candidate
no_agent (1.355 ms) : 1336, 1374
.   : milestone, 1355,
appsec (1.72 ms) : 1697, 1744
.   : milestone, 1720,
appsec_no_iast (1.741 ms) : 1717, 1765
.   : milestone, 1741,
code_origins (1.677 ms) : 1649, 1704
.   : milestone, 1677,
iast (1.511 ms) : 1486, 1536
.   : milestone, 1511,
profiling (1.482 ms) : 1459, 1506
.   : milestone, 1482,
tracing (1.51 ms) : 1484, 1535
.   : milestone, 1510,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.353 ms [1.334 ms, 1.373 ms]	-
appsec	1.713 ms [1.689 ms, 1.737 ms]	360.087 µs (26.6%)
appsec_no_iast	1.752 ms [1.729 ms, 1.776 ms]	399.342 µs (29.5%)
code_origins	1.677 ms [1.65 ms, 1.705 ms]	324.231 µs (24.0%)
iast	1.506 ms [1.482 ms, 1.531 ms]	153.337 µs (11.3%)
profiling	1.528 ms [1.502 ms, 1.554 ms]	174.806 µs (12.9%)
tracing	1.469 ms [1.444 ms, 1.494 ms]	115.595 µs (8.5%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.355 ms [1.336 ms, 1.374 ms]	-
appsec	1.72 ms [1.697 ms, 1.744 ms]	365.338 µs (27.0%)
appsec_no_iast	1.741 ms [1.717 ms, 1.765 ms]	385.753 µs (28.5%)
code_origins	1.677 ms [1.649 ms, 1.704 ms]	321.738 µs (23.7%)
iast	1.511 ms [1.486 ms, 1.536 ms]	155.718 µs (11.5%)
profiling	1.482 ms [1.459 ms, 1.506 ms]	127.503 µs (9.4%)
tracing	1.51 ms [1.484 ms, 1.535 ms]	154.643 µs (11.4%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/iast-fix-before-ctor-callsites
git_commit_date	1742206348	1742209689
git_commit_sha	`0bc5b2f`	`70c362c`
release_version	1.48.0-SNAPSHOT~0bc5b2f9a1	1.48.0-SNAPSHOT~70c362cff4

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1742211728	1742211728
ci_job_id	850376073	850376073
ci_pipeline_id	59010422	59010422
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-hvxyazeg-project-304-concurrent-2-gynyd2x2 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-hvxyazeg-project-304-concurrent-2-gynyd2x2 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.702 s) : 14702000, 14702000
.   : milestone, 14702000,
appsec (15.107 s) : 15107000, 15107000
.   : milestone, 15107000,
iast (18.806 s) : 18806000, 18806000
.   : milestone, 18806000,
iast_GLOBAL (18.152 s) : 18152000, 18152000
.   : milestone, 18152000,
profiling (15.053 s) : 15053000, 15053000
.   : milestone, 15053000,
tracing (15.18 s) : 15180000, 15180000
.   : milestone, 15180000,
section candidate
no_agent (14.805 s) : 14805000, 14805000
.   : milestone, 14805000,
appsec (15.188 s) : 15188000, 15188000
.   : milestone, 15188000,
iast (18.711 s) : 18711000, 18711000
.   : milestone, 18711000,
iast_GLOBAL (17.899 s) : 17899000, 17899000
.   : milestone, 17899000,
profiling (14.918 s) : 14918000, 14918000
.   : milestone, 14918000,
tracing (14.783 s) : 14783000, 14783000
.   : milestone, 14783000,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.702 s [14.702 s, 14.702 s]	-
appsec	15.107 s [15.107 s, 15.107 s]	405.0 ms (2.8%)
iast	18.806 s [18.806 s, 18.806 s]	4.104 s (27.9%)
iast_GLOBAL	18.152 s [18.152 s, 18.152 s]	3.45 s (23.5%)
profiling	15.053 s [15.053 s, 15.053 s]	351.0 ms (2.4%)
tracing	15.18 s [15.18 s, 15.18 s]	478.0 ms (3.3%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.805 s [14.805 s, 14.805 s]	-
appsec	15.188 s [15.188 s, 15.188 s]	383.0 ms (2.6%)
iast	18.711 s [18.711 s, 18.711 s]	3.906 s (26.4%)
iast_GLOBAL	17.899 s [17.899 s, 17.899 s]	3.094 s (20.9%)
profiling	14.918 s [14.918 s, 14.918 s]	113.0 ms (0.8%)
tracing	14.783 s [14.783 s, 14.783 s]	-22.0 ms (-0.1%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.48.0-SNAPSHOT~70c362cff4, baseline=1.48.0-SNAPSHOT~0bc5b2f9a1
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.474 ms) : 1462, 1485
.   : milestone, 1474,
appsec (2.356 ms) : 2311, 2400
.   : milestone, 2356,
iast (2.132 ms) : 2076, 2188
.   : milestone, 2132,
iast_GLOBAL (2.166 ms) : 2110, 2222
.   : milestone, 2166,
profiling (2.451 ms) : 2271, 2630
.   : milestone, 2451,
tracing (1.948 ms) : 1905, 1990
.   : milestone, 1948,
section candidate
no_agent (1.472 ms) : 1461, 1484
.   : milestone, 1472,
appsec (2.332 ms) : 2288, 2375
.   : milestone, 2332,
iast (2.124 ms) : 2068, 2181
.   : milestone, 2124,
iast_GLOBAL (2.161 ms) : 2105, 2217
.   : milestone, 2161,
profiling (1.999 ms) : 1954, 2045
.   : milestone, 1999,
tracing (1.959 ms) : 1916, 2001
.   : milestone, 1959,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.474 ms [1.462 ms, 1.485 ms]	-
appsec	2.356 ms [2.311 ms, 2.4 ms]	881.866 µs (59.8%)
iast	2.132 ms [2.076 ms, 2.188 ms]	657.896 µs (44.6%)
iast_GLOBAL	2.166 ms [2.11 ms, 2.222 ms]	691.904 µs (46.9%)
profiling	2.451 ms [2.271 ms, 2.63 ms]	976.659 µs (66.3%)
tracing	1.948 ms [1.905 ms, 1.99 ms]	473.739 µs (32.1%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.472 ms [1.461 ms, 1.484 ms]	-
appsec	2.332 ms [2.288 ms, 2.375 ms]	859.896 µs (58.4%)
iast	2.124 ms [2.068 ms, 2.181 ms]	652.232 µs (44.3%)
iast_GLOBAL	2.161 ms [2.105 ms, 2.217 ms]	689.261 µs (46.8%)
profiling	1.999 ms [1.954 ms, 2.045 ms]	527.144 µs (35.8%)
tracing	1.959 ms [1.916 ms, 2.001 ms]	486.501 µs (33.0%)

amarziali

Thanks for the fix! There are system tests failing but I'm not sure it's related to this

manuel-alvarez-alvarez · 2025-03-13T18:33:04Z

Thanks for the fix! There are system tests failing but I'm not sure it's related to this

Yep, they are failing because of this PR, but the reason is that the tests are not very good, I'm fixing them.

mcculls

Thanks!

dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/csi/CallSiteAdvice.java

...ava-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/csi/Advices.java

dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/csi/CallSites.java

manuel-alvarez-alvarez · 2025-03-14T11:43:31Z

Dear all,

After some discussion we have agreed to only disable the before advice in calls so super in constructors. We cannot migrate the callsites to after advices due to RASP requiring to be executed before in order to protected the application from an attack.

Further work needs to be done in APPSEC-57009

dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/csi/CallSites.java

Prevent before callsites targeting calls to super in constructors

| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | org.flywaydb.flyway | plugin | misk/gradle/libs.versions.toml | gradle | minor | `11.6.0` -> `11.7.0` | | [com.squareup.okio:okio-fakefilesystem](https://github.com/square/okio) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.10.2` -> `3.11.0` | | [com.squareup.okio:okio](https://github.com/square/okio) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.10.2` -> `3.11.0` | | [com.autonomousapps.dependency-analysis](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin) | plugin | misk/gradle/libs.versions.toml | gradle | minor | `2.15.0` -> `2.16.0` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.47.3` -> `1.48.1` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.47.3` -> `1.48.1` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | --- ### Release Notes <details> <summary>square/okio (com.squareup.okio:okio-fakefilesystem)</summary> ### [`v3.11.0`](https://github.com/square/okio/blob/HEAD/CHANGELOG.md#Version-3110) *2025-04-09* - Fix: Clear the deflater's byte array reference - New: Faster implementation of `String.decodeHex()` on Kotlin/JS. - New: Declare `EXACTLY_ONCE` execution for blocks like `Closeable.use {}` and `FileSystem.read {}`. - Upgrade: \[Kotlin 2.1.20]\[kotlin\_2\_1\_20]. </details> <details> <summary>autonomousapps/dependency-analysis-android-gradle-plugin (com.autonomousapps.dependency-analysis)</summary> ### [`v2.16.0`](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/blob/HEAD/CHANGELOG.md#Version-2160) - \[Feat]: support `com.android.test` projects. - \[Feat]: support typesafe project accessors with opt-in. ```kotlin dependencyAnalysis { useTypesafeProjectAccessors(true) // false by default } ``` </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.48.1`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.48.1): 1.48.1 ### Components #### Tracer internal logging - 🐛 Remove print line causing unnecessary logs ([#8687](DataDog/dd-trace-java#8687) - [@sarahchen6](https://github.com/sarahchen6)) ### [`v1.48.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.48.0): 1.48.0 ### Known Bugs > \[!NOTE] > If you are experiencing issues with spamming timeout logs, please update to the [latest version](https://github.com/DataDog/dd-trace-java/releases/latest) or set [JDK_SOCKET_ENABLED](https://github.com/DataDog/dd-trace-java/blob/33fc3c9a9b7cda3beda88b8b3e5224ae2b10764a/dd-trace-api/src/main/java/datadog/trace/api/config/GeneralConfig.java#L98) to false. ### Components #### Application Security Management (IAST) - ✨ Fix vulnerability location org.jose4j.lang.HashUtil ([#8610](DataDog/dd-trace-java#8610) - [@jandro996](https://github.com/jandro996)) - ✨ Fix weak randomness in oracle.ucp.util.OpaqueString ([#8609](DataDog/dd-trace-java#8609) - [@jandro996](https://github.com/jandro996)) - ✨ Fix weak hash false positive in oracle.security.o5logon.O5Logon ([#8608](DataDog/dd-trace-java#8608) - [@jandro996](https://github.com/jandro996)) - 🐛 Prevent before callsites targeting constructors in super calls ([#8549](DataDog/dd-trace-java#8549) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### Application Security Management (WAF) - ✨ Update login events public SDK to V2 ([#8620](DataDog/dd-trace-java#8620) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - 🐛 Send RASP LFI capability only when AppSec is statically enabled ([#8573](DataDog/dd-trace-java#8573) - [@jandro996](https://github.com/jandro996)) - ✨ Improve detection of missing request end events ([#8510](DataDog/dd-trace-java#8510) - [@smola](https://github.com/smola)) - 🧹 Remove remote configuration for API Security sampling rate ([#8486](DataDog/dd-trace-java#8486) - [@smola](https://github.com/smola)) - ✨ Add setUser to user monitoring SDK ([#8482](DataDog/dd-trace-java#8482) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Add missing address for signup event ([#8469](DataDog/dd-trace-java#8469) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Allow login events SDK to be used with appsec disabled ([#8464](DataDog/dd-trace-java#8464) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Add support for endpoint discovery in spring mvc ([#8352](DataDog/dd-trace-java#8352) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ New API Security sampling algorithm ([#8178](DataDog/dd-trace-java#8178) - [@ValentinZakharov](https://github.com/ValentinZakharov)) #### Build & Tooling - ✨ Add buffer size customizability to JDK UDS support ([#8629](DataDog/dd-trace-java#8629) - [@sarahchen6](https://github.com/sarahchen6)) - ✨ Add JDK built-in support for UDS on Java 16+ ([#8314](DataDog/dd-trace-java#8314) - [@sarahchen6](https://github.com/sarahchen6)) #### Configuration at Runtime - 🐛 Send RASP LFI capability only when AppSec is statically enabled ([#8573](DataDog/dd-trace-java#8573) - [@jandro996](https://github.com/jandro996)) #### Continuous Integration Visibility - 🐛 Prevent double reporting of Scalatest events when using SBT with test forking ([#8682](DataDog/dd-trace-java#8682) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Shutdown CI Visibility test event handlers before tracer ([#8677](DataDog/dd-trace-java#8677) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Do not apply JUnit 4 instrumentation to MUnit runners ([#8675](DataDog/dd-trace-java#8675), [#8683](DataDog/dd-trace-java#8683) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Remove error log when source path resolution fails on isModified check ([#8663](DataDog/dd-trace-java#8663) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Implement tests reordering for JUnit 4 ([#8650](DataDog/dd-trace-java#8650) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - 🐛 Set default Attempt to Fix retries if none provided from the backend ([#8615](DataDog/dd-trace-java#8615) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Allow to manually set PR info ([#8566](DataDog/dd-trace-java#8566) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Fix Test Optimization init when repo root cannot be determined ([#8533](DataDog/dd-trace-java#8533) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add capabilities tagging ([#8499](DataDog/dd-trace-java#8499), [#8540](DataDog/dd-trace-java#8540) - [@daniel-mohedano](https://github.com/daniel-mohedano)) #### Crash tracking - 🐛 Remove dependency on bash from crash/oome uploder scripts ([#8652](DataDog/dd-trace-java#8652) - [@jbachorik](https://github.com/jbachorik)) #### Data Streams Monitoring - ✨ e2e pipeline configuration when data jobs is enabled ([#8553](DataDog/dd-trace-java#8553) - [@kr-igor](https://github.com/kr-igor)) #### Dynamic Instrumentation - 🐛 Fix In-Product when config is empty ([#8679](DataDog/dd-trace-java#8679) - [@jpbempel](https://github.com/jpbempel)) - ✨ Add support for filtering shaded third-party libs ([#8612](DataDog/dd-trace-java#8612) - [@jpbempel](https://github.com/jpbempel)) - ✨ Add In-Product Enablement ([#8587](DataDog/dd-trace-java#8587) - [@jpbempel](https://github.com/jpbempel)) - ✨⚡ Reduce footprint of SourceFile tracking ([#8524](DataDog/dd-trace-java#8524) - [@jpbempel](https://github.com/jpbempel)) - ✨⚡ Optimize the SourceFile tracking ([#8520](DataDog/dd-trace-java#8520) - [@jpbempel](https://github.com/jpbempel)) #### OpenTracing - 🧹 Remove activeScope() use in OpenTracing shim ([#8478](DataDog/dd-trace-java#8478) - [@mcculls](https://github.com/mcculls)) #### Profiling - ✨ Add profiler env check command to AgentCLI ([#8671](DataDog/dd-trace-java#8671) - [@jbachorik](https://github.com/jbachorik)) - ✨ Bump ddprof to 1.23.0 ([#8668](DataDog/dd-trace-java#8668) - [@jbachorik](https://github.com/jbachorik)) - Fix a crash related to ElfParser::loadSymbolTable ([#191](DataDog/dd-trace-java#191)) by [@yanglong1010](https://github.com/yanglong1010) in DataDog/java-profiler#192 - Unwind String.indexOf intrinsic on AArch64 by [@MattAlp](https://github.com/MattAlp) in DataDog/java-profiler#193 - Fix Java 24 support by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#194 - A set of fixes related to clang, aarch64 and musl pecularities of vmstructs stack unwinder by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#199 - 🐛 Remove process information from JFR recording ([#8661](DataDog/dd-trace-java#8661) - [@r1viollet](https://github.com/r1viollet)) - 🐛 Make TempLocationManager USER aware ([#8605](DataDog/dd-trace-java#8605) - [@jbachorik](https://github.com/jbachorik)) - ✨ Extract git tags from embedded git.properties and datadog_git.properties ([#8561](DataDog/dd-trace-java#8561) - [@wmouchere](https://github.com/wmouchere)) #### Telemetry - 🐛 Fix appsec.rasp.error and appsec.waf.error telemetry metrics ([#8624](DataDog/dd-trace-java#8624) - [@jandro996](https://github.com/jandro996)) - ✨ Create metric: appsec.rasp.rule.skipped ([#8618](DataDog/dd-trace-java#8618) - [@jandro996](https://github.com/jandro996)) - ✨ Extract git tags from embedded git.properties and datadog_git.properties ([#8561](DataDog/dd-trace-java#8561) - [@wmouchere](https://github.com/wmouchere)) #### Testing - 🧹 Simplify ssi tests one-pipeline ([#8558](DataDog/dd-trace-java#8558) - [@robertomonteromiguel](https://github.com/robertomonteromiguel)) - ✨ Add smoke tests for java's concurrent API ([#8438](DataDog/dd-trace-java#8438) - [@sarahchen6](https://github.com/sarahchen6)) #### Trace context propagation - ✨ Adding Support for `TRACE_PROPAGATION_BEHAVIOR_EXTRACT` ([#8535](DataDog/dd-trace-java#8535) - [@mhlidd](https://github.com/mhlidd)) #### Tracer core - 🐛 Ensure shaded helpers have unique names ([#8559](DataDog/dd-trace-java#8559) - [@amarziali](https://github.com/amarziali)) - ✨ Support common config sources for user-provided git info ([#8547](DataDog/dd-trace-java#8547) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Make the default config sources more robust when a security manager is installed ([#8544](DataDog/dd-trace-java#8544) - [@mcculls](https://github.com/mcculls)) - ✨ Support targeting services with configurations in stable configuration file ([#8526](DataDog/dd-trace-java#8526) - [@mtoffl01](https://github.com/mtoffl01)) - ✨ Add new parser for `DD_TAGS` and prioritizing `DD_SERVICE` ([#8296](DataDog/dd-trace-java#8296) - [@mhlidd](https://github.com/mhlidd)) #### Tracer internal logging - 🐛 Add missing debug log for the cloudPayloadTaggingServices config ([#8600](DataDog/dd-trace-java#8600) - [@ygree](https://github.com/ygree)) - ✨ Add the possibility to output the logs of the Java tracer in JSON ([#8083](DataDog/dd-trace-java#8083) - [@cecile75](https://github.com/cecile75)) #### Tracer public API - ✨ Introducing `DD_TRACE_EXPERIMENTAL_FEATURES_ENABLED` Config ([#8536](DataDog/dd-trace-java#8536) - [@mhlidd](https://github.com/mhlidd)) - ✨ Config Consistency Round 2 ([#8489](DataDog/dd-trace-java#8489) - [@mhlidd](https://github.com/mhlidd)) ### Instrumentations #### - 🐛 Fix NPE in getMdcCopy of LoggingEventInstrumentation ([#8599](DataDog/dd-trace-java#8599) - [@ygree](https://github.com/ygree)) #### Apache Spark instrumentation - ✨ Instrument Runtime.exit() to finish spark application spans ([#8572](DataDog/dd-trace-java#8572) - [@paul-laffon-dd](https://github.com/paul-laffon-dd)) - ✨ Configure OpenLineage if present in Spark instrumentation ([#8541](DataDog/dd-trace-java#8541) - [@mobuchowski](https://github.com/mobuchowski)) #### Armeria Instrumentation - ✨ Support armeria grpc 1.32.3 ([#8606](DataDog/dd-trace-java#8606) - [@github-actions](https://github.com/github-actions)\[bot]) #### AWS DynamoDB Instrumentation - ✨ Create DynamoDB instrumentation + add span pointers for `updateItem` and `deleteItem` ([#8490](DataDog/dd-trace-java#8490) - [@nhulston](https://github.com/nhulston)) #### AWS SDK instrumentation - ✨ Add DynamoDB in DEFAULT_TRACE_CLOUD_PAYLOAD_TAGGING_SERVICES ([#8595](DataDog/dd-trace-java#8595) - [@joeyzhao2018](https://github.com/joeyzhao2018)) #### Azure Functions instrumentation - ✨ Enable tracer computed trace metrics by default for Azure Functions ([#8518](DataDog/dd-trace-java#8518) - [@duncanpharvey](https://github.com/duncanpharvey)) - 💡 Add azure-functions instrumentation ([#8432](DataDog/dd-trace-java#8432) - [@duncanpharvey](https://github.com/duncanpharvey)) #### Core Java language instrumentation - 🐛 Fix ForkJoinPool.execute() instrumentation on Java 21+ ([#8560](DataDog/dd-trace-java#8560) - [@PerfectSlayer](https://github.com/PerfectSlayer)) #### Eclipse Vert.x instrumentation - ✨ Add vertx postgresql client instrumentation ([#8471](DataDog/dd-trace-java#8471) - [@vandonr](https://github.com/vandonr) - thanks for the contribution!) #### Kafka instrumentation - ✨ Support and test kafka-clients 4 ([#8581](DataDog/dd-trace-java#8581) - [@amarziali](https://github.com/amarziali)) #### Kotlin instrumentation - ✨ Avoid disconnected traces when using Kotlin flowOn ([#8651](DataDog/dd-trace-java#8651) - [@mcculls](https://github.com/mcculls)) #### OpenTelemetry instrumentation - 🧹 Migrate OtelContext wrapper to new internal Context API ([#8645](DataDog/dd-trace-java#8645) - [@mcculls](https://github.com/mcculls)) #### Spring instrumentation - 🐛 Support CompletableFuture on spring webmvc controllers ([#8659](DataDog/dd-trace-java#8659) - [@amarziali](https://github.com/amarziali)) - ✨ Add support for endpoint discovery in spring mvc ([#8352](DataDog/dd-trace-java#8352) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### WebSocket Instrumentation - ✨ Instrument Jetty websocket pojo ([#8562](DataDog/dd-trace-java#8562) - [@amarziali](https://github.com/amarziali)) - 💡 Instrument Java Websocket API (JSR356) ([#8440](DataDog/dd-trace-java#8440) - [@amarziali](https://github.com/amarziali)) #### All other instrumentations - ✨ Introduce cache for peer.hostname lookup ([#8601](DataDog/dd-trace-java#8601) - [@mcculls](https://github.com/mcculls)) - ✨ Support pekko http 1.1 ([#8532](DataDog/dd-trace-java#8532) - [@amarziali](https://github.com/amarziali)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 331314f71acaced3adc75ea5d7e855c248d593fc

manuel-alvarez-alvarez added type: bug comp: asm iast Application Security Management (IAST) labels Mar 13, 2025

manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from 6923877 to e5bb8b6 Compare March 13, 2025 10:55

manuel-alvarez-alvarez marked this pull request as ready for review March 13, 2025 10:57

manuel-alvarez-alvarez requested review from a team as code owners March 13, 2025 10:57

manuel-alvarez-alvarez requested a review from mcculls March 13, 2025 10:57

manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from e5bb8b6 to ee718ed Compare March 13, 2025 10:57

smola approved these changes Mar 13, 2025

View reviewed changes

manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from ee718ed to 5787711 Compare March 13, 2025 12:50

jandro996 approved these changes Mar 13, 2025

View reviewed changes

amarziali approved these changes Mar 13, 2025

View reviewed changes

mcculls approved these changes Mar 14, 2025

View reviewed changes

manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from 5787711 to 3710146 Compare March 14, 2025 11:30

manuel-alvarez-alvarez requested a review from a team as a code owner March 14, 2025 11:30

manuel-alvarez-alvarez requested review from robertpi and sezen-datadog March 14, 2025 11:30

manuel-alvarez-alvarez changed the title ~~Prevent before callsites targeting constructors~~ Prevent before callsites targeting constructors in super calls Mar 14, 2025

datadog-datadog-prod-us1 bot reviewed Mar 14, 2025

View reviewed changes

manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from 3710146 to d68298f Compare March 14, 2025 11:42

datadog-datadog-prod-us1 bot reviewed Mar 14, 2025

View reviewed changes

dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/csi/CallSites.java Show resolved Hide resolved

manuel-alvarez-alvarez requested review from smola and jandro996 March 14, 2025 11:44

manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from d68298f to f06dbea Compare March 14, 2025 11:55

datadog-datadog-prod-us1 bot reviewed Mar 14, 2025

View reviewed changes

dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/csi/CallSites.java Show resolved Hide resolved

jandro996 approved these changes Mar 17, 2025

View reviewed changes

manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from f06dbea to d3c4fc1 Compare March 17, 2025 09:36

Prevent before callsites targeting calls to super in constructors

e20ae64

manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from d3c4fc1 to 98981cf Compare March 17, 2025 11:03

Fix failing tests

70c362c

manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-before-ctor-callsites branch from 98981cf to 70c362c Compare March 17, 2025 11:08

manuel-alvarez-alvarez merged commit eb4c52e into master Mar 17, 2025
271 checks passed

manuel-alvarez-alvarez deleted the malvarez/iast-fix-before-ctor-callsites branch March 17, 2025 12:46

github-actions bot added this to the 1.48.0 milestone Mar 17, 2025

manuel-alvarez-alvarez mentioned this pull request Mar 18, 2025

🍒 8549 - Prevent before callsites targeting constructors in super calls #8582

Merged

mtoffl01 pushed a commit that referenced this pull request Mar 24, 2025

Prevent before callsites targeting constructors in super calls (#8549)

7ff940b

Prevent before callsites targeting calls to super in constructors

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Prevent before callsites targeting constructors in super calls #8549

Prevent before callsites targeting constructors in super calls #8549

manuel-alvarez-alvarez commented Mar 13, 2025 •

edited

Loading

pr-commenter bot commented Mar 13, 2025 •

edited

Loading

amarziali left a comment

manuel-alvarez-alvarez commented Mar 13, 2025

mcculls left a comment

manuel-alvarez-alvarez commented Mar 14, 2025 •

edited

Loading

Prevent before callsites targeting constructors in super calls #8549

Prevent before callsites targeting constructors in super calls #8549

Conversation

manuel-alvarez-alvarez commented Mar 13, 2025 • edited Loading

What Does This Do

Motivation

Additional Notes

Contributor Checklist

pr-commenter bot commented Mar 13, 2025 • edited Loading

Benchmarks

Startup

Parameters

Summary

Load

Parameters

Summary

Dacapo

Parameters

Summary

amarziali left a comment

Choose a reason for hiding this comment

manuel-alvarez-alvarez commented Mar 13, 2025

mcculls left a comment

Choose a reason for hiding this comment

manuel-alvarez-alvarez commented Mar 14, 2025 • edited Loading

manuel-alvarez-alvarez commented Mar 13, 2025 •

edited

Loading

pr-commenter bot commented Mar 13, 2025 •

edited

Loading

manuel-alvarez-alvarez commented Mar 14, 2025 •

edited

Loading