Allow agent to be automatically injected when running aside Log4J patch agent

[paullegranddc]

What Does This Do

• add an exception in double injection check for log4j patch agent

Motivation

This fix is meant for DJM running in AWS EMR.
AWS adds a javaagent on their spark processes to patch the log4j vulnerability. This wouldn't pass the current double injection check so the injector is currently configured to pass DD_INJECT_FORCE on EMR to force the check.

The issue is that this is configuration is currently passed to the injector in a legacy way we want to remove, so we wouldn't be able to skip checks. This exception is also, in general, a bit scary because it applies everywhere we will inject everything on EMR regardless of deny lists.

So this PR adds a more restricted exception in the AgentBootstrap, and only works if there 2 agents one of them being for log4j.

Additional Notes

Contributor Checklist

• Format the title according the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any usefull labels
• Don't use close, fix or any linking keywords when referencing an issue.
  Use solves instead, and assign the PR milestone to the issue
• Update the public documentation in case of new configuration flag or behavior

Jira ticket: [PROJ-IDENT]

[github-actions]

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

• Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	paullgdc/agent_bootstrap/inject_when_log4j_patch
git_commit_date	1746263227	1746436942
git_commit_sha	12da6fe	5670cc9
release_version	1.49.0-SNAPSHOT~12da6fe499	1.49.0-SNAPSHOT~5670cc926e

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1746439853	1746439853
ci_job_id	923086832	923086832
ci_pipeline_id	64084270	64084270
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zssr2y5-project-304-concurrent-0-eo4xejgo 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zssr2y5-project-304-concurrent-0-eo4xejgo 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 66 metrics, 5 unstable metrics.

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.49.0-SNAPSHOT~5670cc926e, baseline=1.49.0-SNAPSHOT~12da6fe499

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.007 s) : 0, 1007039
Total [baseline] (8.628 s) : 0, 8628410
Agent [candidate] (1.004 s) : 0, 1004408
Total [candidate] (8.609 s) : 0, 8608629
section iast
Agent [baseline] (1.138 s) : 0, 1138142
Total [baseline] (9.228 s) : 0, 9228345
Agent [candidate] (1.137 s) : 0, 1136620
Total [candidate] (9.187 s) : 0, 9186634
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.143 s) : 0, 1142787
Total [baseline] (9.181 s) : 0, 9180746
Agent [candidate] (1.148 s) : 0, 1148243
Total [candidate] (9.21 s) : 0, 9210393
section iast_TELEMETRY_OFF
Agent [baseline] (1.131 s) : 0, 1130833
Total [baseline] (9.207 s) : 0, 9207289
Agent [candidate] (1.141 s) : 0, 1140813
Total [candidate] (9.183 s) : 0, 9182872

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.007 s	-
Agent	iast	1.138 s	131.103 ms (13.0%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.143 s	135.748 ms (13.5%)
Agent	iast_TELEMETRY_OFF	1.131 s	123.794 ms (12.3%)
Total	tracing	8.628 s	-
Total	iast	9.228 s	599.935 ms (7.0%)
Total	iast_HARDCODED_SECRET_DISABLED	9.181 s	552.336 ms (6.4%)
Total	iast_TELEMETRY_OFF	9.207 s	578.879 ms (6.7%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.004 s	-
Agent	iast	1.137 s	132.212 ms (13.2%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.148 s	143.834 ms (14.3%)
Agent	iast_TELEMETRY_OFF	1.141 s	136.404 ms (13.6%)
Total	tracing	8.609 s	-
Total	iast	9.187 s	578.005 ms (6.7%)
Total	iast_HARDCODED_SECRET_DISABLED	9.21 s	601.763 ms (7.0%)
Total	iast_TELEMETRY_OFF	9.183 s	574.243 ms (6.7%)

gantt
    title insecure-bank - break down per module: candidate=1.49.0-SNAPSHOT~5670cc926e, baseline=1.49.0-SNAPSHOT~12da6fe499

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (670.658 ms) : 0, 670658
BytebuddyAgent [candidate] (669.84 ms) : 0, 669840
GlobalTracer [baseline] (239.948 ms) : 0, 239948
GlobalTracer [candidate] (239.616 ms) : 0, 239616
AppSec [baseline] (54.742 ms) : 0, 54742
AppSec [candidate] (54.672 ms) : 0, 54672
Debugger [baseline] (6.156 ms) : 0, 6156
Debugger [candidate] (6.13 ms) : 0, 6130
Remote Config [baseline] (707.304 µs) : 0, 707
Remote Config [candidate] (702.047 µs) : 0, 702
Telemetry [baseline] (11.331 ms) : 0, 11331
Telemetry [candidate] (9.932 ms) : 0, 9932
section iast
BytebuddyAgent [baseline] (790.556 ms) : 0, 790556
BytebuddyAgent [candidate] (789.84 ms) : 0, 789840
GlobalTracer [baseline] (230.176 ms) : 0, 230176
GlobalTracer [candidate] (229.984 ms) : 0, 229984
IAST [baseline] (22.702 ms) : 0, 22702
IAST [candidate] (23.624 ms) : 0, 23624
AppSec [baseline] (56.844 ms) : 0, 56844
AppSec [candidate] (55.356 ms) : 0, 55356
Debugger [baseline] (5.838 ms) : 0, 5838
Debugger [candidate] (5.896 ms) : 0, 5896
Remote Config [baseline] (570.297 µs) : 0, 570
Remote Config [candidate] (597.676 µs) : 0, 598
Telemetry [baseline] (7.857 ms) : 0, 7857
Telemetry [candidate] (7.882 ms) : 0, 7882
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (794.337 ms) : 0, 794337
BytebuddyAgent [candidate] (799.541 ms) : 0, 799541
GlobalTracer [baseline] (231.048 ms) : 0, 231048
GlobalTracer [candidate] (231.027 ms) : 0, 231027
IAST [baseline] (23.047 ms) : 0, 23047
IAST [candidate] (23.02 ms) : 0, 23020
AppSec [baseline] (56.425 ms) : 0, 56425
AppSec [candidate] (56.502 ms) : 0, 56502
Debugger [baseline] (5.907 ms) : 0, 5907
Debugger [candidate] (5.954 ms) : 0, 5954
Remote Config [baseline] (583.885 µs) : 0, 584
Remote Config [candidate] (587.582 µs) : 0, 588
Telemetry [baseline] (7.915 ms) : 0, 7915
Telemetry [candidate] (7.955 ms) : 0, 7955
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (785.657 ms) : 0, 785657
BytebuddyAgent [candidate] (791.667 ms) : 0, 791667
GlobalTracer [baseline] (229.641 ms) : 0, 229641
GlobalTracer [candidate] (231.558 ms) : 0, 231558
IAST [baseline] (22.216 ms) : 0, 22216
IAST [candidate] (22.598 ms) : 0, 22598
AppSec [baseline] (55.875 ms) : 0, 55875
AppSec [candidate] (56.987 ms) : 0, 56987
Debugger [baseline] (5.902 ms) : 0, 5902
Debugger [candidate] (5.991 ms) : 0, 5991
Remote Config [baseline] (598.88 µs) : 0, 599
Remote Config [candidate] (621.612 µs) : 0, 622
Telemetry [baseline] (7.569 ms) : 0, 7569
Telemetry [candidate] (7.853 ms) : 0, 7853

Loading

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.49.0-SNAPSHOT~5670cc926e, baseline=1.49.0-SNAPSHOT~12da6fe499

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.012 s) : 0, 1012200
Total [baseline] (10.439 s) : 0, 10438944
Agent [candidate] (1.008 s) : 0, 1007582
Total [candidate] (10.514 s) : 0, 10513824
section appsec
Agent [baseline] (1.15 s) : 0, 1150210
Total [baseline] (10.665 s) : 0, 10664995
Agent [candidate] (1.15 s) : 0, 1149986
Total [candidate] (10.726 s) : 0, 10725741
section iast
Agent [baseline] (1.138 s) : 0, 1138366
Total [baseline] (10.785 s) : 0, 10784754
Agent [candidate] (1.137 s) : 0, 1136886
Total [candidate] (10.849 s) : 0, 10849140
section profiling
Agent [baseline] (1.257 s) : 0, 1256931
Total [baseline] (10.766 s) : 0, 10766203
Agent [candidate] (1.257 s) : 0, 1256990
Total [candidate] (10.829 s) : 0, 10828556

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.012 s	-
Agent	appsec	1.15 s	138.01 ms (13.6%)
Agent	iast	1.138 s	126.166 ms (12.5%)
Agent	profiling	1.257 s	244.731 ms (24.2%)
Total	tracing	10.439 s	-
Total	appsec	10.665 s	226.051 ms (2.2%)
Total	iast	10.785 s	345.809 ms (3.3%)
Total	profiling	10.766 s	327.258 ms (3.1%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.008 s	-
Agent	appsec	1.15 s	142.404 ms (14.1%)
Agent	iast	1.137 s	129.304 ms (12.8%)
Agent	profiling	1.257 s	249.408 ms (24.8%)
Total	tracing	10.514 s	-
Total	appsec	10.726 s	211.917 ms (2.0%)
Total	iast	10.849 s	335.316 ms (3.2%)
Total	profiling	10.829 s	314.732 ms (3.0%)

gantt
    title petclinic - break down per module: candidate=1.49.0-SNAPSHOT~5670cc926e, baseline=1.49.0-SNAPSHOT~12da6fe499

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (674.862 ms) : 0, 674862
BytebuddyAgent [candidate] (672.13 ms) : 0, 672130
GlobalTracer [baseline] (240.049 ms) : 0, 240049
GlobalTracer [candidate] (240.749 ms) : 0, 240749
AppSec [baseline] (54.63 ms) : 0, 54630
AppSec [candidate] (54.567 ms) : 0, 54567
Debugger [baseline] (6.826 ms) : 0, 6826
Debugger [candidate] (6.123 ms) : 0, 6123
Remote Config [baseline] (691.131 µs) : 0, 691
Remote Config [candidate] (703.551 µs) : 0, 704
Telemetry [baseline] (11.479 ms) : 0, 11479
Telemetry [candidate] (9.94 ms) : 0, 9940
section appsec
BytebuddyAgent [baseline] (689.976 ms) : 0, 689976
BytebuddyAgent [candidate] (688.627 ms) : 0, 688627
GlobalTracer [baseline] (236.599 ms) : 0, 236599
GlobalTracer [candidate] (236.994 ms) : 0, 236994
AppSec [baseline] (174.902 ms) : 0, 174902
AppSec [candidate] (175.776 ms) : 0, 175776
Debugger [baseline] (5.897 ms) : 0, 5897
Debugger [candidate] (5.909 ms) : 0, 5909
Remote Config [baseline] (635.9 µs) : 0, 636
Remote Config [candidate] (637.534 µs) : 0, 638
Telemetry [baseline] (7.808 ms) : 0, 7808
Telemetry [candidate] (7.774 ms) : 0, 7774
IAST [baseline] (21.805 ms) : 0, 21805
IAST [candidate] (21.652 ms) : 0, 21652
section iast
BytebuddyAgent [baseline] (791.127 ms) : 0, 791127
BytebuddyAgent [candidate] (789.746 ms) : 0, 789746
GlobalTracer [baseline] (230.564 ms) : 0, 230564
GlobalTracer [candidate] (229.947 ms) : 0, 229947
AppSec [baseline] (56.175 ms) : 0, 56175
AppSec [candidate] (56.774 ms) : 0, 56774
Debugger [baseline] (5.847 ms) : 0, 5847
Debugger [candidate] (5.905 ms) : 0, 5905
Remote Config [baseline] (591.433 µs) : 0, 591
Remote Config [candidate] (597.064 µs) : 0, 597
Telemetry [baseline] (7.92 ms) : 0, 7920
Telemetry [candidate] (7.898 ms) : 0, 7898
IAST [baseline] (22.662 ms) : 0, 22662
IAST [candidate] (22.658 ms) : 0, 22658
section profiling
ProfilingAgent [baseline] (96.243 ms) : 0, 96243
ProfilingAgent [candidate] (96.758 ms) : 0, 96758
BytebuddyAgent [baseline] (662.325 ms) : 0, 662325
BytebuddyAgent [candidate] (662.164 ms) : 0, 662164
GlobalTracer [baseline] (378.464 ms) : 0, 378464
GlobalTracer [candidate] (378.937 ms) : 0, 378937
AppSec [baseline] (54.6 ms) : 0, 54600
AppSec [candidate] (53.945 ms) : 0, 53945
Debugger [baseline] (6.127 ms) : 0, 6127
Debugger [candidate] (6.183 ms) : 0, 6183
Remote Config [baseline] (649.837 µs) : 0, 650
Remote Config [candidate] (654.384 µs) : 0, 654
Telemetry [baseline] (8.154 ms) : 0, 8154
Telemetry [candidate] (8.146 ms) : 0, 8146
Profiling [baseline] (96.266 ms) : 0, 96266
Profiling [candidate] (96.782 ms) : 0, 96782

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2025-05-05T09:43:18	2025-05-05T09:51:04
git_branch	master	paullgdc/agent_bootstrap/inject_when_log4j_patch
git_commit_date	1746263227	1746436942
git_commit_sha	12da6fe	5670cc9
release_version	1.49.0-SNAPSHOT~12da6fe499	1.49.0-SNAPSHOT~5670cc926e
start_time	2025-05-05T09:43:04	2025-05-05T09:50:49

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1746439060	1746439060
ci_job_id	923086833	923086833
ci_pipeline_id	64084270	64084270
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-mgrvxjgq-project-304-concurrent-0-cfz6ri32 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-mgrvxjgq-project-304-concurrent-0-cfz6ri32 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 18 unstable metrics.

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.49.0-SNAPSHOT~5670cc926e, baseline=1.49.0-SNAPSHOT~12da6fe499
    dateFormat X
    axisFormat %s
section baseline
no_agent (379.756 µs) : 360, 400
.   : milestone, 380,
iast (512.631 µs) : 489, 536
.   : milestone, 513,
iast_FULL (736.295 µs) : 713, 760
.   : milestone, 736,
iast_GLOBAL (560.192 µs) : 537, 583
.   : milestone, 560,
iast_HARDCODED_SECRET_DISABLED (524.155 µs) : 501, 547
.   : milestone, 524,
iast_INACTIVE (467.558 µs) : 445, 490
.   : milestone, 468,
iast_TELEMETRY_OFF (517.0 µs) : 494, 540
.   : milestone, 517,
tracing (457.49 µs) : 436, 479
.   : milestone, 457,
section candidate
no_agent (385.0 µs) : 364, 406
.   : milestone, 385,
iast (526.236 µs) : 503, 550
.   : milestone, 526,
iast_FULL (738.313 µs) : 715, 762
.   : milestone, 738,
iast_GLOBAL (560.464 µs) : 537, 584
.   : milestone, 560,
iast_HARDCODED_SECRET_DISABLED (510.206 µs) : 487, 533
.   : milestone, 510,
iast_INACTIVE (464.337 µs) : 442, 487
.   : milestone, 464,
iast_TELEMETRY_OFF (513.335 µs) : 491, 536
.   : milestone, 513,
tracing (456.969 µs) : 435, 479
.   : milestone, 457,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	379.756 µs [359.922 µs, 399.59 µs]	-
iast	512.631 µs [489.395 µs, 535.867 µs]	132.875 µs (35.0%)
iast_FULL	736.295 µs [712.507 µs, 760.082 µs]	356.539 µs (93.9%)
iast_GLOBAL	560.192 µs [537.263 µs, 583.12 µs]	180.435 µs (47.5%)
iast_HARDCODED_SECRET_DISABLED	524.155 µs [501.469 µs, 546.841 µs]	144.399 µs (38.0%)
iast_INACTIVE	467.558 µs [445.103 µs, 490.013 µs]	87.802 µs (23.1%)
iast_TELEMETRY_OFF	517.0 µs [493.641 µs, 540.359 µs]	137.244 µs (36.1%)
tracing	457.49 µs [435.773 µs, 479.207 µs]	77.734 µs (20.5%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	385.0 µs [363.537 µs, 406.463 µs]	-
iast	526.236 µs [502.797 µs, 549.674 µs]	141.236 µs (36.7%)
iast_FULL	738.313 µs [714.776 µs, 761.85 µs]	353.312 µs (91.8%)
iast_GLOBAL	560.464 µs [537.377 µs, 583.552 µs]	175.464 µs (45.6%)
iast_HARDCODED_SECRET_DISABLED	510.206 µs [487.268 µs, 533.144 µs]	125.205 µs (32.5%)
iast_INACTIVE	464.337 µs [441.88 µs, 486.795 µs]	79.337 µs (20.6%)
iast_TELEMETRY_OFF	513.335 µs [490.904 µs, 535.766 µs]	128.335 µs (33.3%)
tracing	456.969 µs [435.17 µs, 478.768 µs]	71.969 µs (18.7%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.49.0-SNAPSHOT~5670cc926e, baseline=1.49.0-SNAPSHOT~12da6fe499
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.354 ms) : 1336, 1373
.   : milestone, 1354,
appsec (1.734 ms) : 1710, 1759
.   : milestone, 1734,
appsec_no_iast (1.71 ms) : 1686, 1734
.   : milestone, 1710,
code_origins (1.686 ms) : 1659, 1714
.   : milestone, 1686,
iast (1.517 ms) : 1493, 1542
.   : milestone, 1517,
profiling (1.556 ms) : 1531, 1581
.   : milestone, 1556,
tracing (1.49 ms) : 1465, 1514
.   : milestone, 1490,
section candidate
no_agent (1.369 ms) : 1349, 1389
.   : milestone, 1369,
appsec (1.732 ms) : 1709, 1755
.   : milestone, 1732,
appsec_no_iast (1.727 ms) : 1703, 1751
.   : milestone, 1727,
code_origins (1.675 ms) : 1648, 1702
.   : milestone, 1675,
iast (1.491 ms) : 1467, 1515
.   : milestone, 1491,
profiling (1.524 ms) : 1500, 1548
.   : milestone, 1524,
tracing (1.487 ms) : 1462, 1512
.   : milestone, 1487,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.354 ms [1.336 ms, 1.373 ms]	-
appsec	1.734 ms [1.71 ms, 1.759 ms]	380.004 µs (28.1%)
appsec_no_iast	1.71 ms [1.686 ms, 1.734 ms]	355.66 µs (26.3%)
code_origins	1.686 ms [1.659 ms, 1.714 ms]	331.957 µs (24.5%)
iast	1.517 ms [1.493 ms, 1.542 ms]	162.904 µs (12.0%)
profiling	1.556 ms [1.531 ms, 1.581 ms]	201.648 µs (14.9%)
tracing	1.49 ms [1.465 ms, 1.514 ms]	135.419 µs (10.0%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.369 ms [1.349 ms, 1.389 ms]	-
appsec	1.732 ms [1.709 ms, 1.755 ms]	363.178 µs (26.5%)
appsec_no_iast	1.727 ms [1.703 ms, 1.751 ms]	358.189 µs (26.2%)
code_origins	1.675 ms [1.648 ms, 1.702 ms]	306.217 µs (22.4%)
iast	1.491 ms [1.467 ms, 1.515 ms]	121.866 µs (8.9%)
profiling	1.524 ms [1.5 ms, 1.548 ms]	155.372 µs (11.3%)
tracing	1.487 ms [1.462 ms, 1.512 ms]	118.386 µs (8.6%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	paullgdc/agent_bootstrap/inject_when_log4j_patch
git_commit_date	1746263227	1746436942
git_commit_sha	12da6fe	5670cc9
release_version	1.49.0-SNAPSHOT~12da6fe499	1.49.0-SNAPSHOT~5670cc926e

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1746439530	1746439530
ci_job_id	923086834	923086834
ci_pipeline_id	64084270	64084270
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zssr2y5-project-304-concurrent-1-0rxyfh5m 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zssr2y5-project-304-concurrent-1-0rxyfh5m 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.49.0-SNAPSHOT~5670cc926e, baseline=1.49.0-SNAPSHOT~12da6fe499
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.964 s) : 14964000, 14964000
.   : milestone, 14964000,
appsec (15.258 s) : 15258000, 15258000
.   : milestone, 15258000,
iast (18.816 s) : 18816000, 18816000
.   : milestone, 18816000,
iast_GLOBAL (18.269 s) : 18269000, 18269000
.   : milestone, 18269000,
profiling (14.871 s) : 14871000, 14871000
.   : milestone, 14871000,
tracing (14.843 s) : 14843000, 14843000
.   : milestone, 14843000,
section candidate
no_agent (14.958 s) : 14958000, 14958000
.   : milestone, 14958000,
appsec (14.931 s) : 14931000, 14931000
.   : milestone, 14931000,
iast (19.067 s) : 19067000, 19067000
.   : milestone, 19067000,
iast_GLOBAL (18.036 s) : 18036000, 18036000
.   : milestone, 18036000,
profiling (14.953 s) : 14953000, 14953000
.   : milestone, 14953000,
tracing (14.887 s) : 14887000, 14887000
.   : milestone, 14887000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.964 s [14.964 s, 14.964 s]	-
appsec	15.258 s [15.258 s, 15.258 s]	294.0 ms (2.0%)
iast	18.816 s [18.816 s, 18.816 s]	3.852 s (25.7%)
iast_GLOBAL	18.269 s [18.269 s, 18.269 s]	3.305 s (22.1%)
profiling	14.871 s [14.871 s, 14.871 s]	-93.0 ms (-0.6%)
tracing	14.843 s [14.843 s, 14.843 s]	-121.0 ms (-0.8%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.958 s [14.958 s, 14.958 s]	-
appsec	14.931 s [14.931 s, 14.931 s]	-27.0 ms (-0.2%)
iast	19.067 s [19.067 s, 19.067 s]	4.109 s (27.5%)
iast_GLOBAL	18.036 s [18.036 s, 18.036 s]	3.078 s (20.6%)
profiling	14.953 s [14.953 s, 14.953 s]	-5.0 ms (-0.0%)
tracing	14.887 s [14.887 s, 14.887 s]	-71.0 ms (-0.5%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.49.0-SNAPSHOT~5670cc926e, baseline=1.49.0-SNAPSHOT~12da6fe499
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.477 ms) : 1466, 1489
.   : milestone, 1477,
appsec (2.394 ms) : 2347, 2442
.   : milestone, 2394,
iast (2.174 ms) : 2114, 2234
.   : milestone, 2174,
iast_GLOBAL (2.212 ms) : 2152, 2272
.   : milestone, 2212,
profiling (2.009 ms) : 1962, 2057
.   : milestone, 2009,
tracing (1.998 ms) : 1952, 2044
.   : milestone, 1998,
section candidate
no_agent (1.481 ms) : 1469, 1493
.   : milestone, 1481,
appsec (2.395 ms) : 2347, 2442
.   : milestone, 2395,
iast (2.176 ms) : 2117, 2236
.   : milestone, 2176,
iast_GLOBAL (2.222 ms) : 2161, 2282
.   : milestone, 2222,
profiling (2.496 ms) : 2313, 2679
.   : milestone, 2496,
tracing (1.989 ms) : 1943, 2035
.   : milestone, 1989,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.477 ms [1.466 ms, 1.489 ms]	-
appsec	2.394 ms [2.347 ms, 2.442 ms]	916.706 µs (62.0%)
iast	2.174 ms [2.114 ms, 2.234 ms]	696.617 µs (47.2%)
iast_GLOBAL	2.212 ms [2.152 ms, 2.272 ms]	734.263 µs (49.7%)
profiling	2.009 ms [1.962 ms, 2.057 ms]	532.031 µs (36.0%)
tracing	1.998 ms [1.952 ms, 2.044 ms]	520.409 µs (35.2%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.481 ms [1.469 ms, 1.493 ms]	-
appsec	2.395 ms [2.347 ms, 2.442 ms]	913.698 µs (61.7%)
iast	2.176 ms [2.117 ms, 2.236 ms]	695.277 µs (46.9%)
iast_GLOBAL	2.222 ms [2.161 ms, 2.282 ms]	740.6 µs (50.0%)
profiling	2.496 ms [2.313 ms, 2.679 ms]	1.015 ms (68.5%)
tracing	1.989 ms [1.943 ms, 2.035 ms]	508.152 µs (34.3%)

[raphaelgavache]

nice catch!

[dougqh]

I think we need to set up an integration test to verify that EMR's agent isn't incompatible with ours.

[paullegranddc]

I think we need to set up an integration test to verify that EMR's agent isn't incompatible with ours.

Well in practice we know this is not incompatible because every customer that has used EMR with DJM has had both the log4j patch agent adds and our agent.
Now, the question is should we add continuous tests to verify this is going to continue being true in the future.
Currently the DJM team doesn't have these, and does manual QA before new releases.
But having the exception in the library vs in the injector config doesn't really change the risk of not having tests because we're injecting anyway in both cases.

I'd like to see integration tests too, but I don't think this change make them any more or less necessary than they were before.

[dougqh]

I don't actually think that we know that the patch jar in question is fully compatible.
I think in the context of DJM. The patch jar is benign.

However, I actually think it is reasonably likely that the patch jar isn't compatible with our log4j instrumentation.

Given how the DJM instrumentation works, DJM isn't really compatible with our log4j instrumentation. I say that because the DJM instrumentation is listener based and does not / cannot do scope activation in the normal way. And the log4j instrumentation only works if scope activation is being done.

That's not a criticism of DJM. I'm just saying that the patch jar might be compatible with DJM because log injection doesn't come into play, but that's not true for other products.

I'm hopeful that the patch jar is compatible. The patch probably doesn't change any signatures or internals in way that would run afoul of our log4j instrumentation, but we really should verify that.

Did we test products other than DJM? Did we check with the relevant versions of log4j?

[PerfectSlayer]

Cleaned up title for changelog and tests