Fix IAST gRPC handler with null superclass #8984

smola · 2025-06-13T15:56:14Z

Summary

avoid NPE when class has no superclass in gRPC handler
test handling of classes without super class

Testing

./gradlew :dd-java-agent:agent-iast:test

This was an OpenAI Codex trial run, with prompt:

Find a critical bug in some important part of the dd-java-agent/agent-iast module, fix it, and include a test for the fix.

https://chatgpt.com/codex/tasks/task_b_684c29513b90832ea66f4215df35a943

github-actions · 2025-06-13T15:56:24Z

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

pr-commenter · 2025-06-13T16:34:23Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	codex/find-and-fix-critical-bug-in-dd-java-agent/agent-iast
git_commit_date	1750674740	1750685175
git_commit_sha	`8e58785`	`769fb64`
release_version	1.51.0-SNAPSHOT~8e587850a2	1.51.0-SNAPSHOT~769fb64c58

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1750686921	1750686921
ci_job_id	993479106	993479106
ci_pipeline_id	68464720	68464720
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-z-gvyqhn-project-304-concurrent-2-ovukh4b5 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-z-gvyqhn-project-304-concurrent-2-ovukh4b5 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 43 metrics, 10 unstable metrics.

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.51.0-SNAPSHOT~769fb64c58, baseline=1.51.0-SNAPSHOT~8e587850a2

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.031 s) : 0, 1030919
Total [baseline] (8.57 s) : 0, 8569916
Agent [candidate] (1.033 s) : 0, 1033419
Total [candidate] (8.586 s) : 0, 8585557
section iast
Agent [baseline] (1.152 s) : 0, 1152429
Total [baseline] (9.207 s) : 0, 9207469
Agent [candidate] (1.15 s) : 0, 1150373
Total [candidate] (9.195 s) : 0, 9195318

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.031 s	-
Agent	iast	1.152 s	121.509 ms (11.8%)
Total	tracing	8.57 s	-
Total	iast	9.207 s	637.553 ms (7.4%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.033 s	-
Agent	iast	1.15 s	116.954 ms (11.3%)
Total	tracing	8.586 s	-
Total	iast	9.195 s	609.761 ms (7.1%)

gantt
    title insecure-bank - break down per module: candidate=1.51.0-SNAPSHOT~769fb64c58, baseline=1.51.0-SNAPSHOT~8e587850a2

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (689.619 ms) : 0, 689619
BytebuddyAgent [candidate] (691.023 ms) : 0, 691023
GlobalTracer [baseline] (243.233 ms) : 0, 243233
GlobalTracer [candidate] (243.825 ms) : 0, 243825
AppSec [baseline] (60.502 ms) : 0, 60502
AppSec [candidate] (57.638 ms) : 0, 57638
Debugger [baseline] (6.205 ms) : 0, 6205
Debugger [candidate] (7.132 ms) : 0, 7132
Remote Config [baseline] (656.498 µs) : 0, 656
Remote Config [candidate] (675.526 µs) : 0, 676
Telemetry [baseline] (9.672 ms) : 0, 9672
Telemetry [candidate] (12.123 ms) : 0, 12123
section iast
BytebuddyAgent [baseline] (806.156 ms) : 0, 806156
BytebuddyAgent [candidate] (804.905 ms) : 0, 804905
GlobalTracer [baseline] (231.833 ms) : 0, 231833
GlobalTracer [candidate] (231.108 ms) : 0, 231108
AppSec [baseline] (53.863 ms) : 0, 53863
AppSec [candidate] (51.461 ms) : 0, 51461
Debugger [baseline] (5.931 ms) : 0, 5931
Debugger [candidate] (5.976 ms) : 0, 5976
Remote Config [baseline] (606.214 µs) : 0, 606
Remote Config [candidate] (606.277 µs) : 0, 606
Telemetry [baseline] (8.008 ms) : 0, 8008
Telemetry [candidate] (7.976 ms) : 0, 7976
IAST [baseline] (25.157 ms) : 0, 25157
IAST [candidate] (27.579 ms) : 0, 27579

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.51.0-SNAPSHOT~769fb64c58, baseline=1.51.0-SNAPSHOT~8e587850a2

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.029 s) : 0, 1028824
Total [baseline] (10.558 s) : 0, 10557966
Agent [candidate] (1.033 s) : 0, 1033388
Total [candidate] (10.661 s) : 0, 10660899
section appsec
Agent [baseline] (1.18 s) : 0, 1179633
Total [baseline] (10.795 s) : 0, 10794851
Agent [candidate] (1.195 s) : 0, 1194679
Total [candidate] (10.864 s) : 0, 10864380
section iast
Agent [baseline] (1.158 s) : 0, 1157639
Total [baseline] (10.896 s) : 0, 10895914
Agent [candidate] (1.158 s) : 0, 1158077
Total [candidate] (4.309 s) : 0, 4309488
section profiling
Agent [baseline] (1.268 s) : 0, 1267665
Total [baseline] (11.053 s) : 0, 11052510
Agent [candidate] (1.27 s) : 0, 1270108
Total [candidate] (10.894 s) : 0, 10894163

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.029 s	-
Agent	appsec	1.18 s	150.81 ms (14.7%)
Agent	iast	1.158 s	128.816 ms (12.5%)
Agent	profiling	1.268 s	238.841 ms (23.2%)
Total	tracing	10.558 s	-
Total	appsec	10.795 s	236.886 ms (2.2%)
Total	iast	10.896 s	337.949 ms (3.2%)
Total	profiling	11.053 s	494.544 ms (4.7%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.033 s	-
Agent	appsec	1.195 s	161.291 ms (15.6%)
Agent	iast	1.158 s	124.688 ms (12.1%)
Agent	profiling	1.27 s	236.719 ms (22.9%)
Total	tracing	10.661 s	-
Total	appsec	10.864 s	203.48 ms (1.9%)
Total	iast	4.309 s	-6.351 s (-59.6%)
Total	profiling	10.894 s	233.263 ms (2.2%)

gantt
    title petclinic - break down per module: candidate=1.51.0-SNAPSHOT~769fb64c58, baseline=1.51.0-SNAPSHOT~8e587850a2

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (687.098 ms) : 0, 687098
BytebuddyAgent [candidate] (691.344 ms) : 0, 691344
GlobalTracer [baseline] (243.251 ms) : 0, 243251
GlobalTracer [candidate] (243.757 ms) : 0, 243757
AppSec [baseline] (58.798 ms) : 0, 58798
AppSec [candidate] (59.01 ms) : 0, 59010
Debugger [baseline] (6.973 ms) : 0, 6973
Debugger [candidate] (6.971 ms) : 0, 6971
Remote Config [baseline] (661.507 µs) : 0, 662
Remote Config [candidate] (1.455 ms) : 0, 1455
Telemetry [baseline] (11.031 ms) : 0, 11031
Telemetry [candidate] (9.804 ms) : 0, 9804
section appsec
BytebuddyAgent [baseline] (708.287 ms) : 0, 708287
BytebuddyAgent [candidate] (718.558 ms) : 0, 718558
GlobalTracer [baseline] (235.443 ms) : 0, 235443
GlobalTracer [candidate] (237.97 ms) : 0, 237970
AppSec [baseline] (179.385 ms) : 0, 179385
AppSec [candidate] (180.976 ms) : 0, 180976
Debugger [baseline] (5.816 ms) : 0, 5816
Debugger [candidate] (5.906 ms) : 0, 5906
Remote Config [baseline] (611.169 µs) : 0, 611
Remote Config [candidate] (621.835 µs) : 0, 622
Telemetry [baseline] (7.284 ms) : 0, 7284
Telemetry [candidate] (7.427 ms) : 0, 7427
IAST [baseline] (22.02 ms) : 0, 22020
IAST [candidate] (22.186 ms) : 0, 22186
section iast
BytebuddyAgent [baseline] (810.395 ms) : 0, 810395
BytebuddyAgent [candidate] (811.122 ms) : 0, 811122
GlobalTracer [baseline] (232.405 ms) : 0, 232405
GlobalTracer [candidate] (232.998 ms) : 0, 232998
AppSec [baseline] (50.91 ms) : 0, 50910
AppSec [candidate] (48.202 ms) : 0, 48202
Debugger [baseline] (6.03 ms) : 0, 6030
Debugger [candidate] (5.889 ms) : 0, 5889
Remote Config [baseline] (611.767 µs) : 0, 612
Remote Config [candidate] (621.728 µs) : 0, 622
Telemetry [baseline] (8.113 ms) : 0, 8113
Telemetry [candidate] (8.081 ms) : 0, 8081
IAST [baseline] (28.298 ms) : 0, 28298
IAST [candidate] (30.189 ms) : 0, 30189
section profiling
BytebuddyAgent [baseline] (675.285 ms) : 0, 675285
BytebuddyAgent [candidate] (676.094 ms) : 0, 676094
GlobalTracer [baseline] (360.546 ms) : 0, 360546
GlobalTracer [candidate] (360.803 ms) : 0, 360803
AppSec [baseline] (62.322 ms) : 0, 62322
AppSec [candidate] (62.341 ms) : 0, 62341
Debugger [baseline] (6.177 ms) : 0, 6177
Debugger [candidate] (6.099 ms) : 0, 6099
Remote Config [baseline] (714.285 µs) : 0, 714
Remote Config [candidate] (694.662 µs) : 0, 695
Telemetry [baseline] (8.232 ms) : 0, 8232
Telemetry [candidate] (8.102 ms) : 0, 8102
ProfilingAgent [baseline] (105.889 ms) : 0, 105889
ProfilingAgent [candidate] (107.189 ms) : 0, 107189
Profiling [baseline] (105.913 ms) : 0, 105913
Profiling [candidate] (107.214 ms) : 0, 107214

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	codex/find-and-fix-critical-bug-in-dd-java-agent/agent-iast
git_commit_date	1750674740	1750685175
git_commit_sha	`8e58785`	`769fb64`
release_version	1.51.0-SNAPSHOT~8e587850a2	1.51.0-SNAPSHOT~769fb64c58

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1750686708	1750686708
ci_job_id	993479107	993479107
ci_pipeline_id	68464720	68464720
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-4rcvxfax-project-304-concurrent-0-l071qenl 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-4rcvxfax-project-304-concurrent-0-l071qenl 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 4 performance regressions! Performance is the same for 8 metrics, 12 unstable metrics.

scenario	Δ mean http_req_duration	Δ mean throughput	candidate mean http_req_duration	candidate mean throughput	baseline mean http_req_duration	baseline mean throughput
scenario:load:insecure-bank:profiling:high_load	worse [+193.887µs; +503.329µs] or [+2.263%; +5.874%]	unstable [-89.270op/s; +47.270op/s] or [-16.497%; +8.735%]	8.918ms	520.125op/s	8.569ms	541.125op/s
scenario:load:petclinic:code_origins:high_load	worse [+0.998ms; +1.781ms] or [+2.269%; +4.048%]	unstable [-11.531op/s; +2.364op/s] or [-10.707%; +2.195%]	45.375ms	103.112op/s	43.986ms	107.696op/s
scenario:load:petclinic:profiling:high_load	worse [+1.125ms; +2.149ms] or [+2.326%; +4.445%]	unstable [-11.080op/s; +2.306op/s] or [-11.309%; +2.353%]	49.997ms	93.588op/s	48.360ms	97.975op/s
scenario:load:petclinic:appsec:high_load	worse [+1.423ms; +2.283ms] or [+3.166%; +5.081%]	unstable [-12.471op/s; +1.710op/s] or [-11.827%; +1.621%]	46.784ms	100.062op/s	44.931ms	105.443op/s

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~769fb64c58, baseline=1.51.0-SNAPSHOT~8e587850a2
    dateFormat X
    axisFormat %s
section baseline
no_agent (39.07 ms) : 38751, 39389
.   : milestone, 39070,
appsec (44.931 ms) : 44545, 45317
.   : milestone, 44931,
code_origins (43.986 ms) : 43630, 44342
.   : milestone, 43986,
iast (44.054 ms) : 43668, 44440
.   : milestone, 44054,
profiling (48.36 ms) : 47918, 48802
.   : milestone, 48360,
tracing (44.413 ms) : 44043, 44783
.   : milestone, 44413,
section candidate
no_agent (38.221 ms) : 37913, 38529
.   : milestone, 38221,
appsec (46.784 ms) : 46371, 47197
.   : milestone, 46784,
code_origins (45.375 ms) : 45005, 45746
.   : milestone, 45375,
iast (44.829 ms) : 44433, 45226
.   : milestone, 44829,
profiling (49.997 ms) : 49489, 50505
.   : milestone, 49997,
tracing (43.283 ms) : 42931, 43635
.   : milestone, 43283,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	39.07 ms [38.751 ms, 39.389 ms]	-
appsec	44.931 ms [44.545 ms, 45.317 ms]	5.861 ms (15.0%)
code_origins	43.986 ms [43.63 ms, 44.342 ms]	4.916 ms (12.6%)
iast	44.054 ms [43.668 ms, 44.44 ms]	4.984 ms (12.8%)
profiling	48.36 ms [47.918 ms, 48.802 ms]	9.29 ms (23.8%)
tracing	44.413 ms [44.043 ms, 44.783 ms]	5.343 ms (13.7%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	38.221 ms [37.913 ms, 38.529 ms]	-
appsec	46.784 ms [46.371 ms, 47.197 ms]	8.563 ms (22.4%)
code_origins	45.375 ms [45.005 ms, 45.746 ms]	7.154 ms (18.7%)
iast	44.829 ms [44.433 ms, 45.226 ms]	6.608 ms (17.3%)
profiling	49.997 ms [49.489 ms, 50.505 ms]	11.776 ms (30.8%)
tracing	43.283 ms [42.931 ms, 43.635 ms]	5.061 ms (13.2%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~769fb64c58, baseline=1.51.0-SNAPSHOT~8e587850a2
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.413 ms) : 4364, 4463
.   : milestone, 4413,
iast (9.216 ms) : 9066, 9366
.   : milestone, 9216,
iast_FULL (13.932 ms) : 13660, 14205
.   : milestone, 13932,
iast_GLOBAL (9.966 ms) : 9787, 10145
.   : milestone, 9966,
profiling (8.569 ms) : 8429, 8710
.   : milestone, 8569,
tracing (7.899 ms) : 7776, 8022
.   : milestone, 7899,
section candidate
no_agent (4.359 ms) : 4309, 4408
.   : milestone, 4359,
iast (9.057 ms) : 8903, 9211
.   : milestone, 9057,
iast_FULL (13.916 ms) : 13639, 14193
.   : milestone, 13916,
iast_GLOBAL (10.119 ms) : 9937, 10301
.   : milestone, 10119,
profiling (8.918 ms) : 8771, 9065
.   : milestone, 8918,
tracing (7.866 ms) : 7746, 7985
.   : milestone, 7866,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	4.413 ms [4.364 ms, 4.463 ms]	-
iast	9.216 ms [9.066 ms, 9.366 ms]	4.803 ms (108.8%)
iast_FULL	13.932 ms [13.66 ms, 14.205 ms]	9.519 ms (215.7%)
iast_GLOBAL	9.966 ms [9.787 ms, 10.145 ms]	5.552 ms (125.8%)
profiling	8.569 ms [8.429 ms, 8.71 ms]	4.156 ms (94.2%)
tracing	7.899 ms [7.776 ms, 8.022 ms]	3.485 ms (79.0%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	4.359 ms [4.309 ms, 4.408 ms]	-
iast	9.057 ms [8.903 ms, 9.211 ms]	4.698 ms (107.8%)
iast_FULL	13.916 ms [13.639 ms, 14.193 ms]	9.557 ms (219.3%)
iast_GLOBAL	10.119 ms [9.937 ms, 10.301 ms]	5.76 ms (132.2%)
profiling	8.918 ms [8.771 ms, 9.065 ms]	4.559 ms (104.6%)
tracing	7.866 ms [7.746 ms, 7.985 ms]	3.507 ms (80.5%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	codex/find-and-fix-critical-bug-in-dd-java-agent/agent-iast
git_commit_date	1750674740	1750685175
git_commit_sha	`8e58785`	`769fb64`
release_version	1.51.0-SNAPSHOT~8e587850a2	1.51.0-SNAPSHOT~769fb64c58

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1750687311	1750687311
ci_job_id	993479108	993479108
ci_pipeline_id	68464720	68464720
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-z-gvyqhn-project-304-concurrent-3-e85qo3mz 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-z-gvyqhn-project-304-concurrent-3-e85qo3mz 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~769fb64c58, baseline=1.51.0-SNAPSHOT~8e587850a2
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.287 s) : 15287000, 15287000
.   : milestone, 15287000,
appsec (14.801 s) : 14801000, 14801000
.   : milestone, 14801000,
iast (18.878 s) : 18878000, 18878000
.   : milestone, 18878000,
iast_GLOBAL (18.141 s) : 18141000, 18141000
.   : milestone, 18141000,
profiling (15.438 s) : 15438000, 15438000
.   : milestone, 15438000,
tracing (14.792 s) : 14792000, 14792000
.   : milestone, 14792000,
section candidate
no_agent (15.102 s) : 15102000, 15102000
.   : milestone, 15102000,
appsec (14.85 s) : 14850000, 14850000
.   : milestone, 14850000,
iast (18.373 s) : 18373000, 18373000
.   : milestone, 18373000,
iast_GLOBAL (18.143 s) : 18143000, 18143000
.   : milestone, 18143000,
profiling (15.376 s) : 15376000, 15376000
.   : milestone, 15376000,
tracing (14.802 s) : 14802000, 14802000
.   : milestone, 14802000,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.287 s [15.287 s, 15.287 s]	-
appsec	14.801 s [14.801 s, 14.801 s]	-486.0 ms (-3.2%)
iast	18.878 s [18.878 s, 18.878 s]	3.591 s (23.5%)
iast_GLOBAL	18.141 s [18.141 s, 18.141 s]	2.854 s (18.7%)
profiling	15.438 s [15.438 s, 15.438 s]	151.0 ms (1.0%)
tracing	14.792 s [14.792 s, 14.792 s]	-495.0 ms (-3.2%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.102 s [15.102 s, 15.102 s]	-
appsec	14.85 s [14.85 s, 14.85 s]	-252.0 ms (-1.7%)
iast	18.373 s [18.373 s, 18.373 s]	3.271 s (21.7%)
iast_GLOBAL	18.143 s [18.143 s, 18.143 s]	3.041 s (20.1%)
profiling	15.376 s [15.376 s, 15.376 s]	274.0 ms (1.8%)
tracing	14.802 s [14.802 s, 14.802 s]	-300.0 ms (-2.0%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~769fb64c58, baseline=1.51.0-SNAPSHOT~8e587850a2
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.472 ms) : 1461, 1484
.   : milestone, 1472,
appsec (2.399 ms) : 2351, 2448
.   : milestone, 2399,
iast (2.19 ms) : 2128, 2252
.   : milestone, 2190,
iast_GLOBAL (2.228 ms) : 2166, 2290
.   : milestone, 2228,
profiling (2.044 ms) : 1993, 2094
.   : milestone, 2044,
tracing (2.009 ms) : 1962, 2057
.   : milestone, 2009,
section candidate
no_agent (1.476 ms) : 1464, 1488
.   : milestone, 1476,
appsec (2.394 ms) : 2345, 2442
.   : milestone, 2394,
iast (2.085 ms) : 2029, 2140
.   : milestone, 2085,
iast_GLOBAL (2.136 ms) : 2081, 2192
.   : milestone, 2136,
profiling (2.028 ms) : 1977, 2078
.   : milestone, 2028,
tracing (2.004 ms) : 1956, 2052
.   : milestone, 2004,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.472 ms [1.461 ms, 1.484 ms]	-
appsec	2.399 ms [2.351 ms, 2.448 ms]	927.277 µs (63.0%)
iast	2.19 ms [2.128 ms, 2.252 ms]	717.927 µs (48.8%)
iast_GLOBAL	2.228 ms [2.166 ms, 2.29 ms]	756.008 µs (51.4%)
profiling	2.044 ms [1.993 ms, 2.094 ms]	571.665 µs (38.8%)
tracing	2.009 ms [1.962 ms, 2.057 ms]	537.069 µs (36.5%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.476 ms [1.464 ms, 1.488 ms]	-
appsec	2.394 ms [2.345 ms, 2.442 ms]	917.824 µs (62.2%)
iast	2.085 ms [2.029 ms, 2.14 ms]	608.641 µs (41.2%)
iast_GLOBAL	2.136 ms [2.081 ms, 2.192 ms]	660.16 µs (44.7%)
profiling	2.028 ms [1.977 ms, 2.078 ms]	551.573 µs (37.4%)
tracing	2.004 ms [1.956 ms, 2.052 ms]	527.806 µs (35.8%)

| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [com.google.errorprone:error_prone_annotations](https://errorprone.info) ([source](https://github.com/google/error-prone)) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.39.0` -> `2.40.0` | | [org.apache.commons:commons-lang3](https://commons.apache.org/proper/commons-lang/) ([source](https://gitbox.apache.org/repos/asf/commons-lang.git)) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.17.0` -> `3.18.0` | | [org.jetbrains.kotlinx.binary-compatibility-validator](https://github.com/Kotlin/binary-compatibility-validator) | plugin | misk/gradle/libs.versions.toml | gradle | patch | `0.18.0` -> `0.18.1` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.50.1` -> `1.51.0` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.77` -> `2.31.78` | | [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.77` -> `2.31.78` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.77` -> `2.31.78` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.77` -> `2.31.78` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.77` -> `2.31.78` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.77` -> `2.31.78` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.77` -> `2.31.78` | --- ### Release Notes <details> <summary>google/error-prone (com.google.errorprone:error_prone_annotations)</summary> ### [`v2.40.0`](https://github.com/google/error-prone/releases/tag/v2.40.0): Error Prone 2.40.0 Changes: - Bug fixes and improvements - Releases (including snapshots) have migrated from [OSSRH to the Central Publisher Portal](https://central.sonatype.org/pages/ossrh-eol/#process-to-migrate) Full changelog: google/error-prone@v2.39.0...v2.40.0 </details> <details> <summary>Kotlin/binary-compatibility-validator (org.jetbrains.kotlinx.binary-compatibility-validator)</summary> ### [`v0.18.1`](https://github.com/Kotlin/binary-compatibility-validator/releases/tag/0.18.1) [Compare Source](Kotlin/binary-compatibility-validator@0.18.0...0.18.1) #### What's Changed - Fixed a bug preventing use of cross-compilation support during KLIB dump validation \[[#304](https://github.com/Kotlin/binary-compatibility-validator/issues/304)]\[[#306](https://github.com/Kotlin/binary-compatibility-validator/issues/306)] </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.51.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.51.0): 1.51.0 ### Components #### Application Security Management (IAST) - 🐛 Fix verify error when ctor params are used after a call site ([#9083](DataDog/dd-trace-java#9083) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - 🐛 Limit the maximum size of the location path in IAST vulnerabilities ([#9028](DataDog/dd-trace-java#9028) - [@jandro996](https://github.com/jandro996)) - 🐛 Fix IAST gRPC handler with null superclass ([#8984](DataDog/dd-trace-java#8984) - [@smola](https://github.com/smola)) - ✨ Optimize IAST Vulnerability Detection ([#8885](DataDog/dd-trace-java#8885) - [@jandro996](https://github.com/jandro996)) #### Application Security Management (WAF) - ✨ Upgrade libddwaf-java to 15.0.0 ([#9022](DataDog/dd-trace-java#9022) - [@sezen-datadog](https://github.com/sezen-datadog)) - ✨ Extract RestEasy json body response schemas ([#9015](DataDog/dd-trace-java#9015) - [@jandro996](https://github.com/jandro996)) - ✨ Extract Jersey json body response schemas ([#9014](DataDog/dd-trace-java#9014) - [@jandro996](https://github.com/jandro996)) - ✨ Extract Ratpack json body response schemas ([#9013](DataDog/dd-trace-java#9013) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Enable API Security by default and make it lazy loading ([#9009](DataDog/dd-trace-java#9009) - [@smola](https://github.com/smola)) - ✨ Extract Vert.x json body response schemas ([#9001](DataDog/dd-trace-java#9001) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Extract Play json body response schemas ([#8995](DataDog/dd-trace-java#8995) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - 🐛 Fix Jackson nodes introspection for request/response schema extraction ([#8980](DataDog/dd-trace-java#8980) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Extract Spring json body response schemas ([#8938](DataDog/dd-trace-java#8938) - [@sezen-datadog](https://github.com/sezen-datadog)) - ✨ Default obfuscation regexp update ([#8937](DataDog/dd-trace-java#8937) - [@sezen-datadog](https://github.com/sezen-datadog)) #### Build & Tooling - ✨ Cancel GitLab running pipeline on new PR push ([#9023](DataDog/dd-trace-java#9023) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨ Migrate publishing to Maven Central Portal ([#8807](DataDog/dd-trace-java#8807) - [@sarahchen6](https://github.com/sarahchen6)) #### Continuous Integration Visibility - 🐛 Fix Test Optimization to work with JDK 24 ([#9114](DataDog/dd-trace-java#9114) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add repo root as safe directory on git client creation ([#9033](DataDog/dd-trace-java#9033) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Add PR number tag and improve PR information building ([#8990](DataDog/dd-trace-java#8990) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Update impacted tests logic ([#8923](DataDog/dd-trace-java#8923) - [@daniel-mohedano](https://github.com/daniel-mohedano)) #### Data Streams Monitoring - 🧹 Clean up DSM context injection ([#8776](DataDog/dd-trace-java#8776) - [@PerfectSlayer](https://github.com/PerfectSlayer)) #### Database Monitoring - 🐛 Set trace\_injected in try block ([#9025](DataDog/dd-trace-java#9025) - [@natashadada](https://github.com/natashadada)) #### Dynamic Instrumentation - 🐛 Add source file tracking enable option ([#9115](DataDog/dd-trace-java#9115) - [@jpbempel](https://github.com/jpbempel)) - ✨ Add java.util.Date support ([#9111](DataDog/dd-trace-java#9111) - [@jpbempel](https://github.com/jpbempel)) - ✨ Update file probe format ([#9047](DataDog/dd-trace-java#9047) - [@jpbempel](https://github.com/jpbempel)) - ✨ add safe local var hoisting ([#9034](DataDog/dd-trace-java#9034) - [@jpbempel](https://github.com/jpbempel)) - 🧹 Add new config for debugger upload interval ([#8959](DataDog/dd-trace-java#8959) - [@jpbempel](https://github.com/jpbempel)) - ✨ Enable Code Origin with Dynamic instrumentation ([#8940](DataDog/dd-trace-java#8940) - [@jpbempel](https://github.com/jpbempel)) #### ML Observability (LLMObs) - 💡 LLM Observability SDK ([#8781](DataDog/dd-trace-java#8781) - [@gary-huang](https://github.com/gary-huang), [@nayeem-kamal](https://github.com/nayeem-kamal)) #### Metrics - 🐛 Ensure client stat reporter is started when the agent is not available at bootstrap ([#9082](DataDog/dd-trace-java#9082) - [@amarziali](https://github.com/amarziali)) - ✨ Create metric: appsec.waf.config\_errors ([#8394](DataDog/dd-trace-java#8394) - [@sezen-datadog](https://github.com/sezen-datadog)) #### Platform components - ✨ Introduce environment component ([#9071](DataDog/dd-trace-java#9071) - [@PerfectSlayer](https://github.com/PerfectSlayer)) #### Profiling - 🐛 Remove annoying warning for smap event parsing ([#9119](DataDog/dd-trace-java#9119) - [@jbachorik](https://github.com/jbachorik)) - 🐛 Fix ByteCountingInputStream when reading past EOF ([#8988](DataDog/dd-trace-java#8988) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### Realtime User Monitoring - ✨ Add RUM SDK injection for servlet based web servers ([#9110](DataDog/dd-trace-java#9110) - [@PerfectSlayer](https://github.com/PerfectSlayer) [@amarziali](https://github.com/amarziali)) #### Telemetry - ✨ Update the config origin metric to match what it's mapping ([#9045](DataDog/dd-trace-java#9045) - [@sezen-datadog](https://github.com/sezen-datadog)) #### Testing - ✨ Add testing for latest stable version (JDK 24) ([#8875](DataDog/dd-trace-java#8875) - [@sarahchen6](https://github.com/sarahchen6)) #### Trace context propagation - 🐛 Fix bug with dropping baggage when `TracePropagationBehaviorExtract=IGNORE` ([#9037](DataDog/dd-trace-java#9037) - [@mhlidd](https://github.com/mhlidd)) - 🐛 Fix ArrayIndexOutOfBoundsException in PercentEscaper ([#9032](DataDog/dd-trace-java#9032) - [@mhlidd](https://github.com/mhlidd)) #### Tracer core - 🐛 Fix `Error` handling for trace interceptors ([#9097](DataDog/dd-trace-java#9097) - [@AlexeyKuznetsov-DD](https://github.com/AlexeyKuznetsov-DD)) - 💡 Add wildcard feature for `DD_TRACE_HEADER_TAGS` and enabling for Http Response headers ([#9067](DataDog/dd-trace-java#9067) - [@mhlidd](https://github.com/mhlidd)) #### Tracer public API - 💡 Add LLM Observability SDK ([#8781](DataDog/dd-trace-java#8781) - [@gary-huang](https://github.com/gary-huang)) ### Instrumentations #### Akka instrumentation - 🐛 Fix NPE in akka-http and pekko-http integrations ([#9019](DataDog/dd-trace-java#9019) - [@mcculls](https://github.com/mcculls)) #### Eclipse Vert.x instrumentation - ✨ Extract Vert.x json body response schemas ([#9001](DataDog/dd-trace-java#9001) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Write http.route tag as soon as possible in vert.x ([#8952](DataDog/dd-trace-java#8952) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### JAX-WS instrumentation - 💡⚠️ Enable jax-ws integration by default ([#9030](DataDog/dd-trace-java#9030) - [@bm1549](https://github.com/bm1549)) - ✨ Extract Jersey json body response schemas ([#9014](DataDog/dd-trace-java#9014) - [@jandro996](https://github.com/jandro996)) #### Mule instrumentation - 🐛 Propagate grizzly http span in filters if nothing is active ([#9016](DataDog/dd-trace-java#9016) - [@amarziali](https://github.com/amarziali)) #### Play Framework instrumentation - ✨ Extract Play json body response schemas ([#8995](DataDog/dd-trace-java#8995) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### Ratpack instrumentation - ✨ Extract Ratpack json body response schemas ([#9013](DataDog/dd-trace-java#9013) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### Spring instrumentation - ✨ Extract Spring json body response schemas ([#8938](DataDog/dd-trace-java#8938) - [@sezen-datadog](https://github.com/sezen-datadog)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 649b690d4c9d7dcb572c457f0802b42b8e3e682e

smola requested a review from a team as a code owner June 13, 2025 15:56

smola requested review from manuel-alvarez-alvarez and robertpi June 13, 2025 15:56

smola added the codex label Jun 13, 2025 — with ChatGPT Codex Connector

smola added type: bug Bug report and fix comp: asm iast Application Security Management (IAST) labels Jun 13, 2025

smola changed the title ~~Fix gRPC handler null superclass~~ Fix IAST gRPC handler with null superclass Jun 13, 2025

PerfectSlayer added tag: ai generated Largely based on code generated by an AI or LLM and removed codex labels Jun 13, 2025

manuel-alvarez-alvarez approved these changes Jun 16, 2025

View reviewed changes

fix gRPC message handler superclass check

769fb64

smola force-pushed the codex/find-and-fix-critical-bug-in-dd-java-agent/agent-iast branch from 9454dfe to 769fb64 Compare June 23, 2025 13:26

smola merged commit b108696 into master Jun 23, 2025
484 checks passed

smola deleted the codex/find-and-fix-critical-bug-in-dd-java-agent/agent-iast branch June 23, 2025 14:53

github-actions bot added this to the 1.51.0 milestone Jun 23, 2025

bm1549 added the AI Generated Largely based on code generated by an AI or LLM. This label is the same across all dd-trace-* repos label Oct 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix IAST gRPC handler with null superclass #8984

Fix IAST gRPC handler with null superclass #8984

Uh oh!

smola commented Jun 13, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Jun 13, 2025

Uh oh!

pr-commenter bot commented Jun 13, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Fix IAST gRPC handler with null superclass #8984

Fix IAST gRPC handler with null superclass #8984

Uh oh!

Conversation

smola commented Jun 13, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Testing

Uh oh!

github-actions bot commented Jun 13, 2025

Uh oh!

pr-commenter bot commented Jun 13, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Benchmarks

Startup

Parameters

Summary

Load

Parameters

Summary

Dacapo

Parameters

Summary

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

smola commented Jun 13, 2025 •

edited

Loading

pr-commenter bot commented Jun 13, 2025 •

edited

Loading