Extended appsec request/response headers collection #8724
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 57 metrics, 14 unstable metrics. Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.50.0-SNAPSHOT~1989174a13, baseline=1.50.0-SNAPSHOT~0f42e0a463
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.021 s) : 0, 1021283
Total [baseline] (10.563 s) : 0, 10562812
Agent [candidate] (1.019 s) : 0, 1018591
Total [candidate] (10.542 s) : 0, 10542307
section appsec
Agent [baseline] (1.164 s) : 0, 1164055
Total [baseline] (10.701 s) : 0, 10700529
Agent [candidate] (1.164 s) : 0, 1164330
Total [candidate] (10.703 s) : 0, 10703045
section iast
Agent [baseline] (1.15 s) : 0, 1150020
Total [baseline] (10.908 s) : 0, 10908235
Agent [candidate] (1.151 s) : 0, 1150743
Total [candidate] (10.882 s) : 0, 10882471
section profiling
Agent [baseline] (1.277 s) : 0, 1276635
Total [baseline] (10.847 s) : 0, 10847246
Agent [candidate] (1.28 s) : 0, 1280174
Total [candidate] (10.831 s) : 0, 10831204
gantt
title petclinic - break down per module: candidate=1.50.0-SNAPSHOT~1989174a13, baseline=1.50.0-SNAPSHOT~0f42e0a463
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (682.145 ms) : 0, 682145
BytebuddyAgent [candidate] (682.614 ms) : 0, 682614
GlobalTracer [baseline] (240.494 ms) : 0, 240494
GlobalTracer [candidate] (239.899 ms) : 0, 239899
AppSec [baseline] (55.268 ms) : 0, 55268
AppSec [candidate] (54.169 ms) : 0, 54169
Debugger [baseline] (8.3 ms) : 0, 8300
Debugger [candidate] (6.162 ms) : 0, 6162
Remote Config [baseline] (714.598 µs) : 0, 715
Remote Config [candidate] (698.767 µs) : 0, 699
Telemetry [baseline] (10.796 ms) : 0, 10796
Telemetry [candidate] (11.46 ms) : 0, 11460
section appsec
BytebuddyAgent [baseline] (703.478 ms) : 0, 703478
BytebuddyAgent [candidate] (702.704 ms) : 0, 702704
GlobalTracer [baseline] (236.65 ms) : 0, 236650
GlobalTracer [candidate] (236.654 ms) : 0, 236654
AppSec [baseline] (175.53 ms) : 0, 175530
AppSec [candidate] (176.477 ms) : 0, 176477
Debugger [baseline] (5.949 ms) : 0, 5949
Debugger [candidate] (5.964 ms) : 0, 5964
Remote Config [baseline] (627.355 µs) : 0, 627
Remote Config [candidate] (625.072 µs) : 0, 625
Telemetry [baseline] (7.401 ms) : 0, 7401
Telemetry [candidate] (7.42 ms) : 0, 7420
IAST [baseline] (21.583 ms) : 0, 21583
IAST [candidate] (21.726 ms) : 0, 21726
section iast
BytebuddyAgent [baseline] (802.714 ms) : 0, 802714
BytebuddyAgent [candidate] (803.712 ms) : 0, 803712
GlobalTracer [baseline] (230.807 ms) : 0, 230807
GlobalTracer [candidate] (230.577 ms) : 0, 230577
AppSec [baseline] (48.516 ms) : 0, 48516
AppSec [candidate] (53.623 ms) : 0, 53623
Debugger [baseline] (5.91 ms) : 0, 5910
Debugger [candidate] (5.874 ms) : 0, 5874
Remote Config [baseline] (589.857 µs) : 0, 590
Remote Config [candidate] (584.968 µs) : 0, 585
Telemetry [baseline] (7.892 ms) : 0, 7892
Telemetry [candidate] (7.887 ms) : 0, 7887
IAST [baseline] (29.334 ms) : 0, 29334
IAST [candidate] (24.98 ms) : 0, 24980
section profiling
BytebuddyAgent [baseline] (672.36 ms) : 0, 672360
BytebuddyAgent [candidate] (674.436 ms) : 0, 674436
GlobalTracer [baseline] (374.151 ms) : 0, 374151
GlobalTracer [candidate] (374.241 ms) : 0, 374241
AppSec [baseline] (61.694 ms) : 0, 61694
AppSec [candidate] (62.036 ms) : 0, 62036
Debugger [baseline] (6.223 ms) : 0, 6223
Debugger [candidate] (6.295 ms) : 0, 6295
Remote Config [baseline] (649.033 µs) : 0, 649
Remote Config [candidate] (671.533 µs) : 0, 672
Telemetry [baseline] (8.122 ms) : 0, 8122
Telemetry [candidate] (8.205 ms) : 0, 8205
ProfilingAgent [baseline] (102.487 ms) : 0, 102487
ProfilingAgent [candidate] (103.396 ms) : 0, 103396
Profiling [baseline] (102.511 ms) : 0, 102511
Profiling [candidate] (103.42 ms) : 0, 103420
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.50.0-SNAPSHOT~1989174a13, baseline=1.50.0-SNAPSHOT~0f42e0a463
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.03 s) : 0, 1030253
Total [baseline] (8.675 s) : 0, 8675163
Agent [candidate] (1.042 s) : 0, 1041855
Total [candidate] (8.735 s) : 0, 8734881
section iast
Agent [baseline] (1.158 s) : 0, 1157835
Total [baseline] (9.258 s) : 0, 9257838
Agent [candidate] (1.149 s) : 0, 1148850
Total [candidate] (9.247 s) : 0, 9246672
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.148 s) : 0, 1147822
Total [baseline] (9.216 s) : 0, 9215585
Agent [candidate] (1.153 s) : 0, 1153215
Total [candidate] (9.27 s) : 0, 9270282
section iast_TELEMETRY_OFF
Agent [baseline] (1.146 s) : 0, 1146490
Total [baseline] (9.239 s) : 0, 9239125
Agent [candidate] (1.144 s) : 0, 1144447
Total [candidate] (9.245 s) : 0, 9245190
gantt
title insecure-bank - break down per module: candidate=1.50.0-SNAPSHOT~1989174a13, baseline=1.50.0-SNAPSHOT~0f42e0a463
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (689.11 ms) : 0, 689110
BytebuddyAgent [candidate] (697.372 ms) : 0, 697372
GlobalTracer [baseline] (241.958 ms) : 0, 241958
GlobalTracer [candidate] (244.725 ms) : 0, 244725
AppSec [baseline] (55.04 ms) : 0, 55040
AppSec [candidate] (56.721 ms) : 0, 56721
Debugger [baseline] (10.595 ms) : 0, 10595
Debugger [candidate] (8.455 ms) : 0, 8455
Remote Config [baseline] (720.123 µs) : 0, 720
Remote Config [candidate] (707.471 µs) : 0, 707
Telemetry [baseline] (9.144 ms) : 0, 9144
Telemetry [candidate] (9.885 ms) : 0, 9885
section iast
BytebuddyAgent [baseline] (808.491 ms) : 0, 808491
BytebuddyAgent [candidate] (802.005 ms) : 0, 802005
GlobalTracer [baseline] (231.938 ms) : 0, 231938
GlobalTracer [candidate] (230.558 ms) : 0, 230558
IAST [baseline] (29.12 ms) : 0, 29120
IAST [candidate] (26.013 ms) : 0, 26013
AppSec [baseline] (50.069 ms) : 0, 50069
AppSec [candidate] (49.36 ms) : 0, 49360
Debugger [baseline] (5.949 ms) : 0, 5949
Debugger [candidate] (5.886 ms) : 0, 5886
Remote Config [baseline] (598.922 µs) : 0, 599
Remote Config [candidate] (580.772 µs) : 0, 581
Telemetry [baseline] (7.97 ms) : 0, 7970
Telemetry [candidate] (7.842 ms) : 0, 7842
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (800.515 ms) : 0, 800515
BytebuddyAgent [candidate] (803.867 ms) : 0, 803867
GlobalTracer [baseline] (230.196 ms) : 0, 230196
GlobalTracer [candidate] (232.233 ms) : 0, 232233
IAST [baseline] (27.75 ms) : 0, 27750
IAST [candidate] (29.364 ms) : 0, 29364
AppSec [baseline] (51.359 ms) : 0, 51359
AppSec [candidate] (49.78 ms) : 0, 49780
Debugger [baseline] (5.962 ms) : 0, 5962
Debugger [candidate] (5.905 ms) : 0, 5905
Remote Config [baseline] (603.347 µs) : 0, 603
Remote Config [candidate] (583.409 µs) : 0, 583
Telemetry [baseline] (7.965 ms) : 0, 7965
Telemetry [candidate] (7.925 ms) : 0, 7925
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (800.717 ms) : 0, 800717
BytebuddyAgent [candidate] (798.121 ms) : 0, 798121
GlobalTracer [baseline] (229.643 ms) : 0, 229643
GlobalTracer [candidate] (230.312 ms) : 0, 230312
IAST [baseline] (23.219 ms) : 0, 23219
IAST [candidate] (23.083 ms) : 0, 23083
AppSec [baseline] (55.162 ms) : 0, 55162
AppSec [candidate] (55.064 ms) : 0, 55064
Debugger [baseline] (5.946 ms) : 0, 5946
Debugger [candidate] (5.929 ms) : 0, 5929
Remote Config [baseline] (602.284 µs) : 0, 602
Remote Config [candidate] (621.468 µs) : 0, 621
Telemetry [baseline] (7.707 ms) : 0, 7707
Telemetry [candidate] (7.799 ms) : 0, 7799
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 18 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.50.0-SNAPSHOT~1989174a13, baseline=1.50.0-SNAPSHOT~0f42e0a463
dateFormat X
axisFormat %s
section baseline
no_agent (393.345 µs) : 374, 413
. : milestone, 393,
iast (532.94 µs) : 510, 556
. : milestone, 533,
iast_FULL (746.185 µs) : 723, 770
. : milestone, 746,
iast_GLOBAL (566.998 µs) : 545, 589
. : milestone, 567,
iast_HARDCODED_SECRET_DISABLED (532.141 µs) : 510, 555
. : milestone, 532,
iast_INACTIVE (466.234 µs) : 444, 489
. : milestone, 466,
iast_TELEMETRY_OFF (510.858 µs) : 487, 535
. : milestone, 511,
tracing (468.226 µs) : 446, 490
. : milestone, 468,
section candidate
no_agent (392.924 µs) : 373, 413
. : milestone, 393,
iast (537.83 µs) : 516, 560
. : milestone, 538,
iast_FULL (737.709 µs) : 716, 760
. : milestone, 738,
iast_GLOBAL (573.006 µs) : 551, 595
. : milestone, 573,
iast_HARDCODED_SECRET_DISABLED (535.9 µs) : 513, 558
. : milestone, 536,
iast_INACTIVE (469.47 µs) : 448, 491
. : milestone, 469,
iast_TELEMETRY_OFF (512.81 µs) : 490, 536
. : milestone, 513,
tracing (462.919 µs) : 441, 485
. : milestone, 463,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.50.0-SNAPSHOT~1989174a13, baseline=1.50.0-SNAPSHOT~0f42e0a463
dateFormat X
axisFormat %s
section baseline
no_agent (1.366 ms) : 1346, 1386
. : milestone, 1366,
appsec (1.746 ms) : 1721, 1770
. : milestone, 1746,
appsec_no_iast (1.731 ms) : 1708, 1754
. : milestone, 1731,
code_origins (1.691 ms) : 1664, 1718
. : milestone, 1691,
iast (1.521 ms) : 1496, 1546
. : milestone, 1521,
profiling (1.53 ms) : 1505, 1554
. : milestone, 1530,
tracing (1.51 ms) : 1488, 1533
. : milestone, 1510,
section candidate
no_agent (1.364 ms) : 1343, 1384
. : milestone, 1364,
appsec (1.746 ms) : 1722, 1769
. : milestone, 1746,
appsec_no_iast (1.746 ms) : 1723, 1769
. : milestone, 1746,
code_origins (1.682 ms) : 1656, 1709
. : milestone, 1682,
iast (1.533 ms) : 1509, 1557
. : milestone, 1533,
profiling (1.522 ms) : 1499, 1546
. : milestone, 1522,
tracing (1.498 ms) : 1473, 1523
. : milestone, 1498,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics. Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~1989174a13, baseline=1.50.0-SNAPSHOT~0f42e0a463
dateFormat X
axisFormat %s
section baseline
no_agent (1.473 ms) : 1461, 1484
. : milestone, 1473,
appsec (2.428 ms) : 2376, 2480
. : milestone, 2428,
iast (2.214 ms) : 2149, 2280
. : milestone, 2214,
iast_GLOBAL (2.266 ms) : 2200, 2332
. : milestone, 2266,
profiling (2.535 ms) : 2353, 2717
. : milestone, 2535,
tracing (2.027 ms) : 1976, 2078
. : milestone, 2027,
section candidate
no_agent (1.472 ms) : 1461, 1484
. : milestone, 1472,
appsec (2.438 ms) : 2386, 2490
. : milestone, 2438,
iast (2.218 ms) : 2152, 2283
. : milestone, 2218,
iast_GLOBAL (2.263 ms) : 2197, 2329
. : milestone, 2263,
profiling (2.063 ms) : 2010, 2116
. : milestone, 2063,
tracing (2.037 ms) : 1986, 2088
. : milestone, 2037,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~1989174a13, baseline=1.50.0-SNAPSHOT~0f42e0a463
dateFormat X
axisFormat %s
section baseline
no_agent (14.954 s) : 14954000, 14954000
. : milestone, 14954000,
appsec (15.309 s) : 15309000, 15309000
. : milestone, 15309000,
iast (19.133 s) : 19133000, 19133000
. : milestone, 19133000,
iast_GLOBAL (18.18 s) : 18180000, 18180000
. : milestone, 18180000,
profiling (14.91 s) : 14910000, 14910000
. : milestone, 14910000,
tracing (15.037 s) : 15037000, 15037000
. : milestone, 15037000,
section candidate
no_agent (15.606 s) : 15606000, 15606000
. : milestone, 15606000,
appsec (15.156 s) : 15156000, 15156000
. : milestone, 15156000,
iast (18.624 s) : 18624000, 18624000
. : milestone, 18624000,
iast_GLOBAL (18.289 s) : 18289000, 18289000
. : milestone, 18289000,
profiling (15.429 s) : 15429000, 15429000
. : milestone, 15429000,
tracing (14.879 s) : 14879000, 14879000
. : milestone, 14879000,
|
dc48fa1 to
761eade
Compare
c117ce0 to
09b77c3
Compare
smola
reviewed
May 20, 2025
| writeRequestHeaders(traceSeg, REQUEST_HEADERS_ALLOW_LIST, ctx.getRequestHeaders()); | ||
| writeResponseHeaders(traceSeg, RESPONSE_HEADERS_ALLOW_LIST, ctx.getResponseHeaders()); | ||
| boolean collectAll = | ||
| Config.get().isAppSecCollectAllHeaders() |
There was a problem hiding this comment.
Adds the DD_APPSEC_HEADER_COLLECTION_REDACTION_ENABLED flag, which enabled header redaction. This feature is true by deafult. (The redaction is out of the scope, right now we only want to collect the headers without redaction)
So can we also clarify in the PR description that, right now, if redaction is enabled, we do not collect headers at all?
There was a problem hiding this comment.
Yes! I'm going to clarify this. Until a new RFC establish how to deal with redaction on those cases we prefer to avoid collection of potential sensitive data. So long story sort to enable this feature we need DD_APPSEC_COLLECT_ALL_HEADERS = true and DD_APPSEC_HEADER_COLLECTION_REDACTION_ENABLED = false
smola
reviewed
May 20, 2025
dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java
8000
Show resolved
Hide resolved
…ig.java Co-authored-by: Santiago M. Mola <santiago.mola@datadoghq.com>
…ig.java Co-authored-by: Santiago M. Mola <santiago.mola@datadoghq.com>
…ig.java Co-authored-by: Santiago M. Mola <santiago.mola@datadoghq.com>
smola
approved these changes
May 21, 2025
svc-squareup-copybara
pushed a commit
to cashapp/misk
that referenced
this pull request
Jun 20, 2025
| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.49.0` -> `1.50.0` | --- ### Release Notes <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.50.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.50.0): 1.50.0 ### Deprecation Notice > \[!NOTE] > `DD_RUNTIME_ID_ENABLED` has been deprecated and will be removed in future releases. Please use `DD_RUNTIME_METRICS_RUNTIME_ID_ENABLED` instead. ### Components #### Application Security Management (WAF) - 🐛 Add String length truncation limit to ObjectIntrospector and update truncation metrics ([#​8825](DataDog/dd-trace-java#8825) - [@​jandro996](https://github.com/jandro996)) - 🐛 Adapt standalone ASM to support API Security ([#​8804](DataDog/dd-trace-java#8804) - [@​jandro996](https://github.com/jandro996)) - ✨ Add appsec.waf.input\_truncated metric ([#​8791](DataDog/dd-trace-java#8791) - [@​jandro996](https://github.com/jandro996)) - ✨ Extended appsec request body collection ([#​8748](DataDog/dd-trace-java#8748) - [@​jandro996](https://github.com/jandro996)) - ✨ Extended appsec request/response headers collection ([#​8724](DataDog/dd-trace-java#8724) - [@​jandro996](https://github.com/jandro996)) #### Build & Tooling - ✨ Add artifacts to public s3 bucket ([#​8947](DataDog/dd-trace-java#8947) - [@​randomanderson](https://github.com/randomanderson)) #### Continuous Integration Visibility - ✨ Improve PR information building ([#​8908](DataDog/dd-trace-java#8908) - [@​daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Truncate span stack traces when Test Optimization is enabled ([#​8903](DataDog/dd-trace-java#8903) - [@​nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Ensure auto-detected service name is the same for every process in the same build ([#​8902](DataDog/dd-trace-java#8902) - [@​nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Use tag as fallback in api requests if no branch is available ([#​8876](DataDog/dd-trace-java#8876) - [@​daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Add support for JUnit 5.13-RC1 ([#​8865](DataDog/dd-trace-java#8865), [#​8871](DataDog/dd-trace-java#8871) - [@​daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Implement attempt to fix v3 and v4 and bump capability version ([#​8824](DataDog/dd-trace-java#8824) - [@​daniel-mohedano](https://github.com/daniel-mohedano)) - 🧹 Align retry logic for all test framework instrumentations ([#​8803](DataDog/dd-trace-java#8803) - [@​daniel-mohedano](https://github.com/daniel-mohedano)) - 🐛 Always build ci workspace without trailing separator ([#​8788](DataDog/dd-trace-java#8788) - [@​daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Add commit discrepancies telemetry when building repository git information ([#​8763](DataDog/dd-trace-java#8763) - [@​daniel-mohedano](https://github.com/daniel-mohedano)) #### Data Streams Monitoring - 💡 Surface process tags in dsm payloads and use them for base hash calculation ([#​8836](DataDog/dd-trace-java#8836) - [@​amarziali](https://github.com/amarziali)) #### Dynamic Instrumentation - ✨ Optimized allocations for collection filter functions ([#​8896](DataDog/dd-trace-java#8896) - [@​jpbempel](https://github.com/jpbempel)) - 🐛 Fix SymDB upload size check ([#​8887](DataDog/dd-trace-java#8887) - [@​jpbempel](https://github.com/jpbempel)) - 🐛 Add support for Set in filter function ([#​8873](DataDog/dd-trace-java#8873) - [@​jpbempel](https://github.com/jpbempel)) - 🐛 Add support for isDefined in log template ([#​8859](DataDog/dd-trace-java#8859) - [@​jpbempel](https://github.com/jpbempel)) - 🐛 Fix Max captured frames for Exception Replay ([#​8856](DataDog/dd-trace-java#8856) - [@​jpbempel](https://github.com/jpbempel)) - 🐛 Remove static inherited fields collection ([#​8832](DataDog/dd-trace-java#8832) - [@​jpbempel](https://github.com/jpbempel)) - 💡 Add process tags to dynamic instrumentation intake payload ([#​8779](DataDog/dd-trace-java#8779) - [@​amarziali](https://github.com/amarziali)) #### GraalVM native-image - ✨ Add support for GraalVM Native GC metrics ([#​8913](DataDog/dd-trace-java#8913) - [@​ygree](https://github.com/ygree)) - ✨ Add JMXFetch support for GraalVM Native ([#​8569](DataDog/dd-trace-java#8569) - [@​ygree](https://github.com/ygree)) #### JMX fetch - ✨ Add support for GraalVM Native GC metrics ([#​8913](DataDog/dd-trace-java#8913) - [@​ygree](https://github.com/ygree)) #### Library Injection - ✨ Deny oracle db jvm based tools ([#​8909](DataDog/dd-trace-java#8909) - [@​bric3](https://github.com/bric3)) #### OpenTracing - 🐛 Fix OT packaging for exception replay ([#​8912](DataDog/dd-trace-java#8912) - [@​jpbempel](https://github.com/jpbempel)) #### Profiling - ✨ Bump ddprof to 1.27.0 ([#​8893](DataDog/dd-trace-java#8893) - [@​jbachorik](https://github.com/jbachorik)) - Properly handle the adaptive sampling interval overflow by [@​jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#213 - Fix [#​200](DataDog/dd-trace-java#200) Crash related to aligned\_alloc and free in context by [@​yanglong1010](https://github.com/yanglong1010) in DataDog/java-profiler#208 - Explicitly initialize empty context page by [@​jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#210 - Re-connect crash recursion protection with VM stackwalker by [@​jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#214 - ✨ Enable ZSTD compression for profiling ([#​8862](DataDog/dd-trace-java#8862) - [@​MattAlp](https://github.com/MattAlp)) - ✨ Extend JPS re-implementation to J9 family ([#​8813](DataDog/dd-trace-java#8813) - [@​MattAlp](https://github.com/MattAlp)) - 💡 Collect process tags for profiling upload requests ([#​8780](DataDog/dd-trace-java#8780) - [@​amarziali](https://github.com/amarziali)) #### Telemetry - 💡 Surface process tags on telemetry payloads ([#​8837](DataDog/dd-trace-java#8837) - [@​amarziali](https://github.com/amarziali)) #### Trace context propagation - ✨ Migrating all HttpClient Instrumentations to Inject Full Context ([#​8826](DataDog/dd-trace-java#8826) - [@​mhlidd](https://github.com/mhlidd)) - ✨ Migrating all HttpServer Instrumentations to Extract full Context ([#​8820](DataDog/dd-trace-java#8820) - [@​mhlidd](https://github.com/mhlidd)) - ✨ Add context API support OTel propagators ([#​8770](DataDog/dd-trace-java#8770) - [@​PerfectSlayer](https://github.com/PerfectSlayer)) #### Tracer core - ✨⚡ Skip JAXB generated classes classloader ([#​9003](DataDog/dd-trace-java#9003) - [@​bric3](https://github.com/bric3)) - ✨ Add DD\_RUNTIME\_METRICS\_RUNTIME\_ID\_ENABLED alias for runtime id generation ([#​8981](DataDog/dd-trace-java#8981) - [@​amarziali](https://github.com/amarziali)) - 🐛 Use resolved address for peer.hostname when available without hitting the cache ([#​8915](DataDog/dd-trace-java#8915) - [@​amarziali](https://github.com/amarziali)) - 💡 Surface server name process tag for tomcat ([#​8894](DataDog/dd-trace-java#8894) - [@​amarziali](https://github.com/amarziali)) - 💡 Surface websphere cell and server name on process tags ([#​8880](DataDog/dd-trace-java#8880) - [@​amarziali](https://github.com/amarziali)) - ✨ Added special lightweight pre-main class that skips installation on incompatible JVMs. ([#​8855](DataDog/dd-trace-java#8855) - [@​AlexeyKuznetsov-DD](https://github.com/AlexeyKuznetsov-DD)) - 💡 Add entrypoint type to process tags ([#​8839](DataDog/dd-trace-java#8839) - [@​amarziali](https://github.com/amarziali)) - ✨ Extend JPS re-implementation to J9 family ([#​8813](DataDog/dd-trace-java#8813) - [@​MattAlp](https://github.com/MattAlp)) - ✨ Notify listeners when the scope top changes after switching scope stacks ([#​8797](DataDog/dd-trace-java#8797) - [@​mcculls](https://github.com/mcculls)) - ✨ Read hsperfdata for Java PIDs if jvmstat is unavailable ([#​8792](DataDog/dd-trace-java#8792) - [@​MattAlp](https://github.com/MattAlp)) - 🐛 Turn JDK socket support on by default ([#​8752](DataDog/dd-trace-java#8752) - [@​sarahchen6](https://github.com/sarahchen6)) - ✨ Simplify context propagation ([#​8719](DataDog/dd-trace-java#8719) - [@​PerfectSlayer](https://github.com/PerfectSlayer)) - ✨ Add JSON parsing support ([#​8579](DataDog/dd-trace-java#8579) - [@​PerfectSlayer](https://github.com/PerfectSlayer)) #### Tracer internal logging - ✨ Fix printing format of span identifiers ([#​8897](DataDog/dd-trace-java#8897) - [@​vandonr](https://github.com/vandonr)) #### Tracer public API - 💡 Track the source of installation ([#​8956](DataDog/dd-trace-java#8956) - [@​mabdinur](https://github.com/mabdinur)) - ✨ Enforce size limit on application\_monitoring.yaml files ([#​8789](DataDog/dd-trace-java#8789) - [@​mtoffl01](https://github.com/mtoffl01)) - ✨ Enabling baggage cache to support limits and non-ascii characters ([#​8713](DataDog/dd-trace-java#8713) - [@​mhlidd](https://github.com/mhlidd)) ### Instrumentations #### AWS Lambda instrumentation - ✨ Pass Lambda Request ID to Extension ([#​8814](DataDog/dd-trace-java#8814) - [@​nhulston](https://github.com/nhulston)) #### Core Java language instrumentation - ✨ Ensure ClassloadingInstrumentation is always applied even with `DD_TRACE_ENABLED=false` ([#​8863](DataDog/dd-trace-java#8863) - [@​mcculls](https://github.com/mcculls)) #### Eclipse Vert.x instrumentation - 🐛 Do not override route with / in vertx instrumentation ([#​8881](DataDog/dd-trace-java#8881) - [@​vandonr](https://github.com/vandonr)) #### IBM Liberty - 🐛 Fix error mark on http status for IBM liberty ([#​8822](DataDog/dd-trace-java#8822) - [@​amarziali](https://github.com/amarziali)) #### JDBC instrumentation - 🐛 Do not prepend DBM <> APM trace comment in SQLCommenter if there is a pg plan hint ([#​8864](DataDog/dd-trace-java#8864) - [@​edengorevoy](https://github.com/edengorevoy)) #### JMS instrumentation - ✨ Add jms as an extra integration name where there is JMS involved ([#​8933](DataDog/dd-trace-java#8933) - [@​vandonr](https://github.com/vandonr)) #### Kotlin instrumentation - ✨ Enable kotlin\_coroutine integration by default ([#​8848](DataDog/dd-trace-java#8848) - [@​mcculls](https://github.com/mcculls)) - 🧹 Rework Kotlin coroutines instrumentation around coroutine context ([#​8774](DataDog/dd-trace-java#8774) - [@​mcculls](https://github.com/mcculls)) #### OpenTelemetry instrumentation - 🐛 Support WithSpan inheritContext attribute ([#​8858](DataDog/dd-trace-java#8858) - [@​amarziali](https://github.com/amarziali)) - ✨ Add context API support OTel propagators ([#​8770](DataDog/dd-trace-java#8770) - [@​PerfectSlayer](https://github.com/PerfectSlayer)) #### Play Framework instrumentation - 🐛 Fix the Play Framework's span resource name priority so that the client JAX-RS 404 cannot override it ([#​8591](DataDog/dd-trace-java#8591) - [@​ygree](https://github.com/ygree)) #### Quarkus Instrumentation - 🐛 Ignore quarkus jaxrs stubs and cdi wrapper proxies ([#​8891](DataDog/dd-trace-java#8891) - [@​amarziali](https://github.com/amarziali)) #### ServiceTalk - ✨ Improve ServiceTalk Captured Context API Instrumentation for v0.42.56+ ([#​8821](DataDog/dd-trace-java#8821) - [@​ygree](https://github.com/ygree)) #### Spring instrumentation - ✨ Supporting Baggage for Instrumentations used in Weblog Tests ([#​8773](DataDog/dd-trace-java#8773) - [@​mhlidd](https://github.com/mhlidd)) #### WebSocket Instrumentation - 💡 Trace websocket for spring webflux reactive handlers ([#​8831](DataDog/dd-trace-java#8831) - [@​amarziali](https://github.com/amarziali)) - 💡:test\_tube: WebSocket support for Netty ([#​8632](DataDog/dd-trace-java#8632) - [@​ValentinZakharov](https://github.com/ValentinZakharov)) #### Zio Instrumentation - 🧹 Cleanup Zio fiber instrumentation to avoid repeated activation of continuation ([#​8798](DataDog/dd-trace-java#8798) - [@​mcculls](https://github.com/mcculls)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 9207366cdb6a1bd098082305d354a0a3c4622d7a
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Adds the
DD_APPSEC_COLLECT_ALL_HEADERSflag, which enables collection of all request and response headers. This feature is disabled by default.Adds the
DD_APPSEC_HEADER_COLLECTION_REDACTION_ENABLEDflag, which enabled header redaction. This feature is true by deafult. (The redaction is out of the scope, right now we only want to collect the headers without redaction)To enable this feature we need
DD_APPSEC_COLLECT_ALL_HEADERS= true andDD_APPSEC_HEADER_COLLECTION_REDACTION_ENABLED= false ( a future RFC should establish how to deal with redaction)Introduces the
DD_APPSEC_MAX_COLLECTED_HEADERSsetting to limit the maximum number of headers collected.Updates the writeHeaders logic to collect all headers when
DD_APPSEC_COLLECT_ALL_HEADERSis enabled. Allowed headers are prioritized and must be collected if present.If the number of headers exceeds
DD_APPSEC_MAX_COLLECTED_HEADERS, the following tags are added to the span indicating the number of discarded headers:dd.appsec.request.header_collection.discardeddd.appsec.response.header_collection.discardedMotivation
Additional Notes
RFC
Contributor Checklist
type:and (comp:orinst:) labels in addition to any usefull labelsclose,fixor any linking keywords when referencing an issue.Use
solvesinstead, and assign the PR milestone to the issueJira ticket: APPSEC-57269