Prevents a NPE when there is no subscriber for user events #8258

manuel-alvarez-alvarez · 2025-01-21T09:07:05Z

What Does This Do

Prevents a NPE reported by a customer when a user login action is triggered and no callbacks have been subscribed for the user event.

Motivation

Additional Notes

Contributor Checklist

Format the title according the contribution guidelines
Assign the type: and (comp: or inst:) labels in addition to any usefull labels
Don't use close, fix or any linking keywords when referencing an issue.
Use solves instead, and assign the PR milestone to the issue
Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-56463

pr-commenter · 2025-01-21T09:47:43Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/asm-fix-npe-spring-security
git_commit_date	1737449112	1737450204
git_commit_sha	`b63b852`	`4f83a4c`
release_version	1.46.0-SNAPSHOT~b63b852c6d	1.46.0-SNAPSHOT~4f83a4ccf4

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1737452606	1737452606
ci_job_id	773499702	773499702
ci_pipeline_id	53524426	53524426
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 58 metrics, 5 unstable metrics.

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.053 s) : 0, 1053075
Total [baseline] (8.613 s) : 0, 8612841
Agent [candidate] (1.056 s) : 0, 1056313
Total [candidate] (8.607 s) : 0, 8607366
section iast
Agent [baseline] (1.181 s) : 0, 1181420
Total [baseline] (9.209 s) : 0, 9208707
Agent [candidate] (1.184 s) : 0, 1184064
Total [candidate] (9.229 s) : 0, 9228760
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.192 s) : 0, 1191650
Total [baseline] (9.233 s) : 0, 9233366
Agent [candidate] (1.19 s) : 0, 1189922
Total [candidate] (9.186 s) : 0, 9185885
section iast_TELEMETRY_OFF
Agent [baseline] (1.18 s) : 0, 1179644
Total [baseline] (9.247 s) : 0, 9247427
Agent [candidate] (1.181 s) : 0, 1180606
Total [candidate] (9.208 s) : 0, 9208475

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.053 s	-
Agent	iast	1.181 s	128.344 ms (12.2%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.192 s	138.575 ms (13.2%)
Agent	iast_TELEMETRY_OFF	1.18 s	126.568 ms (12.0%)
Total	tracing	8.613 s	-
Total	iast	9.209 s	595.866 ms (6.9%)
Total	iast_HARDCODED_SECRET_DISABLED	9.233 s	620.524 ms (7.2%)
Total	iast_TELEMETRY_OFF	9.247 s	634.586 ms (7.4%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.056 s	-
Agent	iast	1.184 s	127.751 ms (12.1%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.19 s	133.609 ms (12.6%)
Agent	iast_TELEMETRY_OFF	1.181 s	124.293 ms (11.8%)
Total	tracing	8.607 s	-
Total	iast	9.229 s	621.394 ms (7.2%)
Total	iast_HARDCODED_SECRET_DISABLED	9.186 s	578.519 ms (6.7%)
Total	iast_TELEMETRY_OFF	9.208 s	601.109 ms (7.0%)

gantt
    title insecure-bank - break down per module: candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (713.091 ms) : 0, 713091
BytebuddyAgent [candidate] (714.034 ms) : 0, 714034
GlobalTracer [baseline] (255.203 ms) : 0, 255203
GlobalTracer [candidate] (255.373 ms) : 0, 255373
AppSec [baseline] (56.239 ms) : 0, 56239
AppSec [candidate] (57.716 ms) : 0, 57716
Remote Config [baseline] (737.401 µs) : 0, 737
Remote Config [candidate] (742.755 µs) : 0, 743
Telemetry [baseline] (12.899 ms) : 0, 12899
Telemetry [candidate] (13.521 ms) : 0, 13521
section iast
BytebuddyAgent [baseline] (831.53 ms) : 0, 831530
BytebuddyAgent [candidate] (833.303 ms) : 0, 833303
GlobalTracer [baseline] (246.154 ms) : 0, 246154
GlobalTracer [candidate] (246.542 ms) : 0, 246542
AppSec [baseline] (57.971 ms) : 0, 57971
AppSec [candidate] (58.124 ms) : 0, 58124
IAST [baseline] (21.326 ms) : 0, 21326
IAST [candidate] (21.581 ms) : 0, 21581
Remote Config [baseline] (674.897 µs) : 0, 675
Remote Config [candidate] (687.274 µs) : 0, 687
Telemetry [baseline] (8.771 ms) : 0, 8771
Telemetry [candidate] (8.83 ms) : 0, 8830
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (838.229 ms) : 0, 838229
BytebuddyAgent [candidate] (837.39 ms) : 0, 837390
GlobalTracer [baseline] (248.243 ms) : 0, 248243
GlobalTracer [candidate] (247.97 ms) : 0, 247970
AppSec [baseline] (58.602 ms) : 0, 58602
AppSec [candidate] (58.248 ms) : 0, 58248
IAST [baseline] (21.86 ms) : 0, 21860
IAST [candidate] (21.68 ms) : 0, 21680
Remote Config [baseline] (743.739 µs) : 0, 744
Remote Config [candidate] (689.405 µs) : 0, 689
Telemetry [baseline] (8.903 ms) : 0, 8903
Telemetry [candidate] (8.794 ms) : 0, 8794
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (829.35 ms) : 0, 829350
BytebuddyAgent [candidate] (830.299 ms) : 0, 830299
GlobalTracer [baseline] (246.51 ms) : 0, 246510
GlobalTracer [candidate] (246.835 ms) : 0, 246835
AppSec [baseline] (58.249 ms) : 0, 58249
AppSec [candidate] (57.946 ms) : 0, 57946
IAST [baseline] (21.09 ms) : 0, 21090
IAST [candidate] (21.095 ms) : 0, 21095
Remote Config [baseline] (682.813 µs) : 0, 683
Remote Config [candidate] (700.202 µs) : 0, 700
Telemetry [baseline] (8.747 ms) : 0, 8747
Telemetry [candidate] (8.651 ms) : 0, 8651

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.055 s) : 0, 1055272
Total [baseline] (10.525 s) : 0, 10524799
Agent [candidate] (1.052 s) : 0, 1052039
Total [candidate] (10.424 s) : 0, 10424154
section appsec
Agent [baseline] (1.187 s) : 0, 1187117
Total [baseline] (10.745 s) : 0, 10744711
Agent [candidate] (1.188 s) : 0, 1187767
Total [candidate] (10.74 s) : 0, 10740023
section iast
Agent [baseline] (1.183 s) : 0, 1183218
Total [baseline] (11.026 s) : 0, 11025897
Agent [candidate] (1.19 s) : 0, 1190116
Total [candidate] (10.98 s) : 0, 10979901
section profiling
Agent [baseline] (1.254 s) : 0, 1253912
Total [baseline] (10.819 s) : 0, 10819339
Agent [candidate] (1.264 s) : 0, 1264157
Total [candidate] (10.866 s) : 0, 10866226

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.055 s	-
Agent	appsec	1.187 s	131.844 ms (12.5%)
Agent	iast	1.183 s	127.946 ms (12.1%)
Agent	profiling	1.254 s	198.639 ms (18.8%)
Total	tracing	10.525 s	-
Total	appsec	10.745 s	219.912 ms (2.1%)
Total	iast	11.026 s	501.098 ms (4.8%)
Total	profiling	10.819 s	294.54 ms (2.8%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.052 s	-
Agent	appsec	1.188 s	135.728 ms (12.9%)
Agent	iast	1.19 s	138.078 ms (13.1%)
Agent	profiling	1.264 s	212.119 ms (20.2%)
Total	tracing	10.424 s	-
Total	appsec	10.74 s	315.87 ms (3.0%)
Total	iast	10.98 s	555.747 ms (5.3%)
Total	profiling	10.866 s	442.072 ms (4.2%)

gantt
    title petclinic - break down per module: candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (714.44 ms) : 0, 714440
BytebuddyAgent [candidate] (714.176 ms) : 0, 714176
GlobalTracer [baseline] (255.446 ms) : 0, 255446
GlobalTracer [candidate] (255.395 ms) : 0, 255395
AppSec [baseline] (56.936 ms) : 0, 56936
AppSec [candidate] (55.386 ms) : 0, 55386
Remote Config [baseline] (745.918 µs) : 0, 746
Remote Config [candidate] (735.191 µs) : 0, 735
Telemetry [baseline] (12.794 ms) : 0, 12794
Telemetry [candidate] (11.423 ms) : 0, 11423
section appsec
BytebuddyAgent [baseline] (729.867 ms) : 0, 729867
BytebuddyAgent [candidate] (730.518 ms) : 0, 730518
GlobalTracer [baseline] (252.707 ms) : 0, 252707
GlobalTracer [candidate] (252.77 ms) : 0, 252770
AppSec [baseline] (171.063 ms) : 0, 171063
AppSec [candidate] (170.929 ms) : 0, 170929
IAST [baseline] (19.363 ms) : 0, 19363
IAST [candidate] (19.429 ms) : 0, 19429
Remote Config [baseline] (656.415 µs) : 0, 656
Remote Config [candidate] (667.348 µs) : 0, 667
Telemetry [baseline] (8.176 ms) : 0, 8176
Telemetry [candidate] (8.164 ms) : 0, 8164
section iast
BytebuddyAgent [baseline] (831.958 ms) : 0, 831958
BytebuddyAgent [candidate] (837.503 ms) : 0, 837503
GlobalTracer [baseline] (247.168 ms) : 0, 247168
GlobalTracer [candidate] (247.764 ms) : 0, 247764
AppSec [baseline] (58.367 ms) : 0, 58367
AppSec [candidate] (58.492 ms) : 0, 58492
IAST [baseline] (21.251 ms) : 0, 21251
IAST [candidate] (21.724 ms) : 0, 21724
Remote Config [baseline] (670.088 µs) : 0, 670
Remote Config [candidate] (691.87 µs) : 0, 692
Telemetry [baseline] (8.78 ms) : 0, 8780
Telemetry [candidate] (8.843 ms) : 0, 8843
section profiling
BytebuddyAgent [baseline] (702.734 ms) : 0, 702734
BytebuddyAgent [candidate] (709.397 ms) : 0, 709397
GlobalTracer [baseline] (348.924 ms) : 0, 348924
GlobalTracer [candidate] (352.66 ms) : 0, 352660
AppSec [baseline] (54.854 ms) : 0, 54854
AppSec [candidate] (54.216 ms) : 0, 54216
Remote Config [baseline] (721.165 µs) : 0, 721
Remote Config [candidate] (709.633 µs) : 0, 710
Telemetry [baseline] (8.744 ms) : 0, 8744
Telemetry [candidate] (8.74 ms) : 0, 8740
ProfilingAgent [baseline] (96.048 ms) : 0, 96048
ProfilingAgent [candidate] (96.156 ms) : 0, 96156
Profiling [baseline] (96.071 ms) : 0, 96071
Profiling [candidate] (96.182 ms) : 0, 96182

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2025-01-21T09:13:24	2025-01-21T09:20:28
git_branch	master	malvarez/asm-fix-npe-spring-security
git_commit_date	1737449112	1737450204
git_commit_sha	`b63b852`	`4f83a4c`
release_version	1.46.0-SNAPSHOT~b63b852c6d	1.46.0-SNAPSHOT~4f83a4ccf4
start_time	2025-01-21T09:13:10	2025-01-21T09:20:14

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1737451587	1737451587
ci_job_id	773499704	773499704
ci_pipeline_id	53524426	53524426
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 16 unstable metrics.

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.353 ms) : 1333, 1373
.   : milestone, 1353,
appsec (1.743 ms) : 1719, 1767
.   : milestone, 1743,
appsec_no_iast (1.756 ms) : 1730, 1781
.   : milestone, 1756,
iast (1.527 ms) : 1503, 1550
.   : milestone, 1527,
profiling (1.52 ms) : 1497, 1544
.   : milestone, 1520,
tracing (1.485 ms) : 1460, 1510
.   : milestone, 1485,
section candidate
no_agent (1.364 ms) : 1345, 1384
.   : milestone, 1364,
appsec (1.751 ms) : 1727, 1774
.   : milestone, 1751,
appsec_no_iast (1.75 ms) : 1725, 1774
.   : milestone, 1750,
iast (1.517 ms) : 1493, 1542
.   : milestone, 1517,
profiling (1.558 ms) : 1533, 1583
.   : milestone, 1558,
tracing (1.494 ms) : 1469, 1519
.   : milestone, 1494,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.353 ms [1.333 ms, 1.373 ms]	-
appsec	1.743 ms [1.719 ms, 1.767 ms]	389.933 µs (28.8%)
appsec_no_iast	1.756 ms [1.73 ms, 1.781 ms]	402.134 µs (29.7%)
iast	1.527 ms [1.503 ms, 1.55 ms]	173.269 µs (12.8%)
profiling	1.52 ms [1.497 ms, 1.544 ms]	167.125 µs (12.3%)
tracing	1.485 ms [1.46 ms, 1.51 ms]	131.843 µs (9.7%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.364 ms [1.345 ms, 1.384 ms]	-
appsec	1.751 ms [1.727 ms, 1.774 ms]	386.503 µs (28.3%)
appsec_no_iast	1.75 ms [1.725 ms, 1.774 ms]	385.075 µs (28.2%)
iast	1.517 ms [1.493 ms, 1.542 ms]	152.752 µs (11.2%)
profiling	1.558 ms [1.533 ms, 1.583 ms]	193.65 µs (14.2%)
tracing	1.494 ms [1.469 ms, 1.519 ms]	129.6 µs (9.5%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d
    dateFormat X
    axisFormat %s
section baseline
no_agent (383.17 µs) : 363, 403
.   : milestone, 383,
iast (505.508 µs) : 484, 528
.   : milestone, 506,
iast_FULL (750.091 µs) : 728, 772
.   : milestone, 750,
iast_GLOBAL (553.742 µs) : 532, 575
.   : milestone, 554,
iast_HARDCODED_SECRET_DISABLED (507.199 µs) : 486, 529
.   : milestone, 507,
iast_INACTIVE (459.417 µs) : 438, 481
.   : milestone, 459,
iast_TELEMETRY_OFF (496.896 µs) : 475, 518
.   : milestone, 497,
tracing (454.372 µs) : 433, 475
.   : milestone, 454,
section candidate
no_agent (385.776 µs) : 365, 406
.   : milestone, 386,
iast (506.176 µs) : 484, 528
.   : milestone, 506,
iast_FULL (749.888 µs) : 728, 772
.   : milestone, 750,
iast_GLOBAL (556.21 µs) : 534, 578
.   : milestone, 556,
iast_HARDCODED_SECRET_DISABLED (511.187 µs) : 489, 533
.   : milestone, 511,
iast_INACTIVE (458.174 µs) : 437, 480
.   : milestone, 458,
iast_TELEMETRY_OFF (496.514 µs) : 475, 518
.   : milestone, 497,
tracing (456.414 µs) : 435, 478
.   : milestone, 456,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	383.17 µs [363.182 µs, 403.159 µs]	-
iast	505.508 µs [483.514 µs, 527.502 µs]	122.338 µs (31.9%)
iast_FULL	750.091 µs [728.058 µs, 772.124 µs]	366.921 µs (95.8%)
iast_GLOBAL	553.742 µs [532.311 µs, 575.173 µs]	170.572 µs (44.5%)
iast_HARDCODED_SECRET_DISABLED	507.199 µs [485.763 µs, 528.635 µs]	124.029 µs (32.4%)
iast_INACTIVE	459.417 µs [437.8 µs, 481.033 µs]	76.246 µs (19.9%)
iast_TELEMETRY_OFF	496.896 µs [475.384 µs, 518.407 µs]	113.726 µs (29.7%)
tracing	454.372 µs [433.472 µs, 475.272 µs]	71.202 µs (18.6%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	385.776 µs [365.166 µs, 406.386 µs]	-
iast	506.176 µs [484.412 µs, 527.94 µs]	120.4 µs (31.2%)
iast_FULL	749.888 µs [727.656 µs, 772.12 µs]	364.112 µs (94.4%)
iast_GLOBAL	556.21 µs [534.218 µs, 578.203 µs]	170.434 µs (44.2%)
iast_HARDCODED_SECRET_DISABLED	511.187 µs [488.897 µs, 533.478 µs]	125.411 µs (32.5%)
iast_INACTIVE	458.174 µs [436.761 µs, 479.587 µs]	72.398 µs (18.8%)
iast_TELEMETRY_OFF	496.514 µs [474.927 µs, 518.1 µs]	110.738 µs (28.7%)
tracing	456.414 µs [435.276 µs, 477.553 µs]	70.639 µs (18.3%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/asm-fix-npe-spring-security
git_commit_date	1737449112	1737450204
git_commit_sha	`b63b852`	`4f83a4c`
release_version	1.46.0-SNAPSHOT~b63b852c6d	1.46.0-SNAPSHOT~4f83a4ccf4

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1737452279	1737452279
ci_job_id	773499705	773499705
ci_pipeline_id	53524426	53524426
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.472 ms) : 1460, 1483
.   : milestone, 1472,
appsec (2.352 ms) : 2309, 2395
.   : milestone, 2352,
iast (2.093 ms) : 2039, 2147
.   : milestone, 2093,
iast_GLOBAL (2.135 ms) : 2081, 2190
.   : milestone, 2135,
profiling (1.959 ms) : 1915, 2002
.   : milestone, 1959,
tracing (1.94 ms) : 1898, 1982
.   : milestone, 1940,
section candidate
no_agent (1.469 ms) : 1458, 1481
.   : milestone, 1469,
appsec (2.351 ms) : 2309, 2394
.   : milestone, 2351,
iast (2.094 ms) : 2040, 2149
.   : milestone, 2094,
iast_GLOBAL (2.13 ms) : 2075, 2184
.   : milestone, 2130,
profiling (1.962 ms) : 1918, 2007
.   : milestone, 1962,
tracing (1.929 ms) : 1888, 1971
.   : milestone, 1929,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.472 ms [1.46 ms, 1.483 ms]	-
appsec	2.352 ms [2.309 ms, 2.395 ms]	879.956 µs (59.8%)
iast	2.093 ms [2.039 ms, 2.147 ms]	621.245 µs (42.2%)
iast_GLOBAL	2.135 ms [2.081 ms, 2.19 ms]	663.835 µs (45.1%)
profiling	1.959 ms [1.915 ms, 2.002 ms]	487.036 µs (33.1%)
tracing	1.94 ms [1.898 ms, 1.982 ms]	468.566 µs (31.8%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.469 ms [1.458 ms, 1.481 ms]	-
appsec	2.351 ms [2.309 ms, 2.394 ms]	882.346 µs (60.1%)
iast	2.094 ms [2.04 ms, 2.149 ms]	625.37 µs (42.6%)
iast_GLOBAL	2.13 ms [2.075 ms, 2.184 ms]	660.597 µs (45.0%)
profiling	1.962 ms [1.918 ms, 2.007 ms]	493.132 µs (33.6%)
tracing	1.929 ms [1.888 ms, 1.971 ms]	460.31 µs (31.3%)

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.46.0-SNAPSHOT~4f83a4ccf4, baseline=1.46.0-SNAPSHOT~b63b852c6d
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.999 s) : 14999000, 14999000
.   : milestone, 14999000,
appsec (14.977 s) : 14977000, 14977000
.   : milestone, 14977000,
iast (18.836 s) : 18836000, 18836000
.   : milestone, 18836000,
iast_GLOBAL (17.895 s) : 17895000, 17895000
.   : milestone, 17895000,
profiling (15.079 s) : 15079000, 15079000
.   : milestone, 15079000,
tracing (14.962 s) : 14962000, 14962000
.   : milestone, 14962000,
section candidate
no_agent (15.226 s) : 15226000, 15226000
.   : milestone, 15226000,
appsec (15.159 s) : 15159000, 15159000
.   : milestone, 15159000,
iast (19.032 s) : 19032000, 19032000
.   : milestone, 19032000,
iast_GLOBAL (18.2 s) : 18200000, 18200000
.   : milestone, 18200000,
profiling (14.944 s) : 14944000, 14944000
.   : milestone, 14944000,
tracing (15.049 s) : 15049000, 15049000
.   : milestone, 15049000,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.999 s [14.999 s, 14.999 s]	-
appsec	14.977 s [14.977 s, 14.977 s]	-22.0 ms (-0.1%)
iast	18.836 s [18.836 s, 18.836 s]	3.837 s (25.6%)
iast_GLOBAL	17.895 s [17.895 s, 17.895 s]	2.896 s (19.3%)
profiling	15.079 s [15.079 s, 15.079 s]	80.0 ms (0.5%)
tracing	14.962 s [14.962 s, 14.962 s]	-37.0 ms (-0.2%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.226 s [15.226 s, 15.226 s]	-
appsec	15.159 s [15.159 s, 15.159 s]	-67.0 ms (-0.4%)
iast	19.032 s [19.032 s, 19.032 s]	3.806 s (25.0%)
iast_GLOBAL	18.2 s [18.2 s, 18.2 s]	2.974 s (19.5%)
profiling	14.944 s [14.944 s, 14.944 s]	-282.0 ms (-1.9%)
tracing	15.049 s [15.049 s, 15.049 s]	-177.0 ms (-1.2%)

| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [com.google.cloud:google-cloud-datastore](https://github.com/googleapis/java-datastore) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.25.4` -> `2.26.0` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.45.2` -> `1.46.0` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.45.2` -> `1.46.0` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.30.9` -> `2.30.10` | --- ### Release Notes <details> <summary>googleapis/java-datastore (com.google.cloud:google-cloud-datastore)</summary> ### [`v2.26.0`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2260-2025-01-29) ##### Features - Add firestoreInDatastoreMode for datastore emulator ([#1698](googleapis/java-datastore#1698)) ([50f106d](googleapis/java-datastore@50f106d)) ##### Dependencies - Update dependency com.google.cloud:sdk-platform-java-config to v3.42.0 ([#1725](googleapis/java-datastore#1725)) ([1cbaf22](googleapis/java-datastore@1cbaf22)) </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.46.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.46.0): 1.46.0 ##### Breaking Changes > \[!WARNING] > jnr-unixsocket is now an external dependency of dd-trace-ot and must be included when deploying dd-trace-ot. > \[!NOTE] > The API `TracerScope.setAsync(boolean)`, used to manually control asynchronous span propagation, does no more apply to the scope instance but to the active span scope. ##### Components ##### Application Security Management (IAST) - 🐛 Fix String.replace instrumentation for IAST ([#8281](DataDog/dd-trace-java#8281) - [@Mariovido](https://github.com/Mariovido)) - ✨ Apply the standard nomenclature to the stacktrace configs ([#8244](DataDog/dd-trace-java#8244) - [@jandro996](https://github.com/jandro996)) - 🐛 Exclude false positive weak randomness ([#8232](DataDog/dd-trace-java#8232) - [@jandro996](https://github.com/jandro996)) - ✨ Propagation of translateEscapes of String class ([#8186](DataDog/dd-trace-java#8186) - [@sezen-datadog](https://github.com/sezen-datadog)) - ✨ Add security control metrics ([#8175](DataDog/dd-trace-java#8175) - [@jandro996](https://github.com/jandro996)) - ✨ Increase IAST propagation to StringBuffer setLength ([#8128](DataDog/dd-trace-java#8128) - [@Mariovido](https://github.com/Mariovido)) - ✨ Add IAST taint tracking for DB values ([#8072](DataDog/dd-trace-java#8072) - [@Mariovido](https://github.com/Mariovido)) ##### Application Security Management (WAF) - 🐛 Prevents a NPE when there is no subscriber for user events ([#8258](DataDog/dd-trace-java#8258) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Apply the standard nomenclature to the stacktrace configs ([#8244](DataDog/dd-trace-java#8244) - [@jandro996](https://github.com/jandro996)) - 🐛 Ensure cached subscriptions are cleared on reconfiguration via RC ([#8229](DataDog/dd-trace-java#8229) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Add support for session tracking in Vertx ([#8167](DataDog/dd-trace-java#8167) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Create span tag: \_dd.appsec.rasp.timeout ([#8269](DataDog/dd-trace-java#8269) - [@Mariovido](https://github.com/Mariovido)) ##### Build & Tooling - 🐛 Ensure shaded helpers have unique names when injected into class-loaders ([#8192](DataDog/dd-trace-java#8192) - [@mcculls](https://github.com/mcculls)) ##### Configuration at Runtime - 🐛 Remove filtering of `DD_SERVICE` and `DD_ENV` from the tracer ([#8176](DataDog/dd-trace-java#8176) - [@mhlidd](https://github.com/mhlidd)) ##### Continuous Integration Visibility - 🧹 Generalize TestRetryPolicy to TestExecutionPolicy ([#8302](DataDog/dd-trace-java#8302) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Parallelize CI Visibility settings requests ([#8299](DataDog/dd-trace-java#8299) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Generalize test retry logic ([#8289](DataDog/dd-trace-java#8289) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Generalize tests skipping logic ([#8288](DataDog/dd-trace-java#8288) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🧹 Remove skip and shouldBeSkipped methods from TestEventsHandler in favor of isSkippable ([#8286](DataDog/dd-trace-java#8286) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨⚡ Optimize Git repository information computation ([#8270](DataDog/dd-trace-java#8270) - [@dougqh](https://github.com/dougqh)) - ✨ Always request known tests from the backend ([#8268](DataDog/dd-trace-java#8268) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Fix NPE when trying to get retry analyzer in Test NG ([#8253](DataDog/dd-trace-java#8253) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Set test framework and test framework version tags atomically ([#8252](DataDog/dd-trace-java#8252) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add debug logging to Android Gradle module layout logic ([#8251](DataDog/dd-trace-java#8251) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Fix source and destination folders computation for Android Gradle projects ([#8190](DataDog/dd-trace-java#8190) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add basic Scala Weaver sbt support ([#8189](DataDog/dd-trace-java#8189) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Implement impacted tests detection ([#8188](DataDog/dd-trace-java#8188) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) ##### Data Streams Monitoring - ✨ Change hash computation for protobuf to better represent impacting changes + save proto number in schema ([#8201](DataDog/dd-trace-java#8201) - [@vandonr](https://github.com/vandonr)) ##### Database Monitoring - Add peer service tag in dbm sql commenter ([#7913](DataDog/dd-trace-java#7913) - [@jordan-wong](https://github.com/jordan-wong)) ##### Dynamic Instrumentation - ✨ Add support for SymDB to scan directories ([#8306](DataDog/dd-trace-java#8306) - [@jpbempel](https://github.com/jpbempel)) - ✨ Add SymDB report for any jar scanning failures ([#8300](DataDog/dd-trace-java#8300) - [@jpbempel](https://github.com/jpbempel)) - ✨ Use two budgets depending on type ([#8283](DataDog/dd-trace-java#8283) - [@evanchooly](https://github.com/evanchooly)) - ✨ Institute a 10 snapshot per probe per trace budget ([#8277](DataDog/dd-trace-java#8277) - [@evanchooly](https://github.com/evanchooly)) - 🐛 Avoid double snapshots for Exception Replay ([#8273](DataDog/dd-trace-java#8273) - [@jpbempel](https://github.com/jpbempel)) - ✨ Simplify code origins. Separate out snapshot generation. ([#8263](DataDog/dd-trace-java#8263) - [@evanchooly](https://github.com/evanchooly)) - ✨ Add Exception probe custom instrumentation ([#8230](DataDog/dd-trace-java#8230) - [@jpbempel](https://github.com/jpbempel)) - ✨ Enhance log probes to honor debug session tags ([#8215](DataDog/dd-trace-java#8215) - [@evanchooly](https://github.com/evanchooly)) - 🐛 Don't redact env tokens from debugger probe snapshots ([#8211](DataDog/dd-trace-java#8211) - [@watson](https://github.com/watson)) - ✨⚡ Move Trace/SpanId capture at commit time ([#8184](DataDog/dd-trace-java#8184) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Capture values at entry for method probe ([#8169](DataDog/dd-trace-java#8169) - [@jpbempel](https://github.com/jpbempel)) ##### JMX fetch - 🐛 Mute JMXFetch Shutdown in progress error ([#8068](DataDog/dd-trace-java#8068) - [@ygree](https://github.com/ygree)) ##### OpenTracing - ⚠️🧹 Make jnr-unixsocket an explicit dependency of dd-trace-ot ([#8307](DataDog/dd-trace-java#8307) - [@mcculls](https://github.com/mcculls)) ##### Profiling - 🐛 Avoid unsupported API call for creating folders on windows ([#8304](DataDog/dd-trace-java#8304) - [@jbachorik](https://github.com/jbachorik)) - ✨ Tag profiles for serverless ([#8279](DataDog/dd-trace-java#8279) - [@jbachorik](https://github.com/jbachorik)) - ✨ add queue type and length to queue events ([#8242](DataDog/dd-trace-java#8242) - [@richardstartin](https://github.com/richardstartin)) - 🐛 TempLocationManager Fixes and Improvements ([#8191](DataDog/dd-trace-java#8191) - [@jbachorik](https://github.com/jbachorik)) - ✨ Bump ddprof to 1.18.0 ([#8173](DataDog/dd-trace-java#8173) - [@jbachorik](https://github.com/jbachorik)) - ✨ Report profiler initialization and configuration errors to telemetry ([#8171](DataDog/dd-trace-java#8171) - [@jbachorik](https://github.com/jbachorik)) ##### Telemetry - ✨ Add pending traces report in tracer flares ([#8053](DataDog/dd-trace-java#8053) - [@mhlidd](https://github.com/mhlidd)) ##### Testing - ✨ Test http server requests in parallel ([#8222](DataDog/dd-trace-java#8222) - [@amarziali](https://github.com/amarziali)) ##### Trace context propagation - ✨ Add non default propagator registration ([#8310](DataDog/dd-trace-java#8310) - [@PerfectSlayer](https://github.com/PerfectSlayer)) ##### Tracer core - ✨ Probe for existence of IBMSASL or ACCP security providers ([#8276](DataDog/dd-trace-java#8276) - [@mcculls](https://github.com/mcculls)) - ✨⚡ Overhead improvement to agent feedback based sampling ([#8265](DataDog/dd-trace-java#8265) - [@dougqh](https://github.com/dougqh)) - 🧹 Move async propagation API from scope to tracer ([#8231](DataDog/dd-trace-java#8231) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨ Introduce context propagation API ([#8161](DataDog/dd-trace-java#8161) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨🧪 Use env-entry to add tags per webapp deployment ([#8138](DataDog/dd-trace-java#8138) - [@amarziali](https://github.com/amarziali)) - ✨ Introduce context helpers API ([#8134](DataDog/dd-trace-java#8134) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨ Support IPv6 values for `DD_AGENT_HOST` and `DD_TRACE_AGENT_URL` ([#7984](DataDog/dd-trace-java#7984) - [@mhlidd](https://github.com/mhlidd)) ##### Instrumentations ##### Apache HttpComponents - 🐛 Properly finish spans and support latest apache httpclient5 ([#8272](DataDog/dd-trace-java#8272) - [@amarziali](https://github.com/amarziali)) ##### AWS Lambda instrumentation - 🐛 Properly capture lambda payloads for all handler types. ([#8264](DataDog/dd-trace-java#8264) - [@purple4reina](https://github.com/purple4reina)) ##### AWS S3 instrumentation - 💡 Create S3 instrumentation + add span pointers ([#8075](DataDog/dd-trace-java#8075) - [@nhulston](https://github.com/nhulston)) ##### AWS SDK instrumentation - 🐛 Revert "Add avoid double instrumenting lambda non-streaming handlers." ([#8247](DataDog/dd-trace-java#8247) - [@nhulston](https://github.com/nhulston)) ##### Cassandra - ✨ Allow extracting keyspace from statement result ([#8239](DataDog/dd-trace-java#8239) - [@amarziali](https://github.com/amarziali)) ##### Core Java language instrumentation - ✨ Propagation of translateEscapes of String class ([#8186](DataDog/dd-trace-java#8186) - [@sezen-datadog](https://github.com/sezen-datadog)) ##### Eclipse Vert.x instrumentation - 🐛 Fix vertx worker propagation and error handling ([#8237](DataDog/dd-trace-java#8237) - [@amarziali](https://github.com/amarziali)) - ✨ Support vertx 5 ([#8220](DataDog/dd-trace-java#8220) - [@amarziali](https://github.com/amarziali)) - ✨ Add support for session tracking in Vertx ([#8167](DataDog/dd-trace-java#8167) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) ##### Kafka instrumentation - 🐛 Prevent possible NPE calculating Kafka record header size ([#8292](DataDog/dd-trace-java#8292) - [@ygree](https://github.com/ygree)) ##### Mule instrumentation - 🐛 Fix crash using Mule with JPMS ([#8187](DataDog/dd-trace-java#8187) - [@amarziali](https://github.com/amarziali)) ##### Protocol Buffer instrumentation - ✨ Change hash computation for protobuf to better represent impacting changes + save proto number in schema ([#8201](DataDog/dd-trace-java#8201) - [@vandonr](https://github.com/vandonr)) ##### Spring instrumentation - 🐛 Preserve getQualifier from spring scheduling runnables ([#8293](DataDog/dd-trace-java#8293) - [@amarziali](https://github.com/amarziali)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: bb09d47e4eed77a003f630273b4d0a84003eb899

Fix NPE when there is no subscriber for user events

4f83a4c

manuel-alvarez-alvarez added type: bug comp: asm waf Application Security Management (WAF) labels Jan 21, 2025

manuel-alvarez-alvarez requested a review from a team as a code owner January 21, 2025 09:07

manuel-alvarez-alvarez requested review from smola and Mariovido January 21, 2025 09:07

smola approved these changes Jan 21, 2025

View reviewed changes

sezen-datadog approved these changes Jan 21, 2025

View reviewed changes

jandro996 approved these changes Jan 21, 2025

View reviewed changes

manuel-alvarez-alvarez changed the title ~~Fix NPE when there is no subscriber for user events~~ Prevents NPE when there is no subscriber for user events Jan 21, 2025

manuel-alvarez-alvarez changed the title ~~Prevents NPE when there is no subscriber for user events~~ Prevents a NPE when there is no subscriber for user events Jan 21, 2025

manuel-alvarez-alvarez merged commit 1999e2b into master Jan 21, 2025
178 of 180 checks passed

manuel-alvarez-alvarez deleted the malvarez/asm-fix-npe-spring-security branch January 21, 2025 09:54

github-actions bot added this to the 1.46.0 milestone Jan 21, 2025

This was referenced Jan 21, 2025

🍒 8258 - Prevents a NPE when there is no subscriber for user events #8259

Closed

🍒 8258 - Prevents a NPE when there is no subscriber for user events #8260

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Prevents a NPE when there is no subscriber for user events #8258

Prevents a NPE when there is no subscriber for user events #8258

manuel-alvarez-alvarez commented Jan 21, 2025 •

edited

Loading

pr-commenter bot commented Jan 21, 2025

Prevents a NPE when there is no subscriber for user events #8258

Prevents a NPE when there is no subscriber for user events #8258

Conversation

manuel-alvarez-alvarez commented Jan 21, 2025 • edited Loading

What Does This Do

Motivation

Additional Notes

Contributor Checklist

pr-commenter bot commented Jan 21, 2025

Benchmarks

Startup

Parameters

Summary

Load

Parameters

Summary

Dacapo

Parameters

Summary

manuel-alvarez-alvarez commented Jan 21, 2025 •

edited

Loading