Skip to content

fix(appsec): report all tags on the service entry span instead of the local root span #14210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 14, 2025
Merged

fix(appsec): report all tags on the service entry span instead of the local root span #14210

merged 4 commits into from
Aug 14, 2025

Conversation

@florentinl
Copy link
Contributor

@florentinl florentinl commented Aug 1, 2025
edited
Loading

Motivation

In specific cases where we have an inferred span (belonging to an inferred service) as the parent of the framework instrumented web request (the 'web' span), Appsec is enabled on the inferred service instead of the current service.

This is because we always use set tags and metrics on the root span using the span._local_root helper.

This leads to an incorrect reporting of the appsec enablement status, and security signals showing up on spans of a different service.

Note:

  • The only type of inferred span in my understanding are API Gateways. They can be created either through the AWS Lambda python layer and are of type 'http' or are inferred by dd-trace-py and are of type 'web'.
  • Appsec through the tracer in lambda is not generally available yet, and the extension correctly handles this case. So no problems for now. But is necessary for in tracer enablement of appsec.

Changes

  • Add a helper on spans to retrieve the top level span of a given service

  • Modify the appsec logic to always report on the service entry span and add a failsafe to query the entry span of the current span or current root span to get a handle on a span in any situation.

  • Modify the tests to look for the entry span instead of the root span

Notes:

  • for IAST, we still need to check the root span in some cases because of the _DD_IAST_USE_ROOT_SPAN flag. This setting also needs additional manual handling in report_stack as reporting to root span is not the default anymore.
  • The contrib_appsec tests contain shell injections (that we ensure are detected by appsec). I included that path to the codeql bypass file.

Checklist

  • PR author has checked that all the criteria below are met
  • The PR description includes an overview of the change
  • The PR description articulates the motivation for the change
  • The change includes tests OR the PR description describes a testing strategy
  • The PR description notes risks associated with the change, if any
  • Newly-added code is easy to change
  • The change follows the library release note guidelines
  • The change includes or references documentation updates if necessary
  • Backport labels are set (if applicable)

Reviewer Checklist

  • Reviewer has checked that all the criteria below are met
  • Title is accurate
  • All changes are related to the pull request's stated goal
  • Avoids breaking API changes
  • Testing strategy adequately addresses listed risks
  • Newly-added code is easy to change
  • Release note makes sense to a user of the library
  • If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
  • Backport labels are set in a manner that is consistent with the release branch maintenance policy

@florentinl florentinl force-pushed the florentinl/APPSEC-58532/report-tags-on-service-entry-span branch from cf74a41 to 4453c1f Compare August 1, 2025 12:25
@github-actions
Copy link
Contributor

github-actions bot commented Aug 1, 2025
edited
Loading

CODEOWNERS have been resolved as:

releasenotes/notes/appsec-report-tags-on-entry-span-7b43ae9779d05d17.yaml  @DataDog/apm-python
tests/appsec/contrib_appsec/django_app/app/middlewares.py               @DataDog/asm-python
.github/codeql-config.yml                                               @DataDog/python-guild @DataDog/apm-core-python
ddtrace/_trace/span.py                                                  @DataDog/apm-sdk-api-python
ddtrace/_trace/tracer.py                                                @DataDog/apm-sdk-api-python
ddtrace/appsec/_api_security/api_manager.py                             @DataDog/asm-python
ddtrace/appsec/_asm_request_context.py                                  @DataDog/asm-python
ddtrace/appsec/_exploit_prevention/stack_traces.py                      @DataDog/asm-python
ddtrace/appsec/_iast/__init__.py                                        @DataDog/asm-python
ddtrace/appsec/_iast/_iast_request_context.py                           @DataDog/asm-python
ddtrace/appsec/_iast/_iast_request_context_base.py                      @DataDog/asm-python
ddtrace/appsec/_processor.py                                            @DataDog/asm-python
ddtrace/appsec/_trace_utils.py                                          @DataDog/asm-python
ddtrace/appsec/track_user_sdk.py                                        @DataDog/asm-python
ddtrace/settings/asm.py                                                 @DataDog/asm-python
tests/appsec/appsec/api_security/test_api_security_manager.py           @DataDog/asm-python
tests/appsec/appsec/test_appsec_trace_utils.py                          @DataDog/asm-python
tests/appsec/appsec/test_processor.py                                   @DataDog/asm-python
tests/appsec/contrib_appsec/conftest.py                                 @DataDog/asm-python
tests/appsec/contrib_appsec/django_app/settings.py                      @DataDog/asm-python
tests/appsec/contrib_appsec/django_app/urls.py                          @DataDog/asm-python
tests/appsec/contrib_appsec/fastapi_app/app.py                          @DataDog/asm-python
tests/appsec/contrib_appsec/flask_app/app.py                            @DataDog/asm-python
tests/appsec/contrib_appsec/utils.py                                    @DataDog/asm-python
tests/appsec/iast/aspects/test_add_aspect.py                            @DataDog/asm-python
tests/appsec/iast/conftest.py                                           @DataDog/asm-python
tests/appsec/iast/taint_tracking/test_native_taint_range.py             @DataDog/asm-python
tests/appsec/iast/taint_tracking/test_taint_tracking.py                 @DataDog/asm-python
tests/appsec/integrations/fastapi_tests/test_fastapi_appsec_iast.py     @DataDog/asm-python
tests/telemetry/test_writer.py                                          @DataDog/apm-python
tests/tracer/test_span.py                                               @DataDog/apm-sdk-api-python

@github-actions
Copy link
Contributor

github-actions bot commented Aug 1, 2025
edited
Loading

Bootstrap import analysis

Comparison of import times between this PR and base.

Summary

The average import time from this PR is: 273 ± 3 ms.

The average import time from base is: 275 ± 2 ms.

The import time difference between this PR and base is: -2.3 ± 0.1 ms.

Import time breakdown

The following import paths have shrunk:

ddtrace.auto 2.080 ms (0.76%)
ddtrace.bootstrap.sitecustomize 1.395 ms (0.51%)
ddtrace.bootstrap.preload 1.395 ms (0.51%)
ddtrace.internal.remoteconfig.client 0.680 ms (0.25%)
ddtrace 0.685 ms (0.25%)
ddtrace.internal._unpatched 0.031 ms (0.01%)
json 0.031 ms (0.01%)
json.decoder 0.031 ms (0.01%)
re 0.031 ms (0.01%)
enum 0.031 ms (0.01%)
types 0.031 ms (0.01%)

@florentinl florentinl force-pushed the florentinl/APPSEC-58532/report-tags-on-service-entry-span branch from 4453c1f to 95a54a8 Compare August 1, 2025 12:48
@pr-commenter
Copy link

pr-commenter bot commented Aug 1, 2025
edited
Loading

Performance SLOs

Candidate: florentinl/APPSEC-58532/report-tags-on-service-entry-span (a048425)

🔵 No Baseline Data (24 suites)
🔵 coreapiscenario - 12/12 (2 unstable)

🔵 No baseline data available for this suite

⚠️ context_with_data_listeners

Time: ⚠️ 13.861µs (SLO: <20.000µs 📉 -30.7%)

Memory: ✅ 31.339MB (SLO: <33.500MB -6.4%)

✅ context_with_data_no_listeners

Time: ✅ 3.849µs (SLO: <10.000µs 📉 -61.5%)

Memory: ✅ 31.261MB (SLO: <33.500MB -6.7%)

⚠️ context_with_data_only_all_listeners

Time: ⚠️ 13.856µs (SLO: <20.000µs 📉 -30.7%)

Memory: ✅ 31.202MB (SLO: <33.500MB -6.9%)

✅ get_item_exists

Time: ✅ 0.641µs (SLO: <10.000µs 📉 -93.6%)

Memory: ✅ 31.300MB (SLO: <33.500MB -6.6%)

✅ get_item_missing

Time: ✅ 0.690µs (SLO: <10.000µs 📉 -93.1%)

Memory: ✅ 31.300MB (SLO: <33.500MB -6.6%)

✅ set_item

Time: ✅ 24.970µs (SLO: <30.000µs 📉 -16.8%)

Memory: ✅ 31.221MB (SLO: <33.500MB -6.8%)

🔵 djangosimple - 22/22

🔵 No baseline data available for this suite

✅ appsec

Time: ✅ 21.259ms (SLO: <22.300ms -4.7%)

Memory: ✅ 63.885MB (SLO: <66.000MB -3.2%)

✅ exception-replay-enabled

Time: ✅ 1.381ms (SLO: <1.450ms -4.7%)

Memory: ✅ 63.229MB (SLO: <66.000MB -4.2%)

✅ iast

Time: ✅ 21.239ms (SLO: <22.250ms -4.5%)

Memory: ✅ 63.898MB (SLO: <66.000MB -3.2%)

✅ profiler

Time: ✅ 15.201ms (SLO: <16.550ms -8.2%)

Memory: ✅ 51.589MB (SLO: <53.500MB -3.6%)

✅ span-code-origin

Time: ✅ 27.034ms (SLO: <28.200ms -4.1%)

Memory: ✅ 66.164MB (SLO: <68.500MB -3.4%)

✅ tracer

Time: ✅ 21.256ms (SLO: <22.700ms -6.4%)

Memory: ✅ 63.856MB (SLO: <66.000MB -3.2%)

✅ tracer-and-profiler

Time: ✅ 22.919ms (SLO: <24.900ms -8.0%)

Memory: ✅ 65.235MB (SLO: <67.000MB -2.6%)

✅ tracer-no-caches

Time: ✅ 18.916ms (SLO: <19.650ms -3.7%)

Memory: ✅ 63.977MB (SLO: <66.000MB -3.1%)

✅ tracer-no-databases

Time: ✅ 19.210ms (SLO: <20.100ms -4.4%)

Memory: ✅ 63.946MB (SLO: <66.000MB -3.1%)

✅ tracer-no-middleware

Time: ✅ 21.070ms (SLO: <22.500ms -6.4%)

Memory: ✅ 63.887MB (SLO: <66.000MB -3.2%)

✅ tracer-no-templates

Time: ✅ 21.115ms (SLO: <22.250ms -5.1%)

Memory: ✅ 63.942MB (SLO: <66.000MB -3.1%)

🔵 errortrackingdjangosimple - 6/6

🔵 No baseline data available for this suite

✅ errortracking-enabled-all

Time: ✅ 18.560ms (SLO: <19.850ms -6.5%)

Memory: ✅ 63.856MB (SLO: <65.500MB -2.5%)

✅ errortracking-enabled-user

Time: ✅ 18.550ms (SLO: <19.400ms -4.4%)

Memory: ✅ 63.891MB (SLO: <65.500MB -2.5%)

✅ tracer-enabled

Time: ✅ 18.488ms (SLO: <19.450ms -4.9%)

Memory: ✅ 63.877MB (SLO: <65.500MB -2.5%)

🔵 errortrackingflasksqli - 6/6

🔵 No baseline data available for this suite

✅ errortracking-enabled-all

Time: ✅ 2.128ms (SLO: <2.300ms -7.5%)

Memory: ✅ 51.023MB (SLO: <53.500MB -4.6%)

✅ errortracking-enabled-user

Time: ✅ 2.138ms (SLO: <2.250ms -5.0%)

Memory: ✅ 50.924MB (SLO: <53.500MB -4.8%)

✅ tracer-enabled

Time: ✅ 2.125ms (SLO: <2.300ms -7.6%)

Memory: ✅ 50.842MB (SLO: <53.500MB -5.0%)

🔵 flasksimple - 15/15

🔵 No baseline data available for this suite

✅ appsec-get

Time: ✅ 4.614ms (SLO: <4.750ms -2.9%)

Memory: ✅ 61.735MB (SLO: <64.500MB -4.3%)

✅ appsec-post

Time: ✅ 6.662ms (SLO: <6.750ms 🟡 -1.3%)

Memory: ✅ 62.167MB (SLO: <64.500MB -3.6%)

✅ appsec-telemetry

Time: ✅ 4.624ms (SLO: <4.750ms -2.7%)

Memory: ✅ 61.735MB (SLO: <64.500MB -4.3%)

✅ debugger

Time: ✅ 1.860ms (SLO: <2.000ms -7.0%)

Memory: ✅ 44.364MB (SLO: <45.000MB 🟡 -1.4%)

✅ iast-get

Time: ✅ 1.858ms (SLO: <2.000ms -7.1%)

Memory: ✅ 46.939MB (SLO: <49.000MB -4.2%)

✅ profiler

Time: ✅ 1.915ms (SLO: <2.100ms -8.8%)

Memory: ✅ 44.067MB (SLO: <46.500MB -5.2%)

✅ tracer

Time: ✅ 3.408ms (SLO: <3.650ms -6.6%)

Memory: ✅ 51.028MB (SLO: <53.500MB -4.6%)

🔵 flasksqli - 6/6

🔵 No baseline data available for this suite

✅ appsec-enabled

Time: ✅ 4.002ms (SLO: <4.200ms -4.7%)

Memory: ✅ 62.090MB (SLO: <66.000MB -5.9%)

✅ iast-enabled

Time: ✅ 2.571ms (SLO: <2.800ms -8.2%)

Memory: ✅ 57.531MB (SLO: <59.000MB -2.5%)

✅ tracer-enabled

Time: ✅ 2.122ms (SLO: <2.250ms -5.7%)

Memory: ✅ 51.081MB (SLO: <53.500MB -4.5%)

🔵 httppropagationextract - 60/60

🔵 No baseline data available for this suite

✅ all_styles_all_headers

Time: ✅ 83.566µs (SLO: <100.000µs 📉 -16.4%)

Memory: ✅ 31.418MB (SLO: <33.500MB -6.2%)

✅ b3_headers

Time: ✅ 14.950µs (SLO: <20.000µs 📉 -25.2%)

Memory: ✅ 31.398MB (SLO: <33.500MB -6.3%)

✅ b3_single_headers

Time: ✅ 13.377µs (SLO: <20.000µs 📉 -33.1%)

Memory: ✅ 31.379MB (SLO: <33.500MB -6.3%)

✅ datadog_tracecontext_tracestate_not_propagated_on_trace_id_no_match

Time: ✅ 67.191µs (SLO: <80.000µs 📉 -16.0%)

Memory: ✅ 31.457MB (SLO: <33.500MB -6.1%)

✅ datadog_tracecontext_tracestate_propagated_on_trace_id_match

Time: ✅ 68.356µs (SLO: <80.000µs 📉 -14.6%)

Memory: ✅ 31.457MB (SLO: <33.500MB -6.1%)

✅ empty_headers

Time: ✅ 1.599µs (SLO: <10.000µs 📉 -84.0%)

Memory: ✅ 31.398MB (SLO: <33.500MB -6.3%)

✅ full_t_id_datadog_headers

Time: ✅ 24.179µs (SLO: <30.000µs 📉 -19.4%)

Memory: ✅ 31.398MB (SLO: <33.500MB -6.3%)

✅ invalid_priority_header

Time: ✅ 6.508µs (SLO: <10.000µs 📉 -34.9%)

Memory: ✅ 31.398MB (SLO: <33.500MB -6.3%)

✅ invalid_span_id_header

Time: ✅ 6.469µs (SLO: <10.000µs 📉 -35.3%)

Memory: ✅ 31.438MB (SLO: <33.500MB -6.2%)

✅ invalid_tags_header

Time: ✅ 6.487µs (SLO: <10.000µs 📉 -35.1%)

Memory: ✅ 31.379MB (SLO: <33.500MB -6.3%)

✅ invalid_trace_id_header

Time: ✅ 6.465µs (SLO: <10.000µs 📉 -35.4%)

Memory: ✅ 31.379MB (SLO: <33.500MB -6.3%)

✅ large_header_no_matches

Time: ✅ 27.528µs (SLO: <30.000µs -8.2%)

Memory: ✅ 31.379MB (SLO: <33.500MB -6.3%)

✅ large_valid_headers_all

Time: ✅ 28.667µs (SLO: <40.000µs 📉 -28.3%)

Memory: ✅ 31.359MB (SLO: <33.500MB -6.4%)

✅ medium_header_no_matches

Time: ✅ 9.784µs (SLO: <20.000µs 📉 -51.1%)

Memory: ✅ 31.379MB (SLO: <33.500MB -6.3%)

✅ medium_valid_headers_all

Time: ✅ 11.227µs (SLO: <20.000µs 📉 -43.9%)

Memory: ✅ 31.418MB (SLO: <33.500MB -6.2%)

✅ none_propagation_style

Time: ✅ 1.714µs (SLO: <10.000µs 📉 -82.9%)

Memory: ✅ 31.457MB (SLO: <33.500MB -6.1%)

✅ tracecontext_headers

Time: ✅ 34.765µs (SLO: <40.000µs 📉 -13.1%)

Memory: ✅ 31.418MB (SLO: <33.500MB -6.2%)

✅ valid_headers_all

Time: ✅ 6.514µs (SLO: <10.000µs 📉 -34.9%)

Memory: ✅ 31.379MB (SLO: <33.500MB -6.3%)

✅ valid_headers_basic

Time: ✅ 6.053µs (SLO: <10.000µs 📉 -39.5%)

Memory: ✅ 31.438MB (SLO: <33.500MB -6.2%)

✅ wsgi_empty_headers

Time: ✅ 1.602µs (SLO: <10.000µs 📉 -84.0%)

Memory: ✅ 31.320MB (SLO: <33.500MB -6.5%)

✅ wsgi_invalid_priority_header

Time: ✅ 6.559µs (SLO: <10.000µs 📉 -34.4%)

Memory: ✅ 31.438MB (SLO: <33.500MB -6.2%)

✅ wsgi_invalid_span_id_header

Time: ✅ 1.593µs (SLO: <10.000µs 📉 -84.1%)

Memory: ✅ 31.398MB (SLO: <33.500MB -6.3%)

✅ wsgi_invalid_tags_header

Time: ✅ 6.490µs (SLO: <10.000µs 📉 -35.1%)

Memory: ✅ 31.398MB (SLO: <33.500MB -6.3%)

✅ wsgi_invalid_trace_id_header

Time: ✅ 6.583µs (SLO: <10.000µs 📉 -34.2%)

Memory: ✅ 31.438MB (SLO: <33.500MB -6.2%)

✅ wsgi_large_header_no_matches

Time: ✅ 28.585µs (SLO: <40.000µs 📉 -28.5%)

Memory: ✅ 31.457MB (SLO: <33.500MB -6.1%)

✅ wsgi_large_valid_headers_all

Time: ✅ 29.691µs (SLO: <40.000µs 📉 -25.8%)

Memory: ✅ 31.438MB (SLO: <33.500MB -6.2%)

✅ wsgi_medium_header_no_matches

Time: ✅ 10.082µs (SLO: <20.000µs 📉 -49.6%)

Memory: ✅ 31.418MB (SLO: <33.500MB -6.2%)

✅ wsgi_medium_valid_headers_all

Time: ✅ 11.686µs (SLO: <20.000µs 📉 -41.6%)

Memory: ✅ 31.398MB (SLO: <33.500MB -6.3%)

✅ wsgi_valid_headers_all

Time: ✅ 6.519µs (SLO: <10.000µs 📉 -34.8%)

Memory: ✅ 31.418MB (SLO: <33.500MB -6.2%)

✅ wsgi_valid_headers_basic

Time: ✅ 6.148µs (SLO: <10.000µs 📉 -38.5%)

Memory: ✅ 31.457MB (SLO: <33.500MB -6.1%)

🔵 httppropagationinject - 16/16

🔵 No baseline data available for this suite

✅ ids_only

Time: ✅ 22.433µs (SLO: <30.000µs 📉 -25.2%)

Memory: ✅ 31.418MB (SLO: <33.500MB -6.2%)

✅ with_all

Time: ✅ 34.653µs (SLO: <40.000µs 📉 -13.4%)

Memory: ✅ 31.418MB (SLO: <33.500MB -6.2%)

✅ with_dd_origin

Time: ✅ 28.754µs (SLO: <30.000µs -4.2%)

Memory: ✅ 31.398MB (SLO: <33.500MB -6.3%)

✅ with_priority_and_origin

Time: ✅ 28.179µs (SLO: <40.000µs 📉 -29.6%)

Memory: ✅ 31.398MB (SLO: <33.500MB -6.3%)

✅ with_sampling_priority

Time: ✅ 22.731µs (SLO: <30.000µs 📉 -24.2%)

Memory: ✅ 31.418MB (SLO: <33.500MB -6.2%)

✅ with_tags

Time: ✅ 31.285µs (SLO: <40.000µs 📉 -21.8%)

Memory: ✅ 31.438MB (SLO: <33.500MB -6.2%)

✅ with_tags_invalid

Time: ✅ 34.501µs (SLO: <40.000µs 📉 -13.7%)

Memory: ✅ 31.398MB (SLO: <33.500MB -6.3%)

✅ with_tags_max_size

Time: ✅ 31.154µs (SLO: <40.000µs 📉 -22.1%)

Memory: ✅ 31.438MB (SLO: <33.500MB -6.2%)

🔵 iast_aspects - 40/40

🔵 No baseline data available for this suite

✅ re_expand_aspect

Time: ✅ 32.974µs (SLO: <40.000µs 📉 -17.6%)

Memory: ✅ 36.805MB (SLO: <39.000MB -5.6%)

✅ re_expand_noaspect

Time: ✅ 28.600µs (SLO: <40.000µs 📉 -28.5%)

Memory: ✅ 36.825MB (SLO: <39.000MB -5.6%)

✅ re_findall_aspect

Time: ✅ 3.717µs (SLO: <10.000µs 📉 -62.8%)

Memory: ✅ 36.746MB (SLO: <39.000MB -5.8%)

✅ re_findall_noaspect

Time: ✅ 1.422µs (SLO: <10.000µs 📉 -85.8%)

Memory: ✅ 36.825MB (SLO: <39.000MB -5.6%)

✅ re_finditer_aspect

Time: ✅ 5.162µs (SLO: <10.000µs 📉 -48.4%)

Memory: ✅ 36.884MB (SLO: <39.000MB -5.4%)

✅ re_finditer_noaspect

Time: ✅ 1.408µs (SLO: <10.000µs 📉 -85.9%)

Memory: ✅ 36.805MB (SLO: <39.000MB -5.6%)

✅ re_fullmatch_aspect

Time: ✅ 3.394µs (SLO: <10.000µs 📉 -66.1%)

Memory: ✅ 36.844MB (SLO: <39.000MB -5.5%)

✅ re_fullmatch_noaspect

Time: ✅ 1.277µs (SLO: <10.000µs 📉 -87.2%)

Memory: ✅ 36.805MB (SLO: <39.000MB -5.6%)

✅ re_group_aspect

Time: ✅ 3.442µs (SLO: <10.000µs 📉 -65.6%)

Memory: ✅ 36.825MB (SLO: <39.000MB -5.6%)

✅ re_group_noaspect

Time: ✅ 1.608µs (SLO: <10.000µs 📉 -83.9%)

Memory: ✅ 36.844MB (SLO: <39.000MB -5.5%)

✅ re_groups_aspect

Time: ✅ 3.611µs (SLO: <10.000µs 📉 -63.9%)

Memory: ✅ 36.825MB (SLO: <39.000MB -5.6%)

✅ re_groups_noaspect

Time: ✅ 1.706µs (SLO: <10.000µs 📉 -82.9%)

Memory: ✅ 36.805MB (SLO: <39.000MB -5.6%)

✅ re_match_aspect

Time: ✅ 3.433µs (SLO: <10.000µs 📉 -65.7%)

Memory: ✅ 36.884MB (SLO: <39.000MB -5.4%)

✅ re_match_noaspect

Time: ✅ 1.288µs (SLO: <10.000µs 📉 -87.1%)

Memory: ✅ 36.825MB (SLO: <39.000MB -5.6%)

✅ re_search_aspect

Time: ✅ 3.312µs (SLO: <10.000µs 📉 -66.9%)

Memory: ✅ 36.805MB (SLO: <39.000MB -5.6%)

✅ re_search_noaspect

Time: ✅ 1.195µs (SLO: <10.000µs 📉 -88.1%)

Memory: ✅ 36.825MB (SLO: <39.000MB -5.6%)

✅ re_sub_aspect

Time: ✅ 4.681µs (SLO: <10.000µs 📉 -53.2%)

Memory: ✅ 36.825MB (SLO: <39.000MB -5.6%)

✅ re_sub_noaspect

Time: ✅ 1.522µs (SLO: <10.000µs 📉 -84.8%)

Memory: ✅ 36.785MB (SLO: <39.000MB -5.7%)

✅ re_subn_aspect

Time: ✅ 4.904µs (SLO: <10.000µs 📉 -51.0%)

Memory: ✅ 36.785MB (SLO: <39.000MB -5.7%)

✅ re_subn_noaspect

Time: ✅ 1.616µs (SLO: <10.000µs 📉 -83.8%)

Memory: ✅ 36.825MB (SLO: <39.000MB -5.6%)

🔵 iastaspects - 118/118

🔵 No baseline data available for this suite

✅ add_aspect

Time: ✅ 0.325µs (SLO: <10.000µs 📉 -96.8%)

Memory: ✅ 37.218MB (SLO: <39.000MB -4.6%)

✅ add_inplace_aspect

Time: ✅ 0.332µs (SLO: <10.000µs 📉 -96.7%)

Memory: ✅ 37.257MB (SLO: <39.000MB -4.5%)

✅ add_inplace_noaspect

Time: ✅ 0.319µs (SLO: <10.000µs 📉 -96.8%)

Memory: ✅ 37.218MB (SLO: <39.000MB -4.6%)

✅ add_noaspect

Time: ✅ 0.282µs (SLO: <10.000µs 📉 -97.2%)

Memory: ✅ 37.218MB (SLO: <39.000MB -4.6%)

✅ bytearray_aspect

Time: ✅ 1.857µs (SLO: <10.000µs 📉 -81.4%)

Memory: ✅ 37.257MB (SLO: <39.000MB -4.5%)

✅ bytearray_extend_aspect

Time: ✅ 1.374µs (SLO: <10.000µs 📉 -86.3%)

Memory: ✅ 37.277MB (SLO: <39.000MB -4.4%)

✅ bytearray_extend_noaspect

Time: ✅ 0.608µs (SLO: <10.000µs 📉 -93.9%)

Memory: ✅ 37.277MB (SLO: <39.000MB -4.4%)

✅ bytearray_noaspect

Time: ✅ 0.487µs (SLO: <10.000µs 📉 -95.1%)

Memory: ✅ 37.277MB (SLO: <39.000MB -4.4%)

✅ bytes_aspect

Time: ✅ 1.853µs (SLO: <10.000µs 📉 -81.5%)

Memory: ✅ 37.198MB (SLO: <39.000MB -4.6%)

✅ bytes_noaspect

Time: ✅ 0.491µs (SLO: <10.000µs 📉 -95.1%)

Memory: ✅ 37.297MB (SLO: <39.000MB -4.4%)

✅ bytesio_aspect

Time: ✅ 1.890µs (SLO: <10.000µs 📉 -81.1%)

Memory: ✅ 37.277MB (SLO: <39.000MB -4.4%)

✅ bytesio_noaspect

Time: ✅ 0.499µs (SLO: <10.000µs 📉 -95.0%)

Memory: ✅ 37.198MB (SLO: <39.000MB -4.6%)

✅ capitalize_aspect

Time: ✅ 0.740µs (SLO: <10.000µs 📉 -92.6%)

Memory: ✅ 37.139MB (SLO: <39.000MB -4.8%)

✅ capitalize_noaspect

Time: ✅ 0.436µs (SLO: <10.000µs 📉 -95.6%)

Memory: ✅ 37.316MB (SLO: <39.000MB -4.3%)

✅ casefold_aspect

Time: ✅ 0.739µs (SLO: <10.000µs 📉 -92.6%)

Memory: ✅ 37.218MB (SLO: <39.000MB -4.6%)

✅ casefold_noaspect

Time: ✅ 0.377µs (SLO: <10.000µs 📉 -96.2%)

Memory: ✅ 37.277MB (SLO: <39.000MB -4.4%)

✅ decode_aspect

Time: ✅ 0.730µs (SLO: <10.000µs 📉 -92.7%)

Memory: ✅ 37.277MB (SLO: <39.000MB -4.4%)

✅ decode_noaspect

Time: ✅ 0.419µs (SLO: <10.000µs 📉 -95.8%)

Memory: ✅ 37.238MB (SLO: <39.000MB -4.5%)

✅ encode_aspect

Time: ✅ 0.716µs (SLO: <10.000µs 📉 -92.8%)

Memory: ✅ 37.238MB (SLO: <39.000MB -4.5%)

✅ encode_noaspect

Time: ✅ 0.410µs (SLO: <10.000µs 📉 -95.9%)

Memory: ✅ 37.238MB (SLO: <39.000MB -4.5%)

✅ format_aspect

Time: ✅ 3.381µs (SLO: <10.000µs 📉 -66.2%)

Memory: ✅ 37.218MB (SLO: <39.000MB -4.6%)

✅ format_map_aspect

Time: ✅ 3.259µs (SLO: <10.000µs 📉 -67.4%)

Memory: ✅ 37.316MB (SLO: <39.000MB -4.3%)

✅ format_map_noaspect

Time: ✅ 0.783µs (SLO: <10.000µs 📉 -92.2%)

Memory: ✅ 37.139MB (SLO: <39.000MB -4.8%)

✅ format_noaspect

Time: ✅ 0.601µs (SLO: <10.000µs 📉 -94.0%)

Memory: ✅ 37.218MB (SLO: <39.000MB -4.6%)

✅ index_aspect

Time: ✅ 0.341µs (SLO: <10.000µs 📉 -96.6%)

Memory: ✅ 37.159MB (SLO: <39.000MB -4.7%)

✅ index_noaspect

Time: ✅ 0.280µs (SLO: <10.000µs 📉 -97.2%)

Memory: ✅ 37.238MB (SLO: <39.000MB -4.5%)

✅ join_aspect

Time: ✅ 1.220µs (SLO: <10.000µs 📉 -87.8%)

Memory: ✅ 37.257MB (SLO: <39.000MB -4.5%)

✅ join_noaspect

Time: ✅ 0.497µs (SLO: <10.000µs 📉 -95.0%)

Memory: ✅ 37.159MB (SLO: <39.000MB -4.7%)

✅ ljust_aspect

Time: ✅ 10.203µs (SLO: <20.000µs 📉 -49.0%)

Memory: ✅ 37.356MB (SLO: <39.000MB -4.2%)

✅ ljust_noaspect

Time: ✅ 0.409µs (SLO: <10.000µs 📉 -95.9%)

Memory: ✅ 37.277MB (SLO: <39.000MB -4.4%)

✅ lower_aspect

Time: ✅ 2.258µs (SLO: <10.000µs 📉 -77.4%)

Memory: ✅ 37.238MB (SLO: <39.000MB -4.5%)

✅ lower_noaspect

Time: ✅ 0.369µs (SLO: <10.000µs 📉 -96.3%)

Memory: ✅ 37.179MB (SLO: <39.000MB -4.7%)

✅ lstrip_aspect

Time: ✅ 10.279µs (SLO: <20.000µs 📉 -48.6%)

Memory: ✅ 37.336MB (SLO: <39.000MB -4.3%)

✅ lstrip_noaspect

Time: ✅ 0.385µs (SLO: <10.000µs 📉 -96.2%)

Memory: ✅ 37.218MB (SLO: <39.000MB -4.6%)

✅ modulo_aspect

Time: ✅ 0.604µs (SLO: <10.000µs 📉 -94.0%)

Memory: ✅ 37.277MB (SLO: <39.000MB -4.4%)

✅ modulo_aspect_for_bytearray_bytearray

Time: ✅ 1.264µs (SLO: <10.000µs 📉 -87.4%)

Memory: ✅ 37.179MB (SLO: <39.000MB -4.7%)

✅ modulo_aspect_for_bytes

Time: ✅ 0.745µs (SLO: <10.000µs 📉 -92.6%)

Memory: ✅ 37.257MB (SLO: <39.000MB -4.5%)

✅ modulo_aspect_for_bytes_bytearray

Time: ✅ 1.020µs (SLO: <10.000µs 📉 -89.8%)

Memory: ✅ 37.316MB (SLO: <39.000MB -4.3%)

✅ modulo_noaspect

Time: ✅ 0.630µs (SLO: <10.000µs 📉 -93.7%)

Memory: ✅ 37.257MB (SLO: <39.000MB -4.5%)

✅ replace_aspect

Time: ✅ 4.647µs (SLO: <10.000µs 📉 -53.5%)

Memory: ✅ 37.297MB (SLO: <39.000MB -4.4%)

✅ replace_noaspect

Time: ✅ 0.468µs (SLO: <10.000µs 📉 -95.3%)

Memory: ✅ 37.159MB (SLO: <39.000MB -4.7%)

✅ repr_aspect

Time: ✅ 0.912µs (SLO: <10.000µs 📉 -90.9%)

Memory: ✅ 37.179MB (SLO: <39.000MB -4.7%)

✅ repr_noaspect

Time: ✅ 0.411µs (SLO: <10.000µs 📉 -95.9%)

Memory: ✅ 37.277MB (SLO: <39.000MB -4.4%)

✅ rstrip_aspect

Time: ✅ 10.974µs (SLO: <20.000µs 📉 -45.1%)

Memory: ✅ 37.336MB (SLO: <39.000MB -4.3%)

✅ rstrip_noaspect

Time: ✅ 0.385µs (SLO: <10.000µs 📉 -96.1%)

Memory: ✅ 37.198MB (SLO: <39.000MB -4.6%)

✅ slice_aspect

Time: ✅ 0.480µs (SLO: <10.000µs 📉 -95.2%)

Memory: ✅ 37.238MB (SLO: <39.000MB -4.5%)

✅ slice_noaspect

Time: ✅ 0.448µs (SLO: <10.000µs 📉 -95.5%)

Memory: ✅ 37.297MB (SLO: <39.000MB -4.4%)

✅ stringio_aspect

Time: ✅ 2.212µs (SLO: <10.000µs 📉 -77.9%)

Memory: ✅ 37.297MB (SLO: <39.000MB -4.4%)

✅ stringio_noaspect

Time: ✅ 0.712µs (SLO: <10.000µs 📉 -92.9%)

Memory: ✅ 37.198MB (SLO: <39.000MB -4.6%)

✅ strip_aspect

Time: ✅ 10.218µs (SLO: <20.000µs 📉 -48.9%)

Memory: ✅ 37.316MB (SLO: <39.000MB -4.3%)

✅ strip_noaspect

Time: ✅ 0.393µs (SLO: <10.000µs 📉 -96.1%)

Memory: ✅ 37.120MB (SLO: <39.000MB -4.8%)

✅ swapcase_aspect

Time: ✅ 2.601µs (SLO: <10.000µs 📉 -74.0%)

Memory: ✅ 37.218MB (SLO: <39.000MB -4.6%)

✅ swapcase_noaspect

Time: ✅ 0.540µs (SLO: <10.000µs 📉 -94.6%)

Memory: ✅ 37.198MB (SLO: <39.000MB -4.6%)

✅ title_aspect

Time: ✅ 2.432µs (SLO: <10.000µs 📉 -75.7%)

Memory: ✅ 37.257MB (SLO: <39.000MB -4.5%)

✅ title_noaspect

Time: ✅ 0.507µs (SLO: <10.000µs 📉 -94.9%)

Memory: ✅ 37.179MB (SLO: <39.000MB -4.7%)

✅ translate_aspect

Time: ✅ 3.311µs (SLO: <10.000µs 📉 -66.9%)

Memory: ✅ 37.297MB (SLO: <39.000MB -4.4%)

✅ translate_noaspect

Time: ✅ 1.051µs (SLO: <10.000µs 📉 -89.5%)

Memory: ✅ 37.218MB (SLO: <39.000MB -4.6%)

✅ upper_aspect

Time: ✅ 2.313µs (SLO: <10.000µs 📉 -76.9%)

Memory: ✅ 37.218MB (SLO: <39.000MB -4.6%)

✅ upper_noaspect

Time: ✅ 0.371µs (SLO: <10.000µs 📉 -96.3%)

Memory: ✅ 37.198MB (SLO: <39.000MB -4.6%)

🔵 iastaspectsospath - 24/24

🔵 No baseline data available for this suite

✅ ospathbasename_aspect

Time: ✅ 4.170µs (SLO: <10.000µs 📉 -58.3%)

Memory: ✅ 36.844MB (SLO: <39.000MB -5.5%)

✅ ospathbasename_noaspect

Time: ✅ 1.087µs (SLO: <10.000µs 📉 -89.1%)

Memory: ✅ 36.864MB (SLO: <39.000MB -5.5%)

✅ ospathjoin_aspect

Time: ✅ 6.138µs (SLO: <10.000µs 📉 -38.6%)

Memory: ✅ 36.746MB (SLO: <39.000MB -5.8%)

✅ ospathjoin_noaspect

Time: ✅ 2.302µs (SLO: <10.000µs 📉 -77.0%)

Memory: ✅ 36.884MB (SLO: <39.000MB -5.4%)

✅ ospathnormcase_aspect

Time: ✅ 3.392µs (SLO: <10.000µs 📉 -66.1%)

Memory: ✅ 36.805MB (SLO: <39.000MB -5.6%)

✅ ospathnormcase_noaspect

Time: ✅ 0.569µs (SLO: <10.000µs 📉 -94.3%)

Memory: ✅ 36.844MB (SLO: <39.000MB -5.5%)

✅ ospathsplit_aspect

Time: ✅ 4.810µs (SLO: <10.000µs 📉 -51.9%)

Memory: ✅ 36.825MB (SLO: <39.000MB -5.6%)

✅ ospathsplit_noaspect

Time: ✅ 1.610µs (SLO: <10.000µs 📉 -83.9%)

Memory: ✅ 36.825MB (SLO: <39.000MB -5.6%)

✅ ospathsplitdrive_aspect

Time: ✅ 4.058µs (SLO: <10.000µs 📉 -59.4%)

Memory: ✅ 36.844MB (SLO: <39.000MB -5.5%)

✅ ospathsplitdrive_noaspect

Time: ✅ 0.698µs (SLO: <10.000µs 📉 -93.0%)

Memory: ✅ 36.746MB (SLO: <39.000MB -5.8%)

✅ ospathsplitext_aspect

Time: ✅ 4.546µs (SLO: <10.000µs 📉 -54.5%)

Memory: ✅ 36.805MB (SLO: <39.000MB -5.6%)

✅ ospathsplitext_noaspect

Time: ✅ 1.385µs (SLO: <10.000µs 📉 -86.1%)

Memory: ✅ 36.825MB (SLO: <39.000MB -5.6%)

🔵 iastaspectssplit - 12/12

🔵 No baseline data available for this suite

✅ rsplit_aspect

Time: ✅ 1.502µs (SLO: <10.000µs 📉 -85.0%)

Memory: ✅ 36.844MB (SLO: <39.000MB -5.5%)

✅ rsplit_noaspect

Time: ✅ 0.588µs (SLO: <10.000µs 📉 -94.1%)

Memory: ✅ 36.864MB (SLO: <39.000MB -5.5%)

✅ split_aspect

Time: ✅ 1.464µs (SLO: <10.000µs 📉 -85.4%)

Memory: ✅ 36.805MB (SLO: <39.000MB -5.6%)

✅ split_noaspect

Time: ✅ 0.577µs (SLO: <10.000µs 📉 -94.2%)

Memory: ✅ 36.825MB (SLO: <39.000MB -5.6%)

✅ splitlines_aspect

Time: ✅ 1.438µs (SLO: <10.000µs 📉 -85.6%)

Memory: ✅ 36.844MB (SLO: <39.000MB -5.5%)

✅ splitlines_noaspect

Time: ✅ 0.592µs (SLO: <10.000µs 📉 -94.1%)

Memory: ✅ 36.785MB (SLO: <39.000MB -5.7%)

🔵 iastpropagation - 8/8

🔵 No baseline data available for this suite

✅ no-propagation

Time: ✅ 48.933µs (SLO: <60.000µs 📉 -18.4%)

Memory: ✅ 36.864MB (SLO: <39.000MB -5.5%)

✅ propagation_enabled

Time: ✅ 144.265µs (SLO: <160.000µs -9.8%)

Memory: ✅ 36.844MB (SLO: <39.000MB -5.5%)

✅ propagation_enabled_100

Time: ✅ 1.576ms (SLO: <1.800ms 📉 -12.5%)

Memory: ✅ 36.884MB (SLO: <39.000MB -5.4%)

✅ propagation_enabled_1000

Time: ✅ 29.191ms (SLO: <30.550ms -4.4%)

Memory: ✅ 36.864MB (SLO: <39.000MB -5.5%)

🔵 otelsdkspan - 24/24

🔵 No baseline data available for this suite

✅ add-event

Time: ✅ 40.632ms (SLO: <42.000ms -3.3%)

Memory: ✅ 34.151MB (SLO: <39.000MB 📉 -12.4%)

✅ add-link

Time: ✅ 36.666ms (SLO: <38.550ms -4.9%)

Memory: ✅ 34.170MB (SLO: <39.000MB 📉 -12.4%)

✅ add-metrics

Time: ✅ 221.293ms (SLO: <232.000ms -4.6%)

Memory: ✅ 34.111MB (SLO: <39.000MB 📉 -12.5%)

✅ add-tags

Time: ✅ 211.572ms (SLO: <221.600ms -4.5%)

Memory: ✅ 34.131MB (SLO: <39.000MB 📉 -12.5%)

✅ get-context

Time: ✅ 29.034ms (SLO: <31.300ms -7.2%)

Memory: ✅ 34.170MB (SLO: <39.000MB 📉 -12.4%)

✅ is-recording

Time: ✅ 29.719ms (SLO: <31.000ms -4.1%)

Memory: ✅ 34.151MB (SLO: <39.000MB 📉 -12.4%)

✅ record-exception

Time: ✅ 63.054ms (SLO: <65.850ms -4.2%)

Memory: ✅ 34.131MB (SLO: <39.000MB 📉 -12.5%)

✅ set-status

Time: ✅ 31.888ms (SLO: <34.150ms -6.6%)

Memory: ✅ 34.151MB (SLO: <39.000MB 📉 -12.4%)

✅ start

Time: ✅ 29.214ms (SLO: <30.150ms -3.1%)

Memory: ✅ 34.170MB (SLO: <39.000MB 📉 -12.4%)

✅ start-finish

Time: ✅ 33.902ms (SLO: <35.350ms -4.1%)

Memory: ✅ 34.131MB (SLO: <39.000MB 📉 -12.5%)

✅ start-finish-telemetry

Time: ✅ 33.945ms (SLO: <35.450ms -4.2%)

Memory: ✅ 34.170MB (SLO: <39.000MB 📉 -12.4%)

✅ update-name

Time: ✅ 30.922ms (SLO: <33.400ms -7.4%)

Memory: ✅ 34.170MB (SLO: <39.000MB 📉 -12.4%)

🔵 otelspan - 22/22

🔵 No baseline data available for this suite

✅ add-event

Time: ✅ 45.095ms (SLO: <47.150ms -4.4%)

Memory: ✅ 44.420MB (SLO: <46.500MB -4.5%)

✅ add-metrics

Time: ✅ 319.380ms (SLO: <344.800ms -7.4%)

Memory: ✅ 552.968MB (SLO: <562.000MB 🟡 -1.6%)

✅ add-tags

Time: ✅ 292.447ms (SLO: <314.000ms -6.9%)

Memory: ✅ 553.607MB (SLO: <563.500MB 🟡 -1.8%)

✅ get-context

Time: ✅ 87.085ms (SLO: <92.350ms -5.7%)

Memory: ✅ 39.553MB (SLO: <46.500MB 📉 -14.9%)

✅ is-recording

Time: ✅ 42.773ms (SLO: <44.500ms -3.9%)

Memory: ✅ 43.790MB (SLO: <46.500MB -5.8%)

✅ record-exception

Time: ✅ 61.652ms (SLO: <67.650ms -8.9%)

Memory: ✅ 39.858MB (SLO: <46.500MB 📉 -14.3%)

✅ set-status

Time: ✅ 49.599ms (SLO: <50.400ms 🟡 -1.6%)

Memory: ✅ 43.828MB (SLO: <46.500MB -5.7%)

✅ start

Time: ✅ 41.933ms (SLO: <43.450ms -3.5%)

Memory: ✅ 43.845MB (SLO: <46.500MB -5.7%)

✅ start-finish

Time: ✅ 86.447ms (SLO: <88.000ms 🟡 -1.8%)

Memory: ✅ 33.777MB (SLO: <46.500MB 📉 -27.4%)

✅ start-finish-telemetry

Time: ✅ 86.333ms (SLO: <89.000ms -3.0%)

Memory: ✅ 33.777MB (SLO: <46.500MB 📉 -27.4%)

✅ update-name

Time: ✅ 43.926ms (SLO: <45.150ms -2.7%)

Memory: ✅ 44.187MB (SLO: <46.500MB -5.0%)

🔵 packagespackageforrootmodulemapping - 4/4

🔵 No baseline data available for this suite

✅ cache_off

Time: ✅ 341.663ms (SLO: <354.300ms -3.6%)

Memory: ✅ 36.932MB (SLO: <40.000MB -7.7%)

✅ cache_on

Time: ✅ 0.383µs (SLO: <10.000µs 📉 -96.2%)

Memory: ✅ 36.117MB (SLO: <39.000MB -7.4%)

🔵 packagesupdateimporteddependencies - 24/24

🔵 No baseline data available for this suite

✅ import_many

Time: ✅ 155.198µs (SLO: <170.000µs -8.7%)

Memory: ✅ 35.893MB (SLO: <38.500MB -6.8%)

✅ import_many_cached

Time: ✅ 120.418µs (SLO: <130.000µs -7.4%)

Memory: ✅ 35.542MB (SLO: <38.500MB -7.7%)

✅ import_many_stdlib

Time: ✅ 1.615ms (SLO: <1.750ms -7.7%)

Memory: ✅ 35.668MB (SLO: <38.500MB -7.4%)

✅ import_many_stdlib_cached

Time: ✅ 0.968ms (SLO: <1.100ms 📉 -12.0%)

Memory: ✅ 36.061MB (SLO: <38.500MB -6.3%)

✅ import_many_unknown

Time: ✅ 834.696µs (SLO: <890.000µs -6.2%)

Memory: ✅ 35.652MB (SLO: <38.500MB -7.4%)

✅ import_many_unknown_cached

Time: ✅ 791.760µs (SLO: <870.000µs -9.0%)

Memory: ✅ 35.685MB (SLO: <38.500MB -7.3%)

✅ import_one

Time: ✅ 19.815µs (SLO: <30.000µs 📉 -34.0%)

Memory: ✅ 35.449MB (SLO: <39.000MB -9.1%)

✅ import_one_cache

Time: ✅ 6.299µs (SLO: <10.000µs 📉 -37.0%)

Memory: ✅ 35.849MB (SLO: <38.500MB -6.9%)

✅ import_one_stdlib

Time: ✅ 18.680µs (SLO: <20.000µs -6.6%)

Memory: ✅ 35.829MB (SLO: <38.500MB -6.9%)

✅ import_one_stdlib_cache

Time: ✅ 6.260µs (SLO: <10.000µs 📉 -37.4%)

Memory: ✅ 35.542MB (SLO: <38.500MB -7.7%)

✅ import_one_unknown

Time: ✅ 45.570µs (SLO: <50.000µs -8.9%)

Memory: ✅ 35.446MB (SLO: <38.500MB -7.9%)

✅ import_one_unknown_cache

Time: ✅ 6.240µs (SLO: <10.000µs 📉 -37.6%)

Memory: ✅ 35.452MB (SLO: <38.500MB -7.9%)

🔵 ratelimiter - 12/12

🔵 No baseline data available for this suite

✅ defaults

Time: ✅ 2.344µs (SLO: <10.000µs 📉 -76.6%)

Memory: ✅ 30.985MB (SLO: <34.000MB -8.9%)

✅ high_rate_limit

Time: ✅ 2.416µs (SLO: <10.000µs 📉 -75.8%)

Memory: ✅ 30.985MB (SLO: <34.000MB -8.9%)

✅ long_window

Time: ✅ 2.357µs (SLO: <10.000µs 📉 -76.4%)

Memory: ✅ 30.966MB (SLO: <34.000MB -8.9%)

✅ low_rate_limit

Time: ✅ 2.355µs (SLO: <10.000µs 📉 -76.4%)

Memory: ✅ 30.966MB (SLO: <34.000MB -8.9%)

✅ no_rate_limit

Time: ✅ 0.830µs (SLO: <10.000µs 📉 -91.7%)

Memory: ✅ 31.025MB (SLO: <34.000MB -8.8%)

✅ short_window

Time: ✅ 2.477µs (SLO: <10.000µs 📉 -75.2%)

Memory: ✅ 31.005MB (SLO: <34.000MB -8.8%)

🔵 recursivecomputation - 8/8

🔵 No baseline data available for this suite

✅ deep

Time: ✅ 310.080ms (SLO: <320.950ms -3.4%)

Memory: ✅ 32.362MB (SLO: <34.500MB -6.2%)

✅ deep-profiled

Time: ✅ 326.514ms (SLO: <359.150ms -9.1%)

Memory: ✅ 35.036MB (SLO: <39.000MB 📉 -10.2%)

✅ medium

Time: ✅ 7.094ms (SLO: <7.400ms -4.1%)

Memory: ✅ 31.280MB (SLO: <34.000MB -8.0%)

✅ shallow

Time: ✅ 0.958ms (SLO: <1.050ms -8.8%)

Memory: ✅ 31.202MB (SLO: <34.000MB -8.2%)

🔵 samplingrules - 8/8

🔵 No baseline data available for this suite

✅ average_match

Time: ✅ 275.678µs (SLO: <290.000µs -4.9%)

Memory: ✅ 31.261MB (SLO: <34.000MB -8.1%)

✅ high_match

Time: ✅ 447.112µs (SLO: <480.000µs -6.9%)

Memory: ✅ 31.162MB (SLO: <34.000MB -8.3%)

✅ low_match

Time: ✅ 109.868µs (SLO: <120.000µs -8.4%)

Memory: ✅ 444.927MB (SLO: <450.000MB 🟡 -1.1%)

✅ very_low_match

Time: ✅ 7.691ms (SLO: <8.500ms -9.5%)

Memory: ✅ 57.657MB (SLO: <60.000MB -3.9%)

🔵 sethttpmeta - 32/32

🔵 No baseline data available for this suite

✅ all-disabled

Time: ✅ 12.351µs (SLO: <20.000µs 📉 -38.2%)

Memory: ✅ 31.693MB (SLO: <34.000MB -6.8%)

✅ all-enabled

Time: ✅ 42.312µs (SLO: <50.000µs 📉 -15.4%)

Memory: ✅ 31.772MB (SLO: <34.000MB -6.6%)

✅ collectipvariant_exists

Time: ✅ 43.428µs (SLO: <50.000µs 📉 -13.1%)

Memory: ✅ 31.752MB (SLO: <34.000MB -6.6%)

✅ no-collectipvariant

Time: ✅ 42.263µs (SLO: <50.000µs 📉 -15.5%)

Memory: ✅ 31.811MB (SLO: <34.000MB -6.4%)

✅ no-useragentvariant

Time: ✅ 40.907µs (SLO: <50.000µs 📉 -18.2%)

Memory: ✅ 31.772MB (SLO: <34.000MB -6.6%)

✅ obfuscation-no-query

Time: ✅ 42.703µs (SLO: <50.000µs 📉 -14.6%)

Memory: ✅ 31.792MB (SLO: <34.000MB -6.5%)

✅ obfuscation-regular-case-explicit-query

Time: ✅ 80.013µs (SLO: <90.000µs 📉 -11.1%)

Memory: ✅ 32.185MB (SLO: <34.000MB -5.3%)

✅ obfuscation-regular-case-implicit-query

Time: ✅ 79.729µs (SLO: <90.000µs 📉 -11.4%)

Memory: ✅ 32.165MB (SLO: <34.000MB -5.4%)

✅ obfuscation-send-querystring-disabled

Time: ✅ 157.974µs (SLO: <170.000µs -7.1%)

Memory: ✅ 32.204MB (SLO: <34.500MB -6.7%)

✅ obfuscation-worst-case-explicit-query

Time: ✅ 152.663µs (SLO: <160.000µs -4.6%)

Memory: ✅ 32.224MB (SLO: <34.500MB -6.6%)

✅ obfuscation-worst-case-implicit-query

Time: ✅ 157.968µs (SLO: <170.000µs -7.1%)

Memory: ✅ 32.185MB (SLO: <34.500MB -6.7%)

✅ useragentvariant_exists_1

Time: ✅ 41.635µs (SLO: <50.000µs 📉 -16.7%)

Memory: ✅ 31.752MB (SLO: <34.000MB -6.6%)

✅ useragentvariant_exists_2

Time: ✅ 42.766µs (SLO: <50.000µs 📉 -14.5%)

Memory: ✅ 31.792MB (SLO: <34.000MB -6.5%)

✅ useragentvariant_exists_3

Time: ✅ 42.054µs (SLO: <50.000µs 📉 -15.9%)

Memory: ✅ 31.772MB (SLO: <34.000MB -6.6%)

✅ useragentvariant_not_exists_1

Time: ✅ 42.002µs (SLO: <50.000µs 📉 -16.0%)

Memory: ✅ 31.772MB (SLO: <34.000MB -6.6%)

✅ useragentvariant_not_exists_2

Time: ✅ 42.059µs (SLO: <50.000µs 📉 -15.9%)

Memory: ✅ 31.811MB (SLO: <34.000MB -6.4%)

🔵 span - 26/26

🔵 No baseline data available for this suite

✅ add-event

Time: ✅ 23.980ms (SLO: <26.200ms -8.5%)

Memory: ✅ 50.794MB (SLO: <53.000MB -4.2%)

✅ add-metrics

Time: ✅ 92.413ms (SLO: <98.350ms -6.0%)

Memory: ✅ 606.919MB (SLO: <961.000MB 📉 -36.8%)

✅ add-tags

Time: ✅ 149.431ms (SLO: <168.550ms 📉 -11.3%)

Memory: ✅ 607.524MB (SLO: <962.500MB 📉 -36.9%)

✅ get-context

Time: ✅ 22.692ms (SLO: <23.700ms -4.3%)

Memory: ✅ 49.595MB (SLO: <53.000MB -6.4%)

✅ is-recording

Time: ✅ 22.502ms (SLO: <23.900ms -5.8%)

Memory: ✅ 49.594MB (SLO: <53.000MB -6.4%)

✅ record-exception

Time: ✅ 42.643ms (SLO: <44.500ms -4.2%)

Memory: ✅ 42.580MB (SLO: <53.000MB 📉 -19.7%)

✅ set-status

Time: ✅ 24.192ms (SLO: <26.000ms -7.0%)

Memory: ✅ 49.605MB (SLO: <53.000MB -6.4%)

✅ start

Time: ✅ 22.252ms (SLO: <23.500ms -5.3%)

Memory: ✅ 49.605MB (SLO: <53.000MB -6.4%)

✅ start-finish

Time: ✅ 54.340ms (SLO: <55.500ms -2.1%)

Memory: ✅ 31.202MB (SLO: <34.000MB -8.2%)

✅ start-finish-telemetry

Time: ✅ 55.691ms (SLO: <58.300ms -4.5%)

Memory: ✅ 31.320MB (SLO: <34.000MB -7.9%)

✅ start-finish-traceid128

Time: ✅ 57.169ms (SLO: <60.050ms -4.8%)

Memory: ✅ 31.241MB (SLO: <34.000MB -8.1%)

✅ start-traceid128

Time: ✅ 22.475ms (SLO: <24.600ms -8.6%)

Memory: ✅ 49.568MB (SLO: <53.000MB -6.5%)

✅ update-name

Time: ✅ 22.986ms (SLO: <24.100ms -4.6%)

Memory: ✅ 50.324MB (SLO: <53.000MB -5.0%)

🔵 telemetryaddmetric - 30/30

🔵 No baseline data available for this suite

✅ 1-count-metric-1-times

Time: ✅ 3.186µs (SLO: <10.000µs 📉 -68.1%)

Memory: ✅ 31.300MB (SLO: <34.000MB -7.9%)

✅ 1-count-metrics-100-times

Time: ✅ 217.788µs (SLO: <240.000µs -9.3%)

Memory: ✅ 31.261MB (SLO: <34.000MB -8.1%)

✅ 1-distribution-metric-1-times

Time: ✅ 2.940µs (SLO: <10.000µs 📉 -70.6%)

Memory: ✅ 31.241MB (SLO: <34.000MB -8.1%)

✅ 1-distribution-metrics-100-times

Time: ✅ 199.248µs (SLO: <210.000µs -5.1%)

Memory: ✅ 31.241MB (SLO: <34.000MB -8.1%)

✅ 1-gauge-metric-1-times

Time: ✅ 2.135µs (SLO: <10.000µs 📉 -78.6%)

Memory: ✅ 31.280MB (SLO: <34.000MB -8.0%)

✅ 1-gauge-metrics-100-times

Time: ✅ 125.211µs (SLO: <140.000µs 📉 -10.6%)

Memory: ✅ 31.320MB (SLO: <34.000MB -7.9%)

✅ 1-rate-metric-1-times

Time: ✅ 3.468µs (SLO: <10.000µs 📉 -65.3%)

Memory: ✅ 31.241MB (SLO: <34.000MB -8.1%)

✅ 1-rate-metrics-100-times

Time: ✅ 216.952µs (SLO: <230.000µs -5.7%)

Memory: ✅ 31.241MB (SLO: <34.000MB -8.1%)

✅ 100-count-metrics-100-times

Time: ✅ 21.993ms (SLO: <22.500ms -2.3%)

Memory: ✅ 31.261MB (SLO: <34.000MB -8.1%)

✅ 100-distribution-metrics-100-times

Time: ✅ 2.051ms (SLO: <2.100ms -2.3%)

Memory: ✅ 31.280MB (SLO: <34.000MB -8.0%)

✅ 100-gauge-metrics-100-times

Time: ✅ 1.284ms (SLO: <1.400ms -8.3%)

Memory: ✅ 31.300MB (SLO: <34.000MB -7.9%)

✅ 100-rate-metrics-100-times

Time: ✅ 2.322ms (SLO: <2.400ms -3.3%)

Memory: ✅ 31.379MB (SLO: <34.000MB -7.7%)

✅ flush-1-metric

Time: ✅ 4.213µs (SLO: <10.000µs 📉 -57.9%)

Memory: ✅ 31.320MB (SLO: <34.000MB -7.9%)

✅ flush-100-metrics

Time: ✅ 183.274µs (SLO: <200.000µs -8.4%)

Memory: ✅ 31.280MB (SLO: <34.000MB -8.0%)

✅ flush-1000-metrics

Time: ✅ 2.210ms (SLO: <2.350ms -6.0%)

Memory: ✅ 32.440MB (SLO: <34.500MB -6.0%)

🔵 tracer - 6/6

🔵 No baseline data available for this suite

✅ large

Time: ✅ 30.511ms (SLO: <32.950ms -7.4%)

Memory: ✅ 32.657MB (SLO: <34.500MB -5.3%)

✅ medium

Time: ✅ 3.011ms (SLO: <3.200ms -5.9%)

Memory: ✅ 31.182MB (SLO: <34.000MB -8.3%)

✅ small

Time: ✅ 341.461µs (SLO: <370.000µs -7.7%)

Memory: ✅ 31.202MB (SLO: <34.000MB -8.2%)

@florentinl florentinl force-pushed the florentinl/APPSEC-58532/report-tags-on-service-entry-span branch 22 times, most recently from bd9d326 to e7f2dde Compare August 6, 2025 08:36
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 6, 2025
View reviewed changes
@florentinl florentinl changed the title fix(appsec): report all tags on the service entry span instead of the local root span chore(appsec): report all tags on the service entry span instead of the local root span Aug 6, 2025
@florentinl florentinl force-pushed the florentinl/APPSEC-58532/report-tags-on-service-entry-span branch from e7f2dde to 050c4b5 Compare August 6, 2025 09:14
@florentinl florentinl force-pushed the florentinl/APPSEC-58532/report-tags-on-service-entry-span branch 4 times, most recently from d548fb5 to c14225e Compare August 7, 2025 15:01
@florentinl florentinl changed the title chore(appsec): report all tags on the service entry span instead of the local root span fix(appsec): report all tags on the service entry span instead of the local root span Aug 8, 2025
@florentinl florentinl removed the changelog/no-changelog A changelog entry is not required for this PR. label Aug 8, 2025
@florentinl florentinl force-pushed the florentinl/APPSEC-58532/report-tags-on-service-entry-span branch 5 times, most recently from 709bc4c to 2fc795b Compare August 13, 2025 07:21
@florentinl florentinl marked this pull request as ready for review August 13, 2025 07:54
@florentinl florentinl requested a review from a team as a code owner August 13, 2025 07:54
@florentinl florentinl force-pushed the florentinl/APPSEC-58532/report-tags-on-service-entry-span branch from 2fc795b to 784ccf0 Compare August 13, 2025 08:29
@christophe-papazian
Copy link
Contributor

Great Work!

@florentinl florentinl enabled auto-merge (squash) August 13, 2025 14:39
mabdinur
mabdinur approved these changes Aug 13, 2025
View reviewed changes
Copy link
Contributor

@mabdinur mabdinur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Span._service_entry_span_value is an internal property so my comments/concerns are non-blocking. We can iterate on this design in future PRs.

@florentinl florentinl force-pushed the florentinl/APPSEC-58532/report-tags-on-service-entry-span branch from 898ffbc to a048425 Compare August 13, 2025 15:55
@florentinl florentinl merged commit 3a61500 into main Aug 14, 2025
835 checks passed
@florentinl florentinl deleted the florentinl/APPSEC-58532/report-tags-on-service-entry-span branch August 14, 2025 07:30
@florentinl florentinl mentioned this pull request Aug 21, 2025
Merged
2 tasks
avara1986 pushed a commit that referenced this pull request Aug 22, 2025
@florentinl
chore(appsec): track_user must use tag the service_entry_span (#14384)
61ac749 
## Description

This is an omission from PR: #14210 . The `track_user` function must
pass to tag the user on to the `set_user` helper.

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)
juanjux pushed a commit that referenced this pull request Sep 2, 2025
@florentinl @juanjux
fix(appsec): report all tags on the service entry span instead of the…
df0222f 
… local root span (#14210)

## Motivation

In specific cases where we have an inferred span (belonging to an
inferred service) as the parent of the framework instrumented web
request (the 'web' span), Appsec is enabled on the inferred service
instead of the current service.

This is because we always use set tags and metrics on the root span
using the `span._local_root` helper.

This leads to an incorrect reporting of the appsec enablement status,
and security signals showing up on spans of a different service.

Note:
- The only type of inferred span in my understanding are API Gateways.
They can be created either through the AWS Lambda python layer and are
of type 'http' or are inferred by dd-trace-py and are of type 'web'.
- Appsec through the tracer in lambda is not generally available yet,
and the extension correctly handles this case. So no problems for now.
But is necessary for in tracer enablement of appsec.

## Changes

- Add a helper on spans to retrieve the top level span of a given
service

- Modify the appsec logic to always report on the service entry span and
add a failsafe to query the entry span of the current span or current
root span to get a handle on a span in any situation.

- Modify the tests to look for the entry span instead of the root span
 
 Notes:
- for IAST, we still need to check the root span in some cases because
of the `_DD_IAST_USE_ROOT_SPAN` flag. This setting also needs additional
manual handling in `report_stack` as reporting to root span is not the
default anymore.
- The contrib_appsec tests contain shell injections (that we ensure are
detected by appsec). I included that path to the codeql bypass file.

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brettlangdon brettlangdon brettlangdon approved these changes

@mabdinur mabdinur mabdinur approved these changes

@christophe-papazian christophe-papazian christophe-papazian approved these changes

@juanjux juanjux Awaiting requested review from juanjux juanjux is a code owner automatically assigned from DataDog/apm-core-python

Assignees

No one assigned

Labels

ASM Application Security Monitoring

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@florentinl @christophe-papazian @brettlangdon @mabdinur