Add check to prevent injection of repeated GRPC headers #9246

mhlidd · 2025-07-25T17:40:27Z

What Does This Do

Followup to #9171.
Instead of preventing multiple OT Baggage injection at the injector level, handle it at instrumentation level since this is a GRPC specific bug. We should prohibit all repeated keys and prioritize the first key that is injected.

Motivation

Additional Notes

Contributor Checklist

Format the title according the contribution guidelines
Assign the type: and (comp: or inst:) labels in addition to any usefull labels
Don't use close, fix or any linking keywords when referencing an issue.
Use solves instead, and assign the PR milestone to the issue
Update the CODEOWNERS file on source file addition, move, or deletion
Update the public documentation in case of new configuration flag or behavior

Jira ticket: APMS-16280

pr-commenter · 2025-07-25T18:22:04Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	mhlidd/fix_grpc_inject
git_commit_date	1753877213	1753893364
git_commit_sha	`2c5960b`	`e0d11ad`
release_version	1.51.1-SNAPSHOT~2c5960be47	1.51.1-SNAPSHOT~e0d11ad90a

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1753895205	1753895205
ci_job_id	1055896727	1055896727
ci_pipeline_id	72199701	72199701
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-4-b9cf7jiw 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-4-b9cf7jiw 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 48 metrics, 11 unstable metrics.

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.51.1-SNAPSHOT~e0d11ad90a, baseline=1.51.1-SNAPSHOT~2c5960be47

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.039 s) : 0, 1038903
Total [baseline] (8.555 s) : 0, 8554806
Agent [candidate] (1.052 s) : 0, 1051953
Total [candidate] (8.6 s) : 0, 8599855
section iast
Agent [baseline] (1.176 s) : 0, 1176466
Total [baseline] (9.296 s) : 0, 9296110
Agent [candidate] (1.179 s) : 0, 1178695
Total [candidate] (9.36 s) : 0, 9359841

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.039 s	-
Agent	iast	1.176 s	137.563 ms (13.2%)
Total	tracing	8.555 s	-
Total	iast	9.296 s	741.304 ms (8.7%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.052 s	-
Agent	iast	1.179 s	126.742 ms (12.0%)
Total	tracing	8.6 s	-
Total	iast	9.36 s	759.986 ms (8.8%)

gantt
    title insecure-bank - break down per module: candidate=1.51.1-SNAPSHOT~e0d11ad90a, baseline=1.51.1-SNAPSHOT~2c5960be47

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.422 ms) : 0, 1422
crashtracking [candidate] (1.441 ms) : 0, 1441
BytebuddyAgent [baseline] (727.692 ms) : 0, 727692
BytebuddyAgent [candidate] (735.423 ms) : 0, 735423
GlobalTracer [baseline] (239.783 ms) : 0, 239783
GlobalTracer [candidate] (243.209 ms) : 0, 243209
AppSec [baseline] (30.151 ms) : 0, 30151
AppSec [candidate] (30.601 ms) : 0, 30601
Debugger [baseline] (5.927 ms) : 0, 5927
Debugger [candidate] (6.092 ms) : 0, 6092
Remote Config [baseline] (633.358 µs) : 0, 633
Remote Config [candidate] (659.573 µs) : 0, 660
Telemetry [baseline] (12.455 ms) : 0, 12455
Telemetry [candidate] (13.434 ms) : 0, 13434
section iast
crashtracking [baseline] (1.432 ms) : 0, 1432
crashtracking [candidate] (1.431 ms) : 0, 1431
BytebuddyAgent [baseline] (849.51 ms) : 0, 849510
BytebuddyAgent [candidate] (851.394 ms) : 0, 851394
GlobalTracer [baseline] (231.818 ms) : 0, 231818
GlobalTracer [candidate] (231.666 ms) : 0, 231666
IAST [baseline] (29.225 ms) : 0, 29225
IAST [candidate] (30.139 ms) : 0, 30139
AppSec [baseline] (28.129 ms) : 0, 28129
AppSec [candidate] (27.474 ms) : 0, 27474
Debugger [baseline] (6.625 ms) : 0, 6625
Debugger [candidate] (6.793 ms) : 0, 6793
Remote Config [baseline] (574.936 µs) : 0, 575
Remote Config [candidate] (587.94 µs) : 0, 588
Telemetry [baseline] (8.188 ms) : 0, 8188
Telemetry [candidate] (8.202 ms) : 0, 8202

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.51.1-SNAPSHOT~e0d11ad90a, baseline=1.51.1-SNAPSHOT~2c5960be47

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.05 s) : 0, 1050488
Total [baseline] (10.661 s) : 0, 10660615
Agent [candidate] (1.045 s) : 0, 1044810
Total [candidate] (10.663 s) : 0, 10663378
section appsec
Agent [baseline] (1.22 s) : 0, 1219832
Total [baseline] (10.832 s) : 0, 10832289
Agent [candidate] (1.217 s) : 0, 1216520
Total [candidate] (10.758 s) : 0, 10757821
section iast
Agent [baseline] (1.184 s) : 0, 1184320
Total [baseline] (10.878 s) : 0, 10877595
Agent [candidate] (1.175 s) : 0, 1175217
Total [candidate] (10.9 s) : 0, 10900469
section profiling
Agent [baseline] (1.193 s) : 0, 1193302
Total [baseline] (10.838 s) : 0, 10837865
Agent [candidate] (1.196 s) : 0, 1196322
Total [candidate] (10.848 s) : 0, 10847708

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.05 s	-
Agent	appsec	1.22 s	169.345 ms (16.1%)
Agent	iast	1.184 s	133.832 ms (12.7%)
Agent	profiling	1.193 s	142.814 ms (13.6%)
Total	tracing	10.661 s	-
Total	appsec	10.832 s	171.674 ms (1.6%)
Total	iast	10.878 s	216.98 ms (2.0%)
Total	profiling	10.838 s	177.249 ms (1.7%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.045 s	-
Agent	appsec	1.217 s	171.709 ms (16.4%)
Agent	iast	1.175 s	130.407 ms (12.5%)
Agent	profiling	1.196 s	151.512 ms (14.5%)
Total	tracing	10.663 s	-
Total	appsec	10.758 s	94.443 ms (0.9%)
Total	iast	10.9 s	237.092 ms (2.2%)
Total	profiling	10.848 s	184.33 ms (1.7%)

gantt
    title petclinic - break down per module: candidate=1.51.1-SNAPSHOT~e0d11ad90a, baseline=1.51.1-SNAPSHOT~2c5960be47

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.432 ms) : 0, 1432
crashtracking [candidate] (1.43 ms) : 0, 1430
BytebuddyAgent [baseline] (735.083 ms) : 0, 735083
BytebuddyAgent [candidate] (728.897 ms) : 0, 728897
GlobalTracer [baseline] (243.004 ms) : 0, 243004
GlobalTracer [candidate] (241.026 ms) : 0, 241026
AppSec [baseline] (30.582 ms) : 0, 30582
AppSec [candidate] (30.387 ms) : 0, 30387
Debugger [baseline] (6.04 ms) : 0, 6040
Debugger [candidate] (6.042 ms) : 0, 6042
Remote Config [baseline] (658.249 µs) : 0, 658
Remote Config [candidate] (641.135 µs) : 0, 641
Telemetry [baseline] (11.955 ms) : 0, 11955
Telemetry [candidate] (15.401 ms) : 0, 15401
section appsec
crashtracking [baseline] (1.429 ms) : 0, 1429
crashtracking [candidate] (1.43 ms) : 0, 1430
BytebuddyAgent [baseline] (753.436 ms) : 0, 753436
BytebuddyAgent [candidate] (750.389 ms) : 0, 750389
GlobalTracer [baseline] (234.55 ms) : 0, 234550
GlobalTracer [candidate] (234.521 ms) : 0, 234521
AppSec [baseline] (169.014 ms) : 0, 169014
AppSec [candidate] (169.375 ms) : 0, 169375
Debugger [baseline] (7.851 ms) : 0, 7851
Debugger [candidate] (7.226 ms) : 0, 7226
Remote Config [baseline] (612.084 µs) : 0, 612
Remote Config [candidate] (595.673 µs) : 0, 596
Telemetry [baseline] (8.237 ms) : 0, 8237
Telemetry [candidate] (8.271 ms) : 0, 8271
IAST [baseline] (23.657 ms) : 0, 23657
IAST [candidate] (23.404 ms) : 0, 23404
section iast
crashtracking [baseline] (1.439 ms) : 0, 1439
crashtracking [candidate] (1.425 ms) : 0, 1425
BytebuddyAgent [baseline] (855.566 ms) : 0, 855566
BytebuddyAgent [candidate] (848.306 ms) : 0, 848306
GlobalTracer [baseline] (233.568 ms) : 0, 233568
GlobalTracer [candidate] (232.054 ms) : 0, 232054
AppSec [baseline] (29.15 ms) : 0, 29150
AppSec [candidate] (28.155 ms) : 0, 28155
Debugger [baseline] (6.677 ms) : 0, 6677
Debugger [candidate] (5.756 ms) : 0, 5756
Remote Config [baseline] (591.789 µs) : 0, 592
Remote Config [candidate] (584.032 µs) : 0, 584
Telemetry [baseline] (8.214 ms) : 0, 8214
Telemetry [candidate] (8.118 ms) : 0, 8118
IAST [baseline] (27.855 ms) : 0, 27855
IAST [candidate] (29.872 ms) : 0, 29872
section profiling
ProfilingAgent [baseline] (107.34 ms) : 0, 107340
ProfilingAgent [candidate] (107.848 ms) : 0, 107848
crashtracking [baseline] (1.407 ms) : 0, 1407
crashtracking [candidate] (1.42 ms) : 0, 1420
BytebuddyAgent [baseline] (760.485 ms) : 0, 760485
BytebuddyAgent [candidate] (762.866 ms) : 0, 762866
GlobalTracer [baseline] (221.463 ms) : 0, 221463
GlobalTracer [candidate] (221.127 ms) : 0, 221127
AppSec [baseline] (30.406 ms) : 0, 30406
AppSec [candidate] (30.439 ms) : 0, 30439
Debugger [baseline] (6.233 ms) : 0, 6233
Debugger [candidate] (6.323 ms) : 0, 6323
Remote Config [baseline] (664.712 µs) : 0, 665
Remote Config [candidate] (711.535 µs) : 0, 712
Telemetry [baseline] (15.973 ms) : 0, 15973
Telemetry [candidate] (16.276 ms) : 0, 16276
Profiling [baseline] (107.967 ms) : 0, 107967
Profiling [candidate] (108.495 ms) : 0, 108495

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	mhlidd/fix_grpc_inject
git_commit_date	1753877213	1753893364
git_commit_sha	`2c5960b`	`e0d11ad`
release_version	1.51.1-SNAPSHOT~2c5960be47	1.51.1-SNAPSHOT~e0d11ad90a

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1753894883	1753894883
ci_job_id	1055896728	1055896728
ci_pipeline_id	72199701	72199701
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-2-ccaml9ft 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-2-ccaml9ft 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 1 performance regressions! Performance is the same for 10 metrics, 12 unstable metrics.

scenario	Δ mean http_req_duration	Δ mean throughput	candidate mean http_req_duration	candidate mean throughput	baseline mean http_req_duration	baseline mean throughput
scenario:load:insecure-bank:no_agent:high_load	better [-267.010µs; -157.442µs] or [-5.871%; -3.462%]	unstable [-51.957op/s; +148.894op/s] or [-5.143%; +14.740%]	4.336ms	1058.625op/s	4.548ms	1010.156op/s
scenario:load:petclinic:iast:high_load	worse [+1.664ms; +2.503ms] or [+3.877%; +5.834%]	unstable [-10.972op/s; +3.480op/s] or [-10.062%; +3.191%]	44.999ms	105.304op/s	42.916ms	109.050op/s

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.51.1-SNAPSHOT~e0d11ad90a, baseline=1.51.1-SNAPSHOT~2c5960be47
    dateFormat X
    axisFormat %s
section baseline
no_agent (36.42 ms) : 36129, 36712
.   : milestone, 36420,
appsec (49.175 ms) : 48724, 49627
.   : milestone, 49175,
code_origins (46.047 ms) : 45633, 46461
.   : milestone, 46047,
iast (42.916 ms) : 42541, 43290
.   : milestone, 42916,
profiling (48.026 ms) : 47541, 48511
.   : milestone, 48026,
tracing (45.01 ms) : 44629, 45391
.   : milestone, 45010,
section candidate
no_agent (36.41 ms) : 36120, 36701
.   : milestone, 36410,
appsec (47.949 ms) : 47519, 48378
.   : milestone, 47949,
code_origins (45.437 ms) : 45039, 45835
.   : milestone, 45437,
iast (44.999 ms) : 44594, 45404
.   : milestone, 44999,
profiling (48.271 ms) : 47841, 48701
.   : milestone, 48271,
tracing (44.386 ms) : 44013, 44760
.   : milestone, 44386,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	36.42 ms [36.129 ms, 36.712 ms]	-
appsec	49.175 ms [48.724 ms, 49.627 ms]	12.755 ms (35.0%)
code_origins	46.047 ms [45.633 ms, 46.461 ms]	9.627 ms (26.4%)
iast	42.916 ms [42.541 ms, 43.29 ms]	6.495 ms (17.8%)
profiling	48.026 ms [47.541 ms, 48.511 ms]	11.606 ms (31.9%)
tracing	45.01 ms [44.629 ms, 45.391 ms]	8.59 ms (23.6%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	36.41 ms [36.12 ms, 36.701 ms]	-
appsec	47.949 ms [47.519 ms, 48.378 ms]	11.538 ms (31.7%)
code_origins	45.437 ms [45.039 ms, 45.835 ms]	9.027 ms (24.8%)
iast	44.999 ms [44.594 ms, 45.404 ms]	8.589 ms (23.6%)
profiling	48.271 ms [47.841 ms, 48.701 ms]	11.861 ms (32.6%)
tracing	44.386 ms [44.013 ms, 44.76 ms]	7.976 ms (21.9%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.51.1-SNAPSHOT~e0d11ad90a, baseline=1.51.1-SNAPSHOT~2c5960be47
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.548 ms) : 4497, 4600
.   : milestone, 4548,
iast (9.404 ms) : 9250, 9558
.   : milestone, 9404,
iast_FULL (13.912 ms) : 13638, 14185
.   : milestone, 13912,
iast_GLOBAL (10.191 ms) : 10013, 10369
.   : milestone, 10191,
profiling (8.563 ms) : 8433, 8693
.   : milestone, 8563,
tracing (7.526 ms) : 7421, 7631
.   : milestone, 7526,
section candidate
no_agent (4.336 ms) : 4286, 4386
.   : milestone, 4336,
iast (9.333 ms) : 9182, 9485
.   : milestone, 9333,
iast_FULL (13.903 ms) : 13626, 14180
.   : milestone, 13903,
iast_GLOBAL (10.439 ms) : 10245, 10633
.   : milestone, 10439,
profiling (8.44 ms) : 8312, 8568
.   : milestone, 8440,
tracing (7.517 ms) : 7413, 7622
.   : milestone, 7517,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	4.548 ms [4.497 ms, 4.6 ms]	-
iast	9.404 ms [9.25 ms, 9.558 ms]	4.856 ms (106.8%)
iast_FULL	13.912 ms [13.638 ms, 14.185 ms]	9.364 ms (205.9%)
iast_GLOBAL	10.191 ms [10.013 ms, 10.369 ms]	5.643 ms (124.1%)
profiling	8.563 ms [8.433 ms, 8.693 ms]	4.015 ms (88.3%)
tracing	7.526 ms [7.421 ms, 7.631 ms]	2.978 ms (65.5%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	4.336 ms [4.286 ms, 4.386 ms]	-
iast	9.333 ms [9.182 ms, 9.485 ms]	4.998 ms (115.3%)
iast_FULL	13.903 ms [13.626 ms, 14.18 ms]	9.567 ms (220.6%)
iast_GLOBAL	10.439 ms [10.245 ms, 10.633 ms]	6.103 ms (140.8%)
profiling	8.44 ms [8.312 ms, 8.568 ms]	4.104 ms (94.7%)
tracing	7.517 ms [7.413 ms, 7.622 ms]	3.181 ms (73.4%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	mhlidd/fix_grpc_inject
git_commit_date	1753877213	1753893364
git_commit_sha	`2c5960b`	`e0d11ad`
release_version	1.51.1-SNAPSHOT~2c5960be47	1.51.1-SNAPSHOT~e0d11ad90a

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1753895381	1753895381
ci_job_id	1055896729	1055896729
ci_pipeline_id	72199701	72199701
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-5-wqu7punu 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-5-wqu7punu 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.51.1-SNAPSHOT~e0d11ad90a, baseline=1.51.1-SNAPSHOT~2c5960be47
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.472 ms) : 1460, 1483
.   : milestone, 1472,
appsec (3.679 ms) : 3461, 3898
.   : milestone, 3679,
iast (2.186 ms) : 2123, 2248
.   : milestone, 2186,
iast_GLOBAL (2.228 ms) : 2165, 2291
.   : milestone, 2228,
profiling (2.035 ms) : 1985, 2085
.   : milestone, 2035,
tracing (2.002 ms) : 1954, 2051
.   : milestone, 2002,
section candidate
no_agent (1.47 ms) : 1458, 1481
.   : milestone, 1470,
appsec (3.651 ms) : 3432, 3870
.   : milestone, 3651,
iast (2.182 ms) : 2120, 2245
.   : milestone, 2182,
iast_GLOBAL (2.232 ms) : 2169, 2295
.   : milestone, 2232,
profiling (2.038 ms) : 1988, 2089
.   : milestone, 2038,
tracing (2.011 ms) : 1963, 2060
.   : milestone, 2011,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.472 ms [1.46 ms, 1.483 ms]	-
appsec	3.679 ms [3.461 ms, 3.898 ms]	2.208 ms (150.0%)
iast	2.186 ms [2.123 ms, 2.248 ms]	713.876 µs (48.5%)
iast_GLOBAL	2.228 ms [2.165 ms, 2.291 ms]	756.506 µs (51.4%)
profiling	2.035 ms [1.985 ms, 2.085 ms]	563.567 µs (38.3%)
tracing	2.002 ms [1.954 ms, 2.051 ms]	530.656 µs (36.1%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.47 ms [1.458 ms, 1.481 ms]	-
appsec	3.651 ms [3.432 ms, 3.87 ms]	2.181 ms (148.4%)
iast	2.182 ms [2.12 ms, 2.245 ms]	712.687 µs (48.5%)
iast_GLOBAL	2.232 ms [2.169 ms, 2.295 ms]	762.521 µs (51.9%)
profiling	2.038 ms [1.988 ms, 2.089 ms]	568.687 µs (38.7%)
tracing	2.011 ms [1.963 ms, 2.06 ms]	541.855 µs (36.9%)

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.51.1-SNAPSHOT~e0d11ad90a, baseline=1.51.1-SNAPSHOT~2c5960be47
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.646 s) : 15646000, 15646000
.   : milestone, 15646000,
appsec (14.767 s) : 14767000, 14767000
.   : milestone, 14767000,
iast (18.354 s) : 18354000, 18354000
.   : milestone, 18354000,
iast_GLOBAL (17.888 s) : 17888000, 17888000
.   : milestone, 17888000,
profiling (15.224 s) : 15224000, 15224000
.   : milestone, 15224000,
tracing (15.1 s) : 15100000, 15100000
.   : milestone, 15100000,
section candidate
no_agent (14.952 s) : 14952000, 14952000
.   : milestone, 14952000,
appsec (14.923 s) : 14923000, 14923000
.   : milestone, 14923000,
iast (18.746 s) : 18746000, 18746000
.   : milestone, 18746000,
iast_GLOBAL (18.148 s) : 18148000, 18148000
.   : milestone, 18148000,
profiling (15.784 s) : 15784000, 15784000
.   : milestone, 15784000,
tracing (15.067 s) : 15067000, 15067000
.   : milestone, 15067000,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.646 s [15.646 s, 15.646 s]	-
appsec	14.767 s [14.767 s, 14.767 s]	-879.0 ms (-5.6%)
iast	18.354 s [18.354 s, 18.354 s]	2.708 s (17.3%)
iast_GLOBAL	17.888 s [17.888 s, 17.888 s]	2.242 s (14.3%)
profiling	15.224 s [15.224 s, 15.224 s]	-422.0 ms (-2.7%)
tracing	15.1 s [15.1 s, 15.1 s]	-546.0 ms (-3.5%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.952 s [14.952 s, 14.952 s]	-
appsec	14.923 s [14.923 s, 14.923 s]	-29.0 ms (-0.2%)
iast	18.746 s [18.746 s, 18.746 s]	3.794 s (25.4%)
iast_GLOBAL	18.148 s [18.148 s, 18.148 s]	3.196 s (21.4%)
profiling	15.784 s [15.784 s, 15.784 s]	832.0 ms (5.6%)
tracing	15.067 s [15.067 s, 15.067 s]	115.0 ms (0.8%)

...-0.84/src/main/java/datadog/trace/instrumentation/armeria/grpc/client/GrpcInjectAdapter.java

* adding check for repeated baggage * writing unit tests * pushing removal of error log * adding test to verify allowing repeated non-baggage keys to be set * update GRPC inject to not allow all repeated keys * final updates Signed-off-by: Nayeem Kamal <[email protected]>

| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [redis.clients:jedis](https://github.com/redis/jedis) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `6.0.0` -> `6.1.0` | | [com.google.api.grpc:proto-google-common-protos](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.59.2` -> `2.60.0` | | [com.google.cloud:google-cloud-core-http](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.58.2` -> `2.59.0` | | [com.google.cloud:google-cloud-core](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.58.2` -> `2.59.0` | | [com.google.api:gax](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.68.2` -> `2.69.0` | | [com.squareup.wire](https://github.com/square/wire) | plugin | misk/gradle/libs.versions.toml | gradle | patch | `5.3.5` -> `5.3.6` | | [com.squareup.wire:wire-schema](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `5.3.5` -> `5.3.6` | | [com.squareup.wire:wire-runtime](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `5.3.5` -> `5.3.6` | | [com.squareup.wire:wire-reflector](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `5.3.5` -> `5.3.6` | | [com.squareup.wire:wire-moshi-adapter](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `5.3.5` -> `5.3.6` | | [com.squareup.wire:wire-grpc-client](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `5.3.5` -> `5.3.6` | | [com.squareup.wire:wire-bom](https://github.com/square/wire) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `5.3.5` -> `5.3.6` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.51.2` -> `1.52.0` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.14` -> `2.32.15` | | [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.14` -> `2.32.15` | | [software.amazon.awssdk:regions](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.14` -> `2.32.15` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.14` -> `2.32.15` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.14` -> `2.32.15` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.14` -> `2.32.15` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.14` -> `2.32.15` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.32.14` -> `2.32.15` | --- ### Release Notes <details> <summary>redis/jedis (redis.clients:jedis)</summary> ### [`v6.1.0`](https://github.com/redis/jedis/releases/tag/v6.1.0): 6.1.0 ### Changes #### 🚀 New Features - Add support for SVS-VAMANA vector indexing ([#4222](redis/jedis#4222)) - Clarify why new stream entries aren't deleted with XDELEX ([#4218](redis/jedis#4218)) - Add support for new stream commands ([#4211](redis/jedis#4211)) - Add Support for New BITOP Operations in Redis 8.2 ([#4188](redis/jedis#4188)) ([#4190](redis/jedis#4190)) - Add binary stream support for XREAD and XREADGROUP ([#3566](redis/jedis#3566)) ([#4152](redis/jedis#4152)) - Run pipeline in current thread if all the keys on same node ([#4149](redis/jedis#4149)) #### 🐛 Bug Fixes - Restore binary compatibility of SetParams ([#4225](redis/jedis#4225)) - Fix memory leak in JedisClusterInfoCache - replica nodes not cleared ([#4205](redis/jedis#4205)) - Fix:JedisCluster throws NullPointerException when maxAttempts is set to 0 ([#4186](redis/jedis#4186)) #### 🧰 Maintenance - DOC-5471 time series doc examples ([#4210](redis/jedis#4210)) - Bump jackson.version from 2.19.1 to 2.19.2 ([#4208](redis/jedis#4208)) - Fix flaky test ClientCommandsTest.killSkipmeYesNo ([#4206](redis/jedis#4206)) - Bump org.junit:junit-bom from 5.13.2 to 5.13.3 ([#4198](redis/jedis#4198)) - Migrate publishing to Maven Central Portal ([#4199](redis/jedis#4199)) - Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8 ([#4197](redis/jedis#4197)) - Bump org.junit:junit-bom from 5.13.1 to 5.13.2 ([#4192](redis/jedis#4192)) - DOC-5227 added probabilistic data type examples ([#4184](redis/jedis#4184)) - Bump jackson.version from 2.19.0 to 2.19.1 ([#4180](redis/jedis#4180)) - Update test infra to use latest Redis ([#4179](redis/jedis#4179)) - Bump org.junit:junit-bom from 5.13.0-RC1 to 5.13.1 ([#4174](redis/jedis#4174)) - Bump org.json:json from [`2025010`](redis/jedis@20250107) to [`2025051`](redis/jedis@20250517) ([#4171](redis/jedis#4171)) - Bump org.apache.httpcomponents.client5:httpclient5-fluent from 5.4.4 to 5.5 ([#4170](redis/jedis#4170)) - Fix flaky tests in DocumentTest ([#3617](redis/jedis#3617)) - Add retryable command execution example ([#3780](redis/jedis#3780)) - Bump jackson.version from 2.18.3 to 2.19.0 ([#4160](redis/jedis#4160)) - Bump com.google.code.gson:gson from 2.12.1 to 2.13.1 ([#4161](redis/jedis#4161)) #### Contributors We'd like to thank all the contributors who worked on this release! [@219sansim](https://github.com/219sansim), [@YoHanKi](https://github.com/YoHanKi), [@andy-stark-redis](https://github.com/andy-stark-redis), [@ggivo](https://github.com/ggivo), [@jujn](https://github.com/jujn), [@thachlp](https://github.com/thachlp), [@uglide](https://github.com/uglide) and [@xrayw](https://github.com/xrayw) </details> <details> <summary>googleapis/sdk-platform-java (com.google.api.grpc:proto-google-common-protos)</summary> ### [`v2.60.0`](https://github.com/googleapis/sdk-platform-java/blob/HEAD/CHANGELOG.md#2600-2025-06-23) ##### Features - handle auto pagination for BigQuery v2 ([#3829](googleapis/sdk-platform-java#3829)) ([025c84c](googleapis/sdk-platform-java@025c84c)) ##### Dependencies - update google auth library dependencies to v1.37.1 ([#3846](googleapis/sdk-platform-java#3846)) ([ea1d9e5](googleapis/sdk-platform-java@ea1d9e5)) - update google http client dependencies to v1.47.1 ([#3848](googleapis/sdk-platform-java#3848)) ([a9a39d7](googleapis/sdk-platform-java@a9a39d7)) </details> <details> <summary>square/wire (com.squareup.wire)</summary> ### [`v5.3.6`](https://github.com/square/wire/blob/HEAD/CHANGELOG.md#Version-536) [Compare Source](square/wire@5.3.5...5.3.6) *2025-08-05* ##### CLI - New CLI option `--ignore_unused_roots_and_prunes` ([#3354](square/wire#3354)) ##### JVM - Fix: Handle negative hexadecimal in default values ([#3355](square/wire#3355)) - Optimization: Avoid copying of repeated and map types when mutableTypes are being used ([#3352](square/wire#3352) by \[Rahul Ravikumar]\[tikurahul]) ##### Swift - Fix: Properly disambiguate OneOf enum if it has the same name as enclosing type ([#3350](square/wire#3350) by \[Dimitris Koutsogiorgas]\[dnkoutso]) </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.52.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.52.0): 1.52.0 ### Components #### Application Security Management (WAF) - ✨ Only report ASM\_DD, ASM\_DATA and ASM capabilities when AppSec is enabled ([#9260](DataDog/dd-trace-java#9260) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - 🐛 Fix NPE in AppSecConfigServiceImpl ([#9165](DataDog/dd-trace-java#9165) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - 🐛 Fix AppSec play.mvc.StatusHeader instrumentation for play 2.6 ([#9160](DataDog/dd-trace-java#9160) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### Build & Tooling - ✨📖 Automatically register crashtracking via native extensions ([#8851](DataDog/dd-trace-java#8851) - [@MattAlp](https://github.com/MattAlp)) #### Configuration at Runtime - ✨ Create activation origin config for telemetry ([#9064](DataDog/dd-trace-java#9064) - [@sezen-datadog](https://github.com/sezen-datadog)) #### Continuous Integration Visibility - ✨ Update GitLab provided tags ([#9275](DataDog/dd-trace-java#9275) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - 🐛 Fix base branch SHA usage in GitHub Actions ([#9257](DataDog/dd-trace-java#9257) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Add `ci.job.id` tag ([#9256](DataDog/dd-trace-java#9256) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Add new org to Weaver instrumentation ([#9235](DataDog/dd-trace-java#9235) - [@daniel-mohedano](https://github.com/daniel-mohedano) - thanks for the contribution!) - ✨ Improve Git commit info building ([#9210](DataDog/dd-trace-java#9210) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Update Attempt to Fix to v5 ([#9145](DataDog/dd-trace-java#9145) - [@daniel-mohedano](https://github.com/daniel-mohedano)) #### Crash tracking - ✨📖 Automatically register crashtracking via native extensions ([#8851](DataDog/dd-trace-java#8851) - [@MattAlp](https://github.com/MattAlp)) #### Data Streams Monitoring - ✨ Reduce DSM CPU overheard ([#9151](DataDog/dd-trace-java#9151) - [@kr-igor](https://github.com/kr-igor)) - ✨⚡ DSM optimizations for high throughput scenarios ([#9137](DataDog/dd-trace-java#9137) - [@kr-igor](https://github.com/kr-igor)) #### Database Monitoring - 🐛 Fix duplicate trace injection for SQL Server and Oracle DBM full propagation mode ([#9224](DataDog/dd-trace-java#9224) - [@lu-zhengda](https://github.com/lu-zhengda)) #### Dynamic Instrumentation - 🐛 Add URI in string primitives ([#9285](DataDog/dd-trace-java#9285) - [@jpbempel](https://github.com/jpbempel)) - ✨ Increase SourceFile tracking max queue size ([#9271](DataDog/dd-trace-java#9271) - [@jpbempel](https://github.com/jpbempel)) - ✨ Add capping on SourceFile tracking queue ([#9245](DataDog/dd-trace-java#9245) - [@jpbempel](https://github.com/jpbempel)) - ✨ Add third-party filtering in SourceFile tracking ([#9205](DataDog/dd-trace-java#9205) - [@jpbempel](https://github.com/jpbempel)) #### ML Observability (LLMObs) - ✨ Add methods to capture embedding and retrieval spans ([#9297](DataDog/dd-trace-java#9297) - [@nayeem-kamal](https://github.com/nayeem-kamal)) #### Metrics - ✨ Change primary client stats configuration key ([#9196](DataDog/dd-trace-java#9196) - [@amarziali](https://github.com/amarziali)) - ✨ Calculate client stats also if the span kind is eligible ([#9157](DataDog/dd-trace-java#9157) - [@amarziali](https://github.com/amarziali)) - ✨ Backpropagate peer tags ([#9144](DataDog/dd-trace-java#9144) - [@bric3](https://github.com/bric3)) - 🐛 Make client stats reliable in case of downgrade ([#9136](DataDog/dd-trace-java#9136) - [@amarziali](https://github.com/amarziali)) #### Platform components - 🐛 Fix VM options parsing from /proc/fs ([#9255](DataDog/dd-trace-java#9255) - [@PerfectSlayer](https://github.com/PerfectSlayer)) #### Profiling - ✨ Switch profile compression to zstd default ([#9293](DataDog/dd-trace-java#9293) - [@jbachorik](https://github.com/jbachorik)) - ✨ Bump ddprof to 1.29.0 ([#9262](DataDog/dd-trace-java#9262) - [@zhengyu123](https://github.com/zhengyu123)) - Potential memory leak and race with the JVMTI wallclock sampler by [@zhengyu123](https://github.com/zhengyu123) in DataDog/java-profiler#234 - Downport async-profiler no-allocation changes by [@zhengyu123](https://github.com/zhengyu123) in DataDog/java-profiler#245 - Adopt openjdk safefetch by [@zhengyu123](https://github.com/zhengyu123) in DataDog/java-profiler#246 - Safe fetch 64-bit value and pointer by [@zhengyu123](https://github.com/zhengyu123) in DataDog/java-profiler#247 - Rebase on Async-Profiler 4.1 by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#252 - Patch upstream stackWalker.cpp not to fail on unaligned access by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#218 - Remap thread id to avoid bitmap contention by [@zhengyu123](https://github.com/zhengyu123) in DataDog/java-profiler#229 - Improve performance using Unsafe to activate/deactivate thread filter by [@zhengyu123](https://github.com/zhengyu123) in DataDog/java-profiler#230 - Unify context propagation by [@zhengyu123](https://github.com/zhengyu123) in DataDog/java-profiler#231 - 🐛 Fix the profiler stackdepth setting propagation in recent (22+) Java versions ([#9130](DataDog/dd-trace-java#9130) - [@jbachorik](https://github.com/jbachorik)) #### Realtime User Monitoring - ✨ Wrap servlet original PrintWriter on rum injector ([#9146](DataDog/dd-trace-java#9146) - [@amarziali](https://github.com/amarziali)) #### Telemetry - ✨ Create activation origin config for telemetry ([#9064](DataDog/dd-trace-java#9064) - [@sezen-datadog](https://github.com/sezen-datadog)) #### Tracer core - ✨⚡ Reduce span construction overhead by switching to optimized TagMap ([#8589](DataDog/dd-trace-java#8589) - [@dougqh](https://github.com/dougqh)) - 🐛 Match Hands Off Config selectors on process\_arguments value ([#9201](DataDog/dd-trace-java#9201) - [@paullegranddc](https://github.com/paullegranddc)) - ✨ Move JSON generation to sender thread to improve startup time. ([#9197](DataDog/dd-trace-java#9197) - [@AlexeyKuznetsov-DD](https://github.com/AlexeyKuznetsov-DD)) - ✨ Improve agent to avoid loading global config on main thread ([#9190](DataDog/dd-trace-java#9190) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨ add injection metadata fields to telemetry forwarder ([#9185](DataDog/dd-trace-java#9185) - [@sydney-tung](https://github.com/sydney-tung)) - 🐛 Avoid race conditions on feature discovery during Writer creation ([#9173](DataDog/dd-trace-java#9173) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Surface potential root cause when agent initialization errors ([#9170](DataDog/dd-trace-java#9170) - [@AlexeyKuznetsov-DD](https://github.com/AlexeyKuznetsov-DD)) - 💡 Support adding W3C baggage as span tags ([#9169](DataDog/dd-trace-java#9169) - [@rachelyangdog](https://github.com/rachelyangdog)) - ✨⚡ Align our default classloader excludes with OTel ([#9161](DataDog/dd-trace-java#9161) - [@mcculls](https://github.com/mcculls)) - ✨ Backpropagate container tags hash coming from the info endpoint ([#9156](DataDog/dd-trace-java#9156) - [@amarziali](https://github.com/amarziali)) - 🐛 Avoid race conditions and multiple agent discovery feature states ([#9135](DataDog/dd-trace-java#9135) - [@amarziali](https://github.com/amarziali)) ### Instrumentations #### AWS SDK instrumentation - ✨ Enhance Service Representation for Serverless ([#9203](DataDog/dd-trace-java#9203) - [@zarirhamza](https://github.com/zarirhamza)) #### gRPC instrumentation - 🐛 Add check to prevent injection of repeated GRPC headers ([#9246](DataDog/dd-trace-java#9246) - [@mhlidd](https://github.com/mhlidd)) #### JDBC instrumentation - 🐛 Fix duplicate trace injection for SQL Server and Oracle DBM full propagation mode ([#9224](DataDog/dd-trace-java#9224) - [@lu-zhengda](https://github.com/lu-zhengda)) #### Play Framework instrumentation - 🐛 Fix AppSec play.mvc.StatusHeader instrumentation for play 2.6 ([#9160](DataDog/dd-trace-java#9160) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 9da36329ffa552291a640381780b608ef6513e29

mhlidd added 3 commits July 24, 2025 13:35

adding check for repeated baggage

8d49759

writing unit tests

8ce88fd

pushing removal of error log

7725122

mhlidd added type: bug Bug report and fix inst: grpc gRPC instrumentation labels Jul 25, 2025

adding test to verify allowing repeated non-baggage keys to be set

59288cd

Merge branch 'master' into mhlidd/fix_grpc_inject

348a483

mhlidd marked this pull request as ready for review July 26, 2025 01:29

mhlidd requested a review from a team as a code owner July 26, 2025 01:29

mhlidd requested a review from PerfectSlayer July 26, 2025 01:29

PerfectSlayer reviewed Jul 28, 2025

View reviewed changes

...-0.84/src/main/java/datadog/trace/instrumentation/armeria/grpc/client/GrpcInjectAdapter.java Outdated Show resolved Hide resolved

update GRPC inject to not allow all repeated keys

7ee1712

mhlidd changed the title ~~Add check to prevent injection of repeated baggage headers~~ Add check to prevent injection of repeated GRPC headers Jul 28, 2025

mhlidd requested a review from PerfectSlayer July 28, 2025 14:25

PerfectSlayer approved these changes Jul 29, 2025

View reviewed changes

final updates

e0d11ad

mhlidd merged commit 6b55bdc into master Jul 30, 2025
504 checks passed

mhlidd deleted the mhlidd/fix_grpc_inject branch July 30, 2025 20:06

github-actions bot added this to the 1.52.0 milestone Jul 30, 2025

mhlidd mentioned this pull request Jul 30, 2025

Only inject ot-baggage-* into the HTTP headers once. #9171

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add check to prevent injection of repeated GRPC headers #9246

Add check to prevent injection of repeated GRPC headers #9246

Uh oh!

mhlidd commented Jul 25, 2025 •

edited

Loading

Uh oh!

pr-commenter bot commented Jul 25, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Add check to prevent injection of repeated GRPC headers #9246

Add check to prevent injection of repeated GRPC headers #9246

Uh oh!

Conversation

mhlidd commented Jul 25, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What Does This Do

Motivation

Additional Notes

Contributor Checklist

Uh oh!

pr-commenter bot commented Jul 25, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Benchmarks

Startup

Parameters

Summary

Load

Parameters

Summary

Dacapo

Parameters

Summary

Uh oh!

Uh oh!

Uh oh!

Uh oh!

mhlidd commented Jul 25, 2025 •

edited

Loading

pr-commenter bot commented Jul 25, 2025 •

edited

Loading