Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extend support for SSRF in exploit prevention #7376

Merged
merged 16 commits into from
Nov 20, 2024

Conversation

jandro996
Copy link
Member

@jandro996 jandro996 commented Aug 1, 2024

What Does This Do

  • Add SSRF exploit prevention check to HttpClientDecorator
  • Modify http client instrumentations that relay on CallDepthThreadLocalMap to avoid issues with blocking exception (only blocks the first time) -> Fix call depth counter for sqli blocking #7522
  • Add smoke tests for other libraries

Motivation

improve Exploit prevention for SSRF coverage

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-54958

@pr-commenter
Copy link

pr-commenter bot commented Aug 1, 2024

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/rasp-jackson-ssrf
git_commit_date 1732097406 1732104482
git_commit_sha e5aa8fa cfdcf8c
release_version 1.43.0-SNAPSHOT~e5aa8fa019 1.43.0-SNAPSHOT~cfdcf8c525
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1732106955 1732106955
ci_job_id 713633998 713633998
ci_pipeline_id 49485020 49485020
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 54 metrics, 9 unstable metrics.

Startup time reports for petclinic
gantt
    title petclinic - global startup overhead: candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.093 s) : 0, 1093265
Total [baseline] (10.468 s) : 0, 10468055
Agent [candidate] (1.095 s) : 0, 1094933
Total [candidate] (10.447 s) : 0, 10447379
section appsec
Agent [baseline] (1.228 s) : 0, 1228397
Total [baseline] (10.805 s) : 0, 10804709
Agent [candidate] (1.223 s) : 0, 1223226
Total [candidate] (10.744 s) : 0, 10743816
section iast
Agent [baseline] (1.215 s) : 0, 1215418
Total [baseline] (10.93 s) : 0, 10929669
Agent [candidate] (1.215 s) : 0, 1215339
Total [candidate] (10.999 s) : 0, 10999278
section profiling
Agent [baseline] (1.287 s) : 0, 1287498
Total [baseline] (10.866 s) : 0, 10865629
Agent [candidate] (1.29 s) : 0, 1290222
Total [candidate] (10.876 s) : 0, 10875762
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.093 s -
Agent appsec 1.228 s 135.133 ms (12.4%)
Agent iast 1.215 s 122.153 ms (11.2%)
Agent profiling 1.287 s 194.234 ms (17.8%)
Total tracing 10.468 s -
Total appsec 10.805 s 336.654 ms (3.2%)
Total iast 10.93 s 461.614 ms (4.4%)
Total profiling 10.866 s 397.574 ms (3.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.095 s -
Agent appsec 1.223 s 128.293 ms (11.7%)
Agent iast 1.215 s 120.407 ms (11.0%)
Agent profiling 1.29 s 195.289 ms (17.8%)
Total tracing 10.447 s -
Total appsec 10.744 s 296.437 ms (2.8%)
Total iast 10.999 s 551.9 ms (5.3%)
Total profiling 10.876 s 428.383 ms (4.1%)
gantt
    title petclinic - break down per module: candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (695.757 ms) : 0, 695757
BytebuddyAgent [candidate] (696.511 ms) : 0, 696511
GlobalTracer [baseline] (318.038 ms) : 0, 318038
GlobalTracer [candidate] (319.088 ms) : 0, 319088
AppSec [baseline] (54.975 ms) : 0, 54975
AppSec [candidate] (54.727 ms) : 0, 54727
Remote Config [baseline] (682.942 µs) : 0, 683
Remote Config [candidate] (688.394 µs) : 0, 688
Telemetry [baseline] (10.035 ms) : 0, 10035
Telemetry [candidate] (10.135 ms) : 0, 10135
section appsec
BytebuddyAgent [baseline] (713.323 ms) : 0, 713323
BytebuddyAgent [candidate] (709.328 ms) : 0, 709328
GlobalTracer [baseline] (315.759 ms) : 0, 315759
GlobalTracer [candidate] (314.573 ms) : 0, 314573
AppSec [baseline] (166.768 ms) : 0, 166768
AppSec [candidate] (165.042 ms) : 0, 165042
Remote Config [baseline] (653.35 µs) : 0, 653
Remote Config [candidate] (646.121 µs) : 0, 646
Telemetry [baseline] (8.253 ms) : 0, 8253
Telemetry [candidate] (9.317 ms) : 0, 9317
IAST [baseline] (19.702 ms) : 0, 19702
IAST [candidate] (21.201 ms) : 0, 21201
section iast
BytebuddyAgent [baseline] (808.044 ms) : 0, 808044
BytebuddyAgent [candidate] (808.114 ms) : 0, 808114
GlobalTracer [baseline] (306.585 ms) : 0, 306585
GlobalTracer [candidate] (306.315 ms) : 0, 306315
AppSec [baseline] (56.443 ms) : 0, 56443
AppSec [candidate] (57.395 ms) : 0, 57395
Remote Config [baseline] (628.165 µs) : 0, 628
Remote Config [candidate] (605.577 µs) : 0, 606
Telemetry [baseline] (7.459 ms) : 0, 7459
Telemetry [candidate] (7.546 ms) : 0, 7546
IAST [baseline] (22.611 ms) : 0, 22611
IAST [candidate] (21.667 ms) : 0, 21667
section profiling
BytebuddyAgent [baseline] (686.938 ms) : 0, 686938
BytebuddyAgent [candidate] (689.051 ms) : 0, 689051
GlobalTracer [baseline] (400.787 ms) : 0, 400787
GlobalTracer [candidate] (401.499 ms) : 0, 401499
AppSec [baseline] (55.301 ms) : 0, 55301
AppSec [candidate] (55.135 ms) : 0, 55135
Remote Config [baseline] (681.411 µs) : 0, 681
Remote Config [candidate] (680.3 µs) : 0, 680
Telemetry [baseline] (12.279 ms) : 0, 12279
Telemetry [candidate] (10.734 ms) : 0, 10734
ProfilingAgent [baseline] (92.497 ms) : 0, 92497
ProfilingAgent [candidate] (94.001 ms) : 0, 94001
Profiling [baseline] (92.52 ms) : 0, 92520
Profiling [candidate] (94.025 ms) : 0, 94025
Loading
Startup time reports for insecure-bank
gantt
    title insecure-bank - global startup overhead: candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.093 s) : 0, 1093221
Total [baseline] (8.679 s) : 0, 8678894
Agent [candidate] (1.086 s) : 0, 1086145
Total [candidate] (8.651 s) : 0, 8651377
section iast
Agent [baseline] (1.226 s) : 0, 1225956
Total [baseline] (9.19 s) : 0, 9190241
Agent [candidate] (1.217 s) : 0, 1217104
Total [candidate] (9.185 s) : 0, 9184975
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.216 s) : 0, 1216436
Total [baseline] (9.179 s) : 0, 9178532
Agent [candidate] (1.217 s) : 0, 1217128
Total [candidate] (9.188 s) : 0, 9188230
section iast_TELEMETRY_OFF
Agent [baseline] (1.22 s) : 0, 1219987
Total [baseline] (9.159 s) : 0, 9158824
Agent [candidate] (1.212 s) : 0, 1212021
Total [candidate] (9.18 s) : 0, 9179877
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.093 s -
Agent iast 1.226 s 132.735 ms (12.1%)
Agent iast_HARDCODED_SECRET_DISABLED 1.216 s 123.215 ms (11.3%)
Agent iast_TELEMETRY_OFF 1.22 s 126.766 ms (11.6%)
Total tracing 8.679 s -
Total iast 9.19 s 511.347 ms (5.9%)
Total iast_HARDCODED_SECRET_DISABLED 9.179 s 499.638 ms (5.8%)
Total iast_TELEMETRY_OFF 9.159 s 479.93 ms (5.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.086 s -
Agent iast 1.217 s 130.959 ms (12.1%)
Agent iast_HARDCODED_SECRET_DISABLED 1.217 s 130.983 ms (12.1%)
Agent iast_TELEMETRY_OFF 1.212 s 125.876 ms (11.6%)
Total tracing 8.651 s -
Total iast 9.185 s 533.598 ms (6.2%)
Total iast_HARDCODED_SECRET_DISABLED 9.188 s 536.853 ms (6.2%)
Total iast_TELEMETRY_OFF 9.18 s 528.5 ms (6.1%)
gantt
    title insecure-bank - break down per module: candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (693.935 ms) : 0, 693935
BytebuddyAgent [candidate] (691.512 ms) : 0, 691512
GlobalTracer [baseline] (317.836 ms) : 0, 317836
GlobalTracer [candidate] (316.664 ms) : 0, 316664
AppSec [baseline] (54.921 ms) : 0, 54921
AppSec [candidate] (54.269 ms) : 0, 54269
Remote Config [baseline] (689.729 µs) : 0, 690
Remote Config [candidate] (704.452 µs) : 0, 704
Telemetry [baseline] (12.073 ms) : 0, 12073
Telemetry [candidate] (9.282 ms) : 0, 9282
section iast
BytebuddyAgent [baseline] (816.108 ms) : 0, 816108
BytebuddyAgent [candidate] (809.819 ms) : 0, 809819
GlobalTracer [baseline] (308.768 ms) : 0, 308768
GlobalTracer [candidate] (307.006 ms) : 0, 307006
AppSec [baseline] (58.069 ms) : 0, 58069
AppSec [candidate] (57.058 ms) : 0, 57058
IAST [baseline] (20.996 ms) : 0, 20996
IAST [candidate] (21.408 ms) : 0, 21408
Remote Config [baseline] (634.539 µs) : 0, 635
Remote Config [candidate] (619.567 µs) : 0, 620
Telemetry [baseline] (7.576 ms) : 0, 7576
Telemetry [candidate] (7.407 ms) : 0, 7407
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (808.938 ms) : 0, 808938
BytebuddyAgent [candidate] (809.068 ms) : 0, 809068
GlobalTracer [baseline] (307.046 ms) : 0, 307046
GlobalTracer [candidate] (307.409 ms) : 0, 307409
AppSec [baseline] (58.039 ms) : 0, 58039
AppSec [candidate] (57.99 ms) : 0, 57990
IAST [baseline] (20.593 ms) : 0, 20593
IAST [candidate] (20.747 ms) : 0, 20747
Remote Config [baseline] (611.674 µs) : 0, 612
Remote Config [candidate] (619.957 µs) : 0, 620
Telemetry [baseline] (7.479 ms) : 0, 7479
Telemetry [candidate] (7.557 ms) : 0, 7557
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (811.082 ms) : 0, 811082
BytebuddyAgent [candidate] (805.281 ms) : 0, 805281
GlobalTracer [baseline] (307.72 ms) : 0, 307720
GlobalTracer [candidate] (306.225 ms) : 0, 306225
AppSec [baseline] (57.786 ms) : 0, 57786
AppSec [candidate] (58.428 ms) : 0, 58428
IAST [baseline] (21.432 ms) : 0, 21432
IAST [candidate] (20.307 ms) : 0, 20307
Remote Config [baseline] (618.509 µs) : 0, 619
Remote Config [candidate] (622.723 µs) : 0, 623
Telemetry [baseline] (7.522 ms) : 0, 7522
Telemetry [candidate] (7.429 ms) : 0, 7429
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-11-20T12:17:06 2024-11-20T12:24:06
git_branch master alejandro.gonzalez/rasp-jackson-ssrf
git_commit_date 1732097406 1732104482
git_commit_sha e5aa8fa cfdcf8c
release_version 1.43.0-SNAPSHOT~e5aa8fa019 1.43.0-SNAPSHOT~cfdcf8c525
start_time 2024-11-20T12:16:53 2024-11-20T12:23:53
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1732105798 1732105798
ci_job_id 713633999 713633999
ci_pipeline_id 49485020 49485020
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 17 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:petclinic:profiling better
[-99.168µs; -47.539µs] or [-6.246%; -2.994%]
unstable
[-434.168op/s; +662.088op/s] or [-14.653%; +22.345%]
1.514ms 3076.923op/s 1.588ms 2962.963op/s
Request duration reports for petclinic
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.352 ms) : 1331, 1372
.   : milestone, 1352,
appsec (1.775 ms) : 1751, 1800
.   : milestone, 1775,
appsec_no_iast (1.763 ms) : 1739, 1788
.   : milestone, 1763,
iast (1.511 ms) : 1488, 1534
.   : milestone, 1511,
profiling (1.588 ms) : 1564, 1612
.   : milestone, 1588,
tracing (1.495 ms) : 1471, 1520
.   : milestone, 1495,
section candidate
no_agent (1.333 ms) : 1313, 1353
.   : milestone, 1333,
appsec (1.749 ms) : 1724, 1774
.   : milestone, 1749,
appsec_no_iast (1.752 ms) : 1728, 1776
.   : milestone, 1752,
iast (1.503 ms) : 1481, 1526
.   : milestone, 1503,
profiling (1.514 ms) : 1491, 1538
.   : milestone, 1514,
tracing (1.495 ms) : 1471, 1519
.   : milestone, 1495,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.352 ms [1.331 ms, 1.372 ms] -
appsec 1.775 ms [1.751 ms, 1.8 ms] 423.876 µs (31.4%)
appsec_no_iast 1.763 ms [1.739 ms, 1.788 ms] 411.716 µs (30.5%)
iast 1.511 ms [1.488 ms, 1.534 ms] 159.539 µs (11.8%)
profiling 1.588 ms [1.564 ms, 1.612 ms] 236.231 µs (17.5%)
tracing 1.495 ms [1.471 ms, 1.52 ms] 143.781 µs (10.6%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.333 ms [1.313 ms, 1.353 ms] -
appsec 1.749 ms [1.724 ms, 1.774 ms] 415.566 µs (31.2%)
appsec_no_iast 1.752 ms [1.728 ms, 1.776 ms] 418.945 µs (31.4%)
iast 1.503 ms [1.481 ms, 1.526 ms] 170.413 µs (12.8%)
profiling 1.514 ms [1.491 ms, 1.538 ms] 181.329 µs (13.6%)
tracing 1.495 ms [1.471 ms, 1.519 ms] 161.498 µs (12.1%)
Request duration reports for insecure-bank
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019
    dateFormat X
    axisFormat %s
section baseline
no_agent (373.772 µs) : 354, 393
.   : milestone, 374,
iast (486.579 µs) : 465, 508
.   : milestone, 487,
iast_FULL (647.422 µs) : 626, 669
.   : milestone, 647,
iast_GLOBAL (518.016 µs) : 497, 539
.   : milestone, 518,
iast_HARDCODED_SECRET_DISABLED (490.808 µs) : 470, 512
.   : milestone, 491,
iast_INACTIVE (453.526 µs) : 432, 475
.   : milestone, 454,
iast_TELEMETRY_OFF (476.27 µs) : 455, 498
.   : milestone, 476,
tracing (443.477 µs) : 423, 464
.   : milestone, 443,
section candidate
no_agent (375.589 µs) : 356, 395
.   : milestone, 376,
iast (490.827 µs) : 469, 512
.   : milestone, 491,
iast_FULL (648.212 µs) : 627, 670
.   : milestone, 648,
iast_GLOBAL (514.371 µs) : 492, 536
.   : milestone, 514,
iast_HARDCODED_SECRET_DISABLED (484.774 µs) : 463, 506
.   : milestone, 485,
iast_INACTIVE (459.056 µs) : 437, 481
.   : milestone, 459,
iast_TELEMETRY_OFF (481.701 µs) : 460, 503
.   : milestone, 482,
tracing (449.185 µs) : 427, 471
.   : milestone, 449,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 373.772 µs [354.063 µs, 393.48 µs] -
iast 486.579 µs [465.165 µs, 507.993 µs] 112.807 µs (30.2%)
iast_FULL 647.422 µs [625.865 µs, 668.979 µs] 273.651 µs (73.2%)
iast_GLOBAL 518.016 µs [496.675 µs, 539.356 µs] 144.244 µs (38.6%)
iast_HARDCODED_SECRET_DISABLED 490.808 µs [469.525 µs, 512.09 µs] 117.036 µs (31.3%)
iast_INACTIVE 453.526 µs [431.806 µs, 475.246 µs] 79.754 µs (21.3%)
iast_TELEMETRY_OFF 476.27 µs [454.651 µs, 497.888 µs] 102.498 µs (27.4%)
tracing 443.477 µs [422.929 µs, 464.025 µs] 69.705 µs (18.6%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 375.589 µs [355.966 µs, 395.212 µs] -
iast 490.827 µs [469.449 µs, 512.205 µs] 115.238 µs (30.7%)
iast_FULL 648.212 µs [626.766 µs, 669.658 µs] 272.623 µs (72.6%)
iast_GLOBAL 514.371 µs [492.43 µs, 536.312 µs] 138.782 µs (37.0%)
iast_HARDCODED_SECRET_DISABLED 484.774 µs [463.446 µs, 506.102 µs] 109.185 µs (29.1%)
iast_INACTIVE 459.056 µs [437.368 µs, 480.744 µs] 83.467 µs (22.2%)
iast_TELEMETRY_OFF 481.701 µs [459.996 µs, 503.406 µs] 106.112 µs (28.3%)
tracing 449.185 µs [427.112 µs, 471.259 µs] 73.596 µs (19.6%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/rasp-jackson-ssrf
git_commit_date 1732097406 1732104482
git_commit_sha e5aa8fa cfdcf8c
release_version 1.43.0-SNAPSHOT~e5aa8fa019 1.43.0-SNAPSHOT~cfdcf8c525
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1732106482 1732106482
ci_job_id 713634000 713634000
ci_pipeline_id 49485020 49485020
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava
gantt
    title biojava - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.967 s) : 14967000, 14967000
.   : milestone, 14967000,
appsec (15.069 s) : 15069000, 15069000
.   : milestone, 15069000,
iast (18.835 s) : 18835000, 18835000
.   : milestone, 18835000,
iast_GLOBAL (18.208 s) : 18208000, 18208000
.   : milestone, 18208000,
profiling (14.936 s) : 14936000, 14936000
.   : milestone, 14936000,
tracing (15.012 s) : 15012000, 15012000
.   : milestone, 15012000,
section candidate
no_agent (15.273 s) : 15273000, 15273000
.   : milestone, 15273000,
appsec (15.163 s) : 15163000, 15163000
.   : milestone, 15163000,
iast (19.017 s) : 19017000, 19017000
.   : milestone, 19017000,
iast_GLOBAL (17.97 s) : 17970000, 17970000
.   : milestone, 17970000,
profiling (14.811 s) : 14811000, 14811000
.   : milestone, 14811000,
tracing (14.713 s) : 14713000, 14713000
.   : milestone, 14713000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.967 s [14.967 s, 14.967 s] -
appsec 15.069 s [15.069 s, 15.069 s] 102.0 ms (0.7%)
iast 18.835 s [18.835 s, 18.835 s] 3.868 s (25.8%)
iast_GLOBAL 18.208 s [18.208 s, 18.208 s] 3.241 s (21.7%)
profiling 14.936 s [14.936 s, 14.936 s] -31.0 ms (-0.2%)
tracing 15.012 s [15.012 s, 15.012 s] 45.0 ms (0.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.273 s [15.273 s, 15.273 s] -
appsec 15.163 s [15.163 s, 15.163 s] -110.0 ms (-0.7%)
iast 19.017 s [19.017 s, 19.017 s] 3.744 s (24.5%)
iast_GLOBAL 17.97 s [17.97 s, 17.97 s] 2.697 s (17.7%)
profiling 14.811 s [14.811 s, 14.811 s] -462.0 ms (-3.0%)
tracing 14.713 s [14.713 s, 14.713 s] -560.0 ms (-3.7%)
Execution time for tomcat
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.464 ms) : 1453, 1476
.   : milestone, 1464,
appsec (2.323 ms) : 2282, 2364
.   : milestone, 2323,
iast (2.071 ms) : 2019, 2123
.   : milestone, 2071,
iast_GLOBAL (2.113 ms) : 2061, 2166
.   : milestone, 2113,
profiling (1.946 ms) : 1903, 1989
.   : milestone, 1946,
tracing (1.916 ms) : 1876, 1956
.   : milestone, 1916,
section candidate
no_agent (1.465 ms) : 1454, 1477
.   : milestone, 1465,
appsec (2.324 ms) : 2283, 2365
.   : milestone, 2324,
iast (2.074 ms) : 2022, 2126
.   : milestone, 2074,
iast_GLOBAL (2.12 ms) : 2067, 2172
.   : milestone, 2120,
profiling (1.923 ms) : 1882, 1964
.   : milestone, 1923,
tracing (1.909 ms) : 1870, 1949
.   : milestone, 1909,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.464 ms [1.453 ms, 1.476 ms] -
appsec 2.323 ms [2.282 ms, 2.364 ms] 859.161 µs (58.7%)
iast 2.071 ms [2.019 ms, 2.123 ms] 607.16 µs (41.5%)
iast_GLOBAL 2.113 ms [2.061 ms, 2.166 ms] 649.236 µs (44.3%)
profiling 1.946 ms [1.903 ms, 1.989 ms] 482.213 µs (32.9%)
tracing 1.916 ms [1.876 ms, 1.956 ms] 451.517 µs (30.8%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.465 ms [1.454 ms, 1.477 ms] -
appsec 2.324 ms [2.283 ms, 2.365 ms] 858.68 µs (58.6%)
iast 2.074 ms [2.022 ms, 2.126 ms] 608.549 µs (41.5%)
iast_GLOBAL 2.12 ms [2.067 ms, 2.172 ms] 654.475 µs (44.7%)
profiling 1.923 ms [1.882 ms, 1.964 ms] 457.481 µs (31.2%)
tracing 1.909 ms [1.87 ms, 1.949 ms] 443.999 µs (30.3%)

@jandro996 jandro996 force-pushed the alejandro.gonzalez/rasp-jackson-ssrf branch 2 times, most recently from e3abcf7 to 0fd33ba Compare August 2, 2024 08:44
@jandro996 jandro996 marked this pull request as ready for review August 2, 2024 09:36
@jandro996 jandro996 requested review from a team as code owners August 2, 2024 09:36
@jandro996 jandro996 marked this pull request as draft August 2, 2024 09:44
@smola smola added the comp: asm waf Application Security Management (WAF) label Aug 5, 2024
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/rasp-ssrf-with-url branch 6 times, most recently from 9920b1c to 16a7bf8 Compare August 14, 2024 08:49
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/rasp-ssrf-with-url branch 4 times, most recently from be799c5 to 9dc7948 Compare August 16, 2024 11:49
@jandro996 jandro996 force-pushed the alejandro.gonzalez/rasp-jackson-ssrf branch from 66da118 to 971fabe Compare August 19, 2024 10:30
Base automatically changed from malvarez/rasp-ssrf-with-url to master August 22, 2024 07:04
@jandro996 jandro996 force-pushed the alejandro.gonzalez/rasp-jackson-ssrf branch from fc764ee to a2295f9 Compare August 22, 2024 07:18
@jandro996 jandro996 marked this pull request as ready for review August 22, 2024 09:46
@jandro996 jandro996 marked this pull request as draft August 27, 2024 10:14
Base automatically changed from malvarez/blocking-exception-handler to master October 29, 2024 12:37
@jandro996 jandro996 force-pushed the alejandro.gonzalez/rasp-jackson-ssrf branch 2 times, most recently from 85bd34a to 4f6a0c9 Compare November 6, 2024 10:01
@jandro996 jandro996 marked this pull request as ready for review November 7, 2024 11:33
@jandro996 jandro996 requested a review from a team as a code owner November 11, 2024 10:44
@jandro996 jandro996 force-pushed the alejandro.gonzalez/rasp-jackson-ssrf branch from 647970a to 001d4fc Compare November 11, 2024 10:45
settings.gradle Outdated Show resolved Hide resolved
@@ -175,6 +185,48 @@ public long getResponseContentLength(final RESPONSE response) {
return 0;
}

private void onNetworkConnection(final String networkConnection) {
if (!Config.get().isAppSecRaspEnabled()) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: you can cache it statically (the counterpart is that you need forkedtests)

@jandro996 jandro996 merged commit f4163fa into master Nov 20, 2024
102 checks passed
@jandro996 jandro996 deleted the alejandro.gonzalez/rasp-jackson-ssrf branch November 20, 2024 13:45
@github-actions github-actions bot added this to the 1.43.0 milestone Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
comp: asm waf Application Security Management (WAF)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants