Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add XSS support for Velocity #7546

Merged
merged 7 commits into from
Sep 16, 2024
Merged

Add XSS support for Velocity #7546

merged 7 commits into from
Sep 16, 2024

Conversation

Mariovido
Copy link
Contributor

@Mariovido Mariovido commented Sep 2, 2024

What Does This Do

Adds support to the detection of XSS in the Velocity library

Motivation

Being able to detect XSS in the library of Velocity

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-53841

@Mariovido Mariovido added the comp: asm iast Application Security Management (IAST) label Sep 2, 2024
@pr-commenter
Copy link

pr-commenter bot commented Sep 2, 2024

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master mario.vidal/xss_velocity
git_commit_date 1726223410 1726230798
git_commit_sha d2ff624 d0a640a
release_version 1.40.0-SNAPSHOT~d2ff624132 1.40.0-SNAPSHOT~d0a640a504
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1726233216 1726233216
ci_job_id 638637662 638637662
ci_pipeline_id 44277094 44277094
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 49 metrics, 14 unstable metrics.

Startup time reports for petclinic
gantt
    title petclinic - global startup overhead: candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.061 s) : 0, 1061397
Total [baseline] (10.379 s) : 0, 10378810
Agent [candidate] (1.072 s) : 0, 1072133
Total [candidate] (10.407 s) : 0, 10407325
section appsec
Agent [baseline] (1.193 s) : 0, 1192720
Total [baseline] (10.573 s) : 0, 10573184
Agent [candidate] (1.197 s) : 0, 1197115
Total [candidate] (10.572 s) : 0, 10571881
section iast
Agent [baseline] (1.187 s) : 0, 1186604
Total [baseline] (10.851 s) : 0, 10851074
Agent [candidate] (1.189 s) : 0, 1188911
Total [candidate] (10.893 s) : 0, 10893342
section profiling
Agent [baseline] (1.267 s) : 0, 1266614
Total [baseline] (10.549 s) : 0, 10549383
Agent [candidate] (1.261 s) : 0, 1261398
Total [candidate] (10.559 s) : 0, 10558893
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.061 s -
Agent appsec 1.193 s 131.323 ms (12.4%)
Agent iast 1.187 s 125.207 ms (11.8%)
Agent profiling 1.267 s 205.217 ms (19.3%)
Total tracing 10.379 s -
Total appsec 10.573 s 194.374 ms (1.9%)
Total iast 10.851 s 472.265 ms (4.6%)
Total profiling 10.549 s 170.573 ms (1.6%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.072 s -
Agent appsec 1.197 s 124.982 ms (11.7%)
Agent iast 1.189 s 116.778 ms (10.9%)
Agent profiling 1.261 s 189.264 ms (17.7%)
Total tracing 10.407 s -
Total appsec 10.572 s 164.556 ms (1.6%)
Total iast 10.893 s 486.017 ms (4.7%)
Total profiling 10.559 s 151.569 ms (1.5%)
gantt
    title petclinic - break down per module: candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (677.763 ms) : 0, 677763
BytebuddyAgent [candidate] (684.231 ms) : 0, 684231
GlobalTracer [baseline] (310.006 ms) : 0, 310006
GlobalTracer [candidate] (313.927 ms) : 0, 313927
AppSec [baseline] (51.861 ms) : 0, 51861
AppSec [candidate] (52.148 ms) : 0, 52148
Remote Config [baseline] (710.38 µs) : 0, 710
Remote Config [candidate] (687.184 µs) : 0, 687
Telemetry [baseline] (7.512 ms) : 0, 7512
Telemetry [candidate] (7.447 ms) : 0, 7447
section appsec
BytebuddyAgent [baseline] (697.433 ms) : 0, 697433
BytebuddyAgent [candidate] (699.012 ms) : 0, 699012
GlobalTracer [baseline] (302.165 ms) : 0, 302165
GlobalTracer [candidate] (303.978 ms) : 0, 303978
AppSec [baseline] (160.239 ms) : 0, 160239
AppSec [candidate] (160.056 ms) : 0, 160056
Remote Config [baseline] (643.0 µs) : 0, 643
Remote Config [candidate] (652.375 µs) : 0, 652
Telemetry [baseline] (7.943 ms) : 0, 7943
Telemetry [candidate] (9.047 ms) : 0, 9047
IAST [baseline] (21.525 ms) : 0, 21525
IAST [candidate] (21.532 ms) : 0, 21532
section iast
BytebuddyAgent [baseline] (789.761 ms) : 0, 789761
BytebuddyAgent [candidate] (791.614 ms) : 0, 791614
GlobalTracer [baseline] (298.676 ms) : 0, 298676
GlobalTracer [candidate] (298.578 ms) : 0, 298578
AppSec [baseline] (53.812 ms) : 0, 53812
AppSec [candidate] (53.152 ms) : 0, 53152
Remote Config [baseline] (645.455 µs) : 0, 645
Remote Config [candidate] (617.156 µs) : 0, 617
Telemetry [baseline] (7.342 ms) : 0, 7342
Telemetry [candidate] (7.399 ms) : 0, 7399
IAST [baseline] (22.807 ms) : 0, 22807
IAST [candidate] (23.952 ms) : 0, 23952
section profiling
ProfilingAgent [baseline] (96.134 ms) : 0, 96134
ProfilingAgent [candidate] (96.803 ms) : 0, 96803
BytebuddyAgent [baseline] (676.722 ms) : 0, 676722
BytebuddyAgent [candidate] (672.801 ms) : 0, 672801
GlobalTracer [baseline] (395.012 ms) : 0, 395012
GlobalTracer [candidate] (393.286 ms) : 0, 393286
AppSec [baseline] (52.416 ms) : 0, 52416
AppSec [candidate] (52.405 ms) : 0, 52405
Remote Config [baseline] (707.318 µs) : 0, 707
Remote Config [candidate] (720.101 µs) : 0, 720
Telemetry [baseline] (7.467 ms) : 0, 7467
Telemetry [candidate] (7.469 ms) : 0, 7469
Profiling [baseline] (96.157 ms) : 0, 96157
Profiling [candidate] (96.827 ms) : 0, 96827
Loading
Startup time reports for insecure-bank
gantt
    title insecure-bank - global startup overhead: candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.064 s) : 0, 1064442
Total [baseline] (8.526 s) : 0, 8526466
Agent [candidate] (1.064 s) : 0, 1064067
Total [candidate] (8.512 s) : 0, 8512048
section iast
Agent [baseline] (1.188 s) : 0, 1187550
Total [baseline] (9.041 s) : 0, 9041381
Agent [candidate] (1.188 s) : 0, 1188477
Total [candidate] (8.957 s) : 0, 8957200
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.187 s) : 0, 1187196
Total [baseline] (8.945 s) : 0, 8944642
Agent [candidate] (1.205 s) : 0, 1204944
Total [candidate] (8.999 s) : 0, 8999431
section iast_TELEMETRY_OFF
Agent [baseline] (1.192 s) : 0, 1192209
Total [baseline] (8.963 s) : 0, 8963164
Agent [candidate] (1.187 s) : 0, 1186584
Total [candidate] (9.004 s) : 0, 9004372
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.064 s -
Agent iast 1.188 s 123.108 ms (11.6%)
Agent iast_HARDCODED_SECRET_DISABLED 1.187 s 122.754 ms (11.5%)
Agent iast_TELEMETRY_OFF 1.192 s 127.768 ms (12.0%)
Total tracing 8.526 s -
Total iast 9.041 s 514.915 ms (6.0%)
Total iast_HARDCODED_SECRET_DISABLED 8.945 s 418.175 ms (4.9%)
Total iast_TELEMETRY_OFF 8.963 s 436.698 ms (5.1%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.064 s -
Agent iast 1.188 s 124.41 ms (11.7%)
Agent iast_HARDCODED_SECRET_DISABLED 1.205 s 140.877 ms (13.2%)
Agent iast_TELEMETRY_OFF 1.187 s 122.517 ms (11.5%)
Total tracing 8.512 s -
Total iast 8.957 s 445.152 ms (5.2%)
Total iast_HARDCODED_SECRET_DISABLED 8.999 s 487.383 ms (5.7%)
Total iast_TELEMETRY_OFF 9.004 s 492.323 ms (5.8%)
gantt
    title insecure-bank - break down per module: candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (678.163 ms) : 0, 678163
BytebuddyAgent [candidate] (679.516 ms) : 0, 679516
GlobalTracer [baseline] (312.304 ms) : 0, 312304
GlobalTracer [candidate] (310.933 ms) : 0, 310933
AppSec [baseline] (52.154 ms) : 0, 52154
AppSec [candidate] (51.796 ms) : 0, 51796
Remote Config [baseline] (719.957 µs) : 0, 720
Remote Config [candidate] (713.038 µs) : 0, 713
Telemetry [baseline] (7.544 ms) : 0, 7544
Telemetry [candidate] (7.512 ms) : 0, 7512
section iast
BytebuddyAgent [baseline] (791.336 ms) : 0, 791336
BytebuddyAgent [candidate] (791.72 ms) : 0, 791720
GlobalTracer [baseline] (299.244 ms) : 0, 299244
GlobalTracer [candidate] (298.5 ms) : 0, 298500
AppSec [baseline] (53.565 ms) : 0, 53565
AppSec [candidate] (53.856 ms) : 0, 53856
IAST [baseline] (21.742 ms) : 0, 21742
IAST [candidate] (22.693 ms) : 0, 22693
Remote Config [baseline] (635.937 µs) : 0, 636
Remote Config [candidate] (708.293 µs) : 0, 708
Telemetry [baseline] (7.419 ms) : 0, 7419
Telemetry [candidate] (7.352 ms) : 0, 7352
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (790.203 ms) : 0, 790203
BytebuddyAgent [candidate] (803.695 ms) : 0, 803695
GlobalTracer [baseline] (298.776 ms) : 0, 298776
GlobalTracer [candidate] (302.639 ms) : 0, 302639
AppSec [baseline] (54.187 ms) : 0, 54187
AppSec [candidate] (52.266 ms) : 0, 52266
IAST [baseline] (21.712 ms) : 0, 21712
IAST [candidate] (24.62 ms) : 0, 24620
Remote Config [baseline] (601.345 µs) : 0, 601
Remote Config [candidate] (636.761 µs) : 0, 637
Telemetry [baseline] (8.11 ms) : 0, 8110
Telemetry [candidate] (7.395 ms) : 0, 7395
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (792.324 ms) : 0, 792324
BytebuddyAgent [candidate] (788.594 ms) : 0, 788594
GlobalTracer [baseline] (300.993 ms) : 0, 300993
GlobalTracer [candidate] (299.394 ms) : 0, 299394
AppSec [baseline] (52.176 ms) : 0, 52176
AppSec [candidate] (51.922 ms) : 0, 51922
IAST [baseline] (25.109 ms) : 0, 25109
IAST [candidate] (25.085 ms) : 0, 25085
Remote Config [baseline] (603.055 µs) : 0, 603
Remote Config [candidate] (613.186 µs) : 0, 613
Telemetry [baseline] (7.3 ms) : 0, 7300
Telemetry [candidate] (7.321 ms) : 0, 7321
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-09-13T12:44:16 2024-09-13T12:51:05
git_branch master mario.vidal/xss_velocity
git_commit_date 1726223410 1726230798
git_commit_sha d2ff624 d0a640a
release_version 1.40.0-SNAPSHOT~d2ff624132 1.40.0-SNAPSHOT~d0a640a504
start_time 2024-09-13T12:44:03 2024-09-13T12:50:52
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1726232210 1726232210
ci_job_id 638637663 638637663
ci_pipeline_id 44277094 44277094
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 18 unstable metrics.

Request duration reports for petclinic
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.352 ms) : 1333, 1372
.   : milestone, 1352,
appsec (1.724 ms) : 1701, 1748
.   : milestone, 1724,
appsec_no_iast (1.744 ms) : 1720, 1769
.   : milestone, 1744,
iast (1.456 ms) : 1434, 1479
.   : milestone, 1456,
profiling (1.485 ms) : 1461, 1510
.   : milestone, 1485,
tracing (1.458 ms) : 1434, 1482
.   : milestone, 1458,
section candidate
no_agent (1.329 ms) : 1309, 1349
.   : milestone, 1329,
appsec (1.707 ms) : 1684, 1731
.   : milestone, 1707,
appsec_no_iast (1.717 ms) : 1690, 1744
.   : milestone, 1717,
iast (1.466 ms) : 1443, 1490
.   : milestone, 1466,
profiling (1.478 ms) : 1455, 1501
.   : milestone, 1478,
tracing (1.469 ms) : 1445, 1492
.   : milestone, 1469,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.352 ms [1.333 ms, 1.372 ms] -
appsec 1.724 ms [1.701 ms, 1.748 ms] 372.001 µs (27.5%)
appsec_no_iast 1.744 ms [1.72 ms, 1.769 ms] 391.713 µs (29.0%)
iast 1.456 ms [1.434 ms, 1.479 ms] 103.842 µs (7.7%)
profiling 1.485 ms [1.461 ms, 1.51 ms] 132.671 µs (9.8%)
tracing 1.458 ms [1.434 ms, 1.482 ms] 105.467 µs (7.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.329 ms [1.309 ms, 1.349 ms] -
appsec 1.707 ms [1.684 ms, 1.731 ms] 378.278 µs (28.5%)
appsec_no_iast 1.717 ms [1.69 ms, 1.744 ms] 387.696 µs (29.2%)
iast 1.466 ms [1.443 ms, 1.49 ms] 137.288 µs (10.3%)
profiling 1.478 ms [1.455 ms, 1.501 ms] 148.716 µs (11.2%)
tracing 1.469 ms [1.445 ms, 1.492 ms] 139.401 µs (10.5%)
Request duration reports for insecure-bank
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132
    dateFormat X
    axisFormat %s
section baseline
no_agent (366.271 µs) : 347, 386
.   : milestone, 366,
iast (481.793 µs) : 460, 504
.   : milestone, 482,
iast_FULL (553.46 µs) : 532, 575
.   : milestone, 553,
iast_GLOBAL (502.466 µs) : 481, 524
.   : milestone, 502,
iast_HARDCODED_SECRET_DISABLED (481.225 µs) : 460, 503
.   : milestone, 481,
iast_INACTIVE (447.799 µs) : 427, 469
.   : milestone, 448,
iast_TELEMETRY_OFF (476.339 µs) : 453, 499
.   : milestone, 476,
tracing (431.113 µs) : 411, 451
.   : milestone, 431,
section candidate
no_agent (372.49 µs) : 353, 392
.   : milestone, 372,
iast (478.994 µs) : 458, 500
.   : milestone, 479,
iast_FULL (546.568 µs) : 525, 568
.   : milestone, 547,
iast_GLOBAL (508.997 µs) : 486, 532
.   : milestone, 509,
iast_HARDCODED_SECRET_DISABLED (480.791 µs) : 460, 502
.   : milestone, 481,
iast_INACTIVE (454.429 µs) : 433, 476
.   : milestone, 454,
iast_TELEMETRY_OFF (478.227 µs) : 455, 501
.   : milestone, 478,
tracing (440.249 µs) : 419, 461
.   : milestone, 440,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 366.271 µs [346.945 µs, 385.596 µs] -
iast 481.793 µs [459.706 µs, 503.88 µs] 115.523 µs (31.5%)
iast_FULL 553.46 µs [532.202 µs, 574.718 µs] 187.19 µs (51.1%)
iast_GLOBAL 502.466 µs [480.738 µs, 524.194 µs] 136.195 µs (37.2%)
iast_HARDCODED_SECRET_DISABLED 481.225 µs [459.551 µs, 502.899 µs] 114.954 µs (31.4%)
iast_INACTIVE 447.799 µs [426.86 µs, 468.737 µs] 81.528 µs (22.3%)
iast_TELEMETRY_OFF 476.339 µs [453.332 µs, 499.345 µs] 110.068 µs (30.1%)
tracing 431.113 µs [411.217 µs, 451.008 µs] 64.842 µs (17.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 372.49 µs [352.98 µs, 391.999 µs] -
iast 478.994 µs [457.949 µs, 500.039 µs] 106.504 µs (28.6%)
iast_FULL 546.568 µs [525.39 µs, 567.746 µs] 174.078 µs (46.7%)
iast_GLOBAL 508.997 µs [486.0 µs, 531.993 µs] 136.507 µs (36.6%)
iast_HARDCODED_SECRET_DISABLED 480.791 µs [459.821 µs, 501.762 µs] 108.302 µs (29.1%)
iast_INACTIVE 454.429 µs [433.082 µs, 475.776 µs] 81.939 µs (22.0%)
iast_TELEMETRY_OFF 478.227 µs [455.073 µs, 501.382 µs] 105.738 µs (28.4%)
tracing 440.249 µs [419.332 µs, 461.166 µs] 67.759 µs (18.2%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master mario.vidal/xss_velocity
git_commit_date 1726223410 1726230798
git_commit_sha d2ff624 d0a640a
release_version 1.40.0-SNAPSHOT~d2ff624132 1.40.0-SNAPSHOT~d0a640a504
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1726232876 1726232876
ci_job_id 638637664 638637664
ci_pipeline_id 44277094 44277094
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.464 ms) : 1453, 1476
.   : milestone, 1464,
appsec (2.289 ms) : 2249, 2330
.   : milestone, 2289,
iast (2.057 ms) : 2007, 2107
.   : milestone, 2057,
iast_GLOBAL (2.107 ms) : 2056, 2158
.   : milestone, 2107,
profiling (1.929 ms) : 1889, 1970
.   : milestone, 1929,
tracing (1.902 ms) : 1863, 1940
.   : milestone, 1902,
section candidate
no_agent (1.466 ms) : 1455, 1478
.   : milestone, 1466,
appsec (2.303 ms) : 2262, 2344
.   : milestone, 2303,
iast (2.034 ms) : 1986, 2082
.   : milestone, 2034,
iast_GLOBAL (2.093 ms) : 2042, 2144
.   : milestone, 2093,
profiling (1.928 ms) : 1887, 1970
.   : milestone, 1928,
tracing (1.899 ms) : 1861, 1938
.   : milestone, 1899,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.464 ms [1.453 ms, 1.476 ms] -
appsec 2.289 ms [2.249 ms, 2.33 ms] 824.733 µs (56.3%)
iast 2.057 ms [2.007 ms, 2.107 ms] 592.675 µs (40.5%)
iast_GLOBAL 2.107 ms [2.056 ms, 2.158 ms] 642.306 µs (43.9%)
profiling 1.929 ms [1.889 ms, 1.97 ms] 464.752 µs (31.7%)
tracing 1.902 ms [1.863 ms, 1.94 ms] 437.224 µs (29.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.466 ms [1.455 ms, 1.478 ms] -
appsec 2.303 ms [2.262 ms, 2.344 ms] 836.763 µs (57.1%)
iast 2.034 ms [1.986 ms, 2.082 ms] 568.183 µs (38.8%)
iast_GLOBAL 2.093 ms [2.042 ms, 2.144 ms] 626.896 µs (42.8%)
profiling 1.928 ms [1.887 ms, 1.97 ms] 462.335 µs (31.5%)
tracing 1.899 ms [1.861 ms, 1.938 ms] 433.336 µs (29.6%)
Execution time for biojava
gantt
    title biojava - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.079 s) : 15079000, 15079000
.   : milestone, 15079000,
appsec (15.27 s) : 15270000, 15270000
.   : milestone, 15270000,
iast (19.228 s) : 19228000, 19228000
.   : milestone, 19228000,
iast_GLOBAL (18.028 s) : 18028000, 18028000
.   : milestone, 18028000,
profiling (15.252 s) : 15252000, 15252000
.   : milestone, 15252000,
tracing (15.181 s) : 15181000, 15181000
.   : milestone, 15181000,
section candidate
no_agent (15.071 s) : 15071000, 15071000
.   : milestone, 15071000,
appsec (15.036 s) : 15036000, 15036000
.   : milestone, 15036000,
iast (19.166 s) : 19166000, 19166000
.   : milestone, 19166000,
iast_GLOBAL (18.445 s) : 18445000, 18445000
.   : milestone, 18445000,
profiling (15.663 s) : 15663000, 15663000
.   : milestone, 15663000,
tracing (15.121 s) : 15121000, 15121000
.   : milestone, 15121000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.079 s [15.079 s, 15.079 s] -
appsec 15.27 s [15.27 s, 15.27 s] 191.0 ms (1.3%)
iast 19.228 s [19.228 s, 19.228 s] 4.149 s (27.5%)
iast_GLOBAL 18.028 s [18.028 s, 18.028 s] 2.949 s (19.6%)
profiling 15.252 s [15.252 s, 15.252 s] 173.0 ms (1.1%)
tracing 15.181 s [15.181 s, 15.181 s] 102.0 ms (0.7%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.071 s [15.071 s, 15.071 s] -
appsec 15.036 s [15.036 s, 15.036 s] -35.0 ms (-0.2%)
iast 19.166 s [19.166 s, 19.166 s] 4.095 s (27.2%)
iast_GLOBAL 18.445 s [18.445 s, 18.445 s] 3.374 s (22.4%)
profiling 15.663 s [15.663 s, 15.663 s] 592.0 ms (3.9%)
tracing 15.121 s [15.121 s, 15.121 s] 50.0 ms (0.3%)

@Mariovido Mariovido marked this pull request as ready for review September 4, 2024 09:17
@Mariovido Mariovido requested review from a team as code owners September 4, 2024 09:17
Copy link
Member

@jandro996 jandro996 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@Mariovido Mariovido merged commit 3f5051e into master Sep 16, 2024
98 checks passed
@Mariovido Mariovido deleted the mario.vidal/xss_velocity branch September 16, 2024 08:11
@github-actions github-actions bot added this to the 1.40.0 milestone Sep 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
comp: asm iast Application Security Management (IAST)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants