Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for session fingerprints to the WAF #7591

Merged
merged 3 commits into from
Sep 19, 2024

Conversation

manuel-alvarez-alvarez
Copy link
Member

@manuel-alvarez-alvarez manuel-alvarez-alvarez commented Sep 10, 2024

What Does This Do

Add support for tracking the requested session ids for those frameworks supporting sessions. It also adds required WAF with the session ids to be able to generate session fingerprints.

Motivation

Fingerprinting is a technique used to identify and track users through the use of available data which, when combined through a certain set of algorithms, can provide a unique fingerprint for said user.

Additional Notes

See original RFC

Contributor Checklist

Jira ticket: APPSEC-54838

@manuel-alvarez-alvarez manuel-alvarez-alvarez added the comp: asm waf Application Security Management (WAF) label Sep 10, 2024
@manuel-alvarez-alvarez manuel-alvarez-alvarez changed the base branch from master to malvarez/appsec-reactor-event-tracker September 10, 2024 09:07
new BlockingDetails(403, BlockingContentType.JSON, ['X-Header': 'X-Header-Value']) :
null
}
@Override
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lots of formatting changes here. Did spotless do this?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, just tried to undo all changes but got:

Execution failed for task ':dd-java-agent:testing:spotlessGroovyCheck'.
> The following files had format violations:
      src/main/groovy/datadog/trace/agent/test/base/HttpServerTest.groovy

@pr-commenter
Copy link

pr-commenter bot commented Sep 11, 2024

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/waf-session-fingerprint
git_commit_date 1726677448 1726688377
git_commit_sha da9ecfb fff9d35
release_version 1.40.0-SNAPSHOT~da9ecfbbcd 1.40.0-SNAPSHOT~fff9d3586c
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1726690784 1726690784
ci_job_id 644127293 644127293
ci_pipeline_id 44630248 44630248
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 1 performance regressions! Performance is the same for 49 metrics, 13 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:startup:petclinic:profiling:AppSec worse
[+1.280ms; +2.777ms] or [+2.414%; +5.235%]
55.082ms 53.053ms
Startup time reports for petclinic
gantt
    title petclinic - global startup overhead: candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.075 s) : 0, 1075001
Total [baseline] (10.448 s) : 0, 10447636
Agent [candidate] (1.064 s) : 0, 1064112
Total [candidate] (10.412 s) : 0, 10412471
section appsec
Agent [baseline] (1.197 s) : 0, 1197492
Total [baseline] (10.617 s) : 0, 10617124
Agent [candidate] (1.206 s) : 0, 1206479
Total [candidate] (10.61 s) : 0, 10610115
section iast
Agent [baseline] (1.189 s) : 0, 1188859
Total [baseline] (10.808 s) : 0, 10807826
Agent [candidate] (1.189 s) : 0, 1188768
Total [candidate] (10.854 s) : 0, 10854171
section profiling
Agent [baseline] (1.261 s) : 0, 1260750
Total [baseline] (10.604 s) : 0, 10603775
Agent [candidate] (1.268 s) : 0, 1268251
Total [candidate] (10.632 s) : 0, 10632069
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.075 s -
Agent appsec 1.197 s 122.49 ms (11.4%)
Agent iast 1.189 s 113.857 ms (10.6%)
Agent profiling 1.261 s 185.748 ms (17.3%)
Total tracing 10.448 s -
Total appsec 10.617 s 169.488 ms (1.6%)
Total iast 10.808 s 360.189 ms (3.4%)
Total profiling 10.604 s 156.138 ms (1.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.064 s -
Agent appsec 1.206 s 142.368 ms (13.4%)
Agent iast 1.189 s 124.656 ms (11.7%)
Agent profiling 1.268 s 204.14 ms (19.2%)
Total tracing 10.412 s -
Total appsec 10.61 s 197.644 ms (1.9%)
Total iast 10.854 s 441.701 ms (4.2%)
Total profiling 10.632 s 219.598 ms (2.1%)
gantt
    title petclinic - break down per module: candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (687.934 ms) : 0, 687934
BytebuddyAgent [candidate] (678.836 ms) : 0, 678836
GlobalTracer [baseline] (312.372 ms) : 0, 312372
GlobalTracer [candidate] (309.853 ms) : 0, 309853
AppSec [baseline] (52.731 ms) : 0, 52731
AppSec [candidate] (53.523 ms) : 0, 53523
Remote Config [baseline] (677.376 µs) : 0, 677
Remote Config [candidate] (661.44 µs) : 0, 661
Telemetry [baseline] (7.506 ms) : 0, 7506
Telemetry [candidate] (7.578 ms) : 0, 7578
section appsec
BytebuddyAgent [baseline] (699.98 ms) : 0, 699980
BytebuddyAgent [candidate] (705.37 ms) : 0, 705370
GlobalTracer [baseline] (302.776 ms) : 0, 302776
GlobalTracer [candidate] (304.685 ms) : 0, 304685
AppSec [baseline] (162.362 ms) : 0, 162362
AppSec [candidate] (162.654 ms) : 0, 162654
IAST [baseline] (20.382 ms) : 0, 20382
IAST [candidate] (19.943 ms) : 0, 19943
Remote Config [baseline] (624.034 µs) : 0, 624
Remote Config [candidate] (641.187 µs) : 0, 641
Telemetry [baseline] (7.993 ms) : 0, 7993
Telemetry [candidate] (9.47 ms) : 0, 9470
section iast
BytebuddyAgent [baseline] (791.303 ms) : 0, 791303
BytebuddyAgent [candidate] (790.267 ms) : 0, 790267
GlobalTracer [baseline] (298.248 ms) : 0, 298248
GlobalTracer [candidate] (298.591 ms) : 0, 298591
AppSec [baseline] (54.94 ms) : 0, 54940
AppSec [candidate] (54.737 ms) : 0, 54737
IAST [baseline] (22.832 ms) : 0, 22832
IAST [candidate] (23.622 ms) : 0, 23622
Remote Config [baseline] (615.92 µs) : 0, 616
Remote Config [candidate] (602.388 µs) : 0, 602
Telemetry [baseline] (7.33 ms) : 0, 7330
Telemetry [candidate] (7.327 ms) : 0, 7327
section profiling
BytebuddyAgent [baseline] (671.725 ms) : 0, 671725
BytebuddyAgent [candidate] (673.692 ms) : 0, 673692
GlobalTracer [baseline] (393.51 ms) : 0, 393510
GlobalTracer [candidate] (395.627 ms) : 0, 395627
AppSec [baseline] (53.053 ms) : 0, 53053
AppSec [candidate] (55.082 ms) : 0, 55082
Remote Config [baseline] (661.816 µs) : 0, 662
Remote Config [candidate] (661.513 µs) : 0, 662
Telemetry [baseline] (7.354 ms) : 0, 7354
Telemetry [candidate] (7.479 ms) : 0, 7479
ProfilingAgent [baseline] (96.473 ms) : 0, 96473
ProfilingAgent [candidate] (97.592 ms) : 0, 97592
Profiling [baseline] (96.497 ms) : 0, 96497
Profiling [candidate] (97.616 ms) : 0, 97616
Loading
Startup time reports for insecure-bank
gantt
    title insecure-bank - global startup overhead: candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.071 s) : 0, 1071279
Total [baseline] (8.595 s) : 0, 8594838
Agent [candidate] (1.072 s) : 0, 1072490
Total [candidate] (8.54 s) : 0, 8540080
section iast
Agent [baseline] (1.189 s) : 0, 1189115
Total [baseline] (9.044 s) : 0, 9043900
Agent [candidate] (1.19 s) : 0, 1190178
Total [candidate] (8.993 s) : 0, 8993080
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.196 s) : 0, 1195904
Total [baseline] (9.012 s) : 0, 9012210
Agent [candidate] (1.196 s) : 0, 1195999
Total [candidate] (8.984 s) : 0, 8983768
section iast_TELEMETRY_OFF
Agent [baseline] (1.196 s) : 0, 1196058
Total [baseline] (9.011 s) : 0, 9011275
Agent [candidate] (1.195 s) : 0, 1195330
Total [candidate] (9.006 s) : 0, 9005998
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.071 s -
Agent iast 1.189 s 117.836 ms (11.0%)
Agent iast_HARDCODED_SECRET_DISABLED 1.196 s 124.625 ms (11.6%)
Agent iast_TELEMETRY_OFF 1.196 s 124.779 ms (11.6%)
Total tracing 8.595 s -
Total iast 9.044 s 449.063 ms (5.2%)
Total iast_HARDCODED_SECRET_DISABLED 9.012 s 417.373 ms (4.9%)
Total iast_TELEMETRY_OFF 9.011 s 416.437 ms (4.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.072 s -
Agent iast 1.19 s 117.688 ms (11.0%)
Agent iast_HARDCODED_SECRET_DISABLED 1.196 s 123.509 ms (11.5%)
Agent iast_TELEMETRY_OFF 1.195 s 122.84 ms (11.5%)
Total tracing 8.54 s -
Total iast 8.993 s 453.0 ms (5.3%)
Total iast_HARDCODED_SECRET_DISABLED 8.984 s 443.688 ms (5.2%)
Total iast_TELEMETRY_OFF 9.006 s 465.917 ms (5.5%)
gantt
    title insecure-bank - break down per module: candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (683.729 ms) : 0, 683729
BytebuddyAgent [candidate] (684.631 ms) : 0, 684631
GlobalTracer [baseline] (312.43 ms) : 0, 312430
GlobalTracer [candidate] (311.945 ms) : 0, 311945
AppSec [baseline] (53.198 ms) : 0, 53198
AppSec [candidate] (53.975 ms) : 0, 53975
Remote Config [baseline] (676.382 µs) : 0, 676
Remote Config [candidate] (655.486 µs) : 0, 655
Telemetry [baseline] (7.523 ms) : 0, 7523
Telemetry [candidate] (7.558 ms) : 0, 7558
section iast
BytebuddyAgent [baseline] (791.245 ms) : 0, 791245
BytebuddyAgent [candidate] (791.692 ms) : 0, 791692
GlobalTracer [baseline] (298.097 ms) : 0, 298097
GlobalTracer [candidate] (298.727 ms) : 0, 298727
AppSec [baseline] (51.015 ms) : 0, 51015
AppSec [candidate] (53.16 ms) : 0, 53160
Remote Config [baseline] (660.893 µs) : 0, 661
Remote Config [candidate] (668.987 µs) : 0, 669
Telemetry [baseline] (7.331 ms) : 0, 7331
Telemetry [candidate] (7.28 ms) : 0, 7280
IAST [baseline] (27.159 ms) : 0, 27159
IAST [candidate] (25.012 ms) : 0, 25012
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (797.119 ms) : 0, 797119
BytebuddyAgent [candidate] (795.837 ms) : 0, 795837
GlobalTracer [baseline] (299.918 ms) : 0, 299918
GlobalTracer [candidate] (300.712 ms) : 0, 300712
AppSec [baseline] (52.611 ms) : 0, 52611
AppSec [candidate] (55.857 ms) : 0, 55857
Remote Config [baseline] (638.026 µs) : 0, 638
Remote Config [candidate] (609.556 µs) : 0, 610
Telemetry [baseline] (7.387 ms) : 0, 7387
Telemetry [candidate] (7.363 ms) : 0, 7363
IAST [baseline] (24.504 ms) : 0, 24504
IAST [candidate] (21.91 ms) : 0, 21910
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (795.214 ms) : 0, 795214
BytebuddyAgent [candidate] (793.76 ms) : 0, 793760
GlobalTracer [baseline] (301.404 ms) : 0, 301404
GlobalTracer [candidate] (301.016 ms) : 0, 301016
AppSec [baseline] (54.447 ms) : 0, 54447
AppSec [candidate] (54.863 ms) : 0, 54863
Remote Config [baseline] (625.495 µs) : 0, 625
Remote Config [candidate] (617.813 µs) : 0, 618
Telemetry [baseline] (8.143 ms) : 0, 8143
Telemetry [candidate] (7.272 ms) : 0, 7272
IAST [baseline] (22.453 ms) : 0, 22453
IAST [candidate] (24.138 ms) : 0, 24138
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-09-18T19:50:20 2024-09-18T19:57:11
git_branch master malvarez/waf-session-fingerprint
git_commit_date 1726677448 1726688377
git_commit_sha da9ecfb fff9d35
release_version 1.40.0-SNAPSHOT~da9ecfbbcd 1.40.0-SNAPSHOT~fff9d3586c
start_time 2024-09-18T19:50:07 2024-09-18T19:56:58
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1726689777 1726689777
ci_job_id 644127294 644127294
ci_pipeline_id 44630248 44630248
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 18 unstable metrics.

Request duration reports for petclinic
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.344 ms) : 1325, 1364
.   : milestone, 1344,
appsec (1.722 ms) : 1697, 1747
.   : milestone, 1722,
appsec_no_iast (1.717 ms) : 1692, 1742
.   : milestone, 1717,
iast (1.469 ms) : 1446, 1492
.   : milestone, 1469,
profiling (1.495 ms) : 1471, 1520
.   : milestone, 1495,
tracing (1.463 ms) : 1438, 1488
.   : milestone, 1463,
section candidate
no_agent (1.333 ms) : 1313, 1354
.   : milestone, 1333,
appsec (1.724 ms) : 1699, 1748
.   : milestone, 1724,
appsec_no_iast (1.71 ms) : 1685, 1736
.   : milestone, 1710,
iast (1.455 ms) : 1433, 1478
.   : milestone, 1455,
profiling (1.502 ms) : 1476, 1528
.   : milestone, 1502,
tracing (1.447 ms) : 1422, 1471
.   : milestone, 1447,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.344 ms [1.325 ms, 1.364 ms] -
appsec 1.722 ms [1.697 ms, 1.747 ms] 377.784 µs (28.1%)
appsec_no_iast 1.717 ms [1.692 ms, 1.742 ms] 373.075 µs (27.8%)
iast 1.469 ms [1.446 ms, 1.492 ms] 124.818 µs (9.3%)
profiling 1.495 ms [1.471 ms, 1.52 ms] 151.367 µs (11.3%)
tracing 1.463 ms [1.438 ms, 1.488 ms] 119.086 µs (8.9%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.333 ms [1.313 ms, 1.354 ms] -
appsec 1.724 ms [1.699 ms, 1.748 ms] 390.099 µs (29.3%)
appsec_no_iast 1.71 ms [1.685 ms, 1.736 ms] 376.909 µs (28.3%)
iast 1.455 ms [1.433 ms, 1.478 ms] 121.791 µs (9.1%)
profiling 1.502 ms [1.476 ms, 1.528 ms] 168.432 µs (12.6%)
tracing 1.447 ms [1.422 ms, 1.471 ms] 113.182 µs (8.5%)
Request duration reports for insecure-bank
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd
    dateFormat X
    axisFormat %s
section baseline
no_agent (370.091 µs) : 350, 390
.   : milestone, 370,
iast (481.859 µs) : 461, 503
.   : milestone, 482,
iast_FULL (560.006 µs) : 538, 582
.   : milestone, 560,
iast_GLOBAL (507.353 µs) : 486, 529
.   : milestone, 507,
iast_HARDCODED_SECRET_DISABLED (488.094 µs) : 467, 509
.   : milestone, 488,
iast_INACTIVE (446.978 µs) : 426, 468
.   : milestone, 447,
iast_TELEMETRY_OFF (482.642 µs) : 459, 506
.   : milestone, 483,
tracing (444.828 µs) : 424, 466
.   : milestone, 445,
section candidate
no_agent (369.636 µs) : 350, 389
.   : milestone, 370,
iast (480.654 µs) : 459, 502
.   : milestone, 481,
iast_FULL (558.091 µs) : 537, 579
.   : milestone, 558,
iast_GLOBAL (507.163 µs) : 486, 529
.   : milestone, 507,
iast_HARDCODED_SECRET_DISABLED (482.145 µs) : 461, 504
.   : milestone, 482,
iast_INACTIVE (449.788 µs) : 428, 471
.   : milestone, 450,
iast_TELEMETRY_OFF (474.749 µs) : 452, 497
.   : milestone, 475,
tracing (443.404 µs) : 423, 464
.   : milestone, 443,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 370.091 µs [350.114 µs, 390.068 µs] -
iast 481.859 µs [460.916 µs, 502.801 µs] 111.768 µs (30.2%)
iast_FULL 560.006 µs [538.487 µs, 581.525 µs] 189.915 µs (51.3%)
iast_GLOBAL 507.353 µs [485.794 µs, 528.912 µs] 137.262 µs (37.1%)
iast_HARDCODED_SECRET_DISABLED 488.094 µs [466.729 µs, 509.46 µs] 118.003 µs (31.9%)
iast_INACTIVE 446.978 µs [425.825 µs, 468.131 µs] 76.887 µs (20.8%)
iast_TELEMETRY_OFF 482.642 µs [459.491 µs, 505.792 µs] 112.551 µs (30.4%)
tracing 444.828 µs [423.849 µs, 465.807 µs] 74.737 µs (20.2%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 369.636 µs [350.496 µs, 388.776 µs] -
iast 480.654 µs [459.498 µs, 501.811 µs] 111.019 µs (30.0%)
iast_FULL 558.091 µs [536.756 µs, 579.425 µs] 188.455 µs (51.0%)
iast_GLOBAL 507.163 µs [485.709 µs, 528.618 µs] 137.528 µs (37.2%)
iast_HARDCODED_SECRET_DISABLED 482.145 µs [460.641 µs, 503.648 µs] 112.509 µs (30.4%)
iast_INACTIVE 449.788 µs [428.291 µs, 471.286 µs] 80.153 µs (21.7%)
iast_TELEMETRY_OFF 474.749 µs [452.132 µs, 497.366 µs] 105.113 µs (28.4%)
tracing 443.404 µs [422.728 µs, 464.079 µs] 73.768 µs (20.0%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/waf-session-fingerprint
git_commit_date 1726677448 1726688377
git_commit_sha da9ecfb fff9d35
release_version 1.40.0-SNAPSHOT~da9ecfbbcd 1.40.0-SNAPSHOT~fff9d3586c
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1726690293 1726690293
ci_job_id 644127295 644127295
ci_pipeline_id 44630248 44630248
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.461 ms) : 1449, 1472
.   : milestone, 1461,
appsec (2.276 ms) : 2236, 2316
.   : milestone, 2276,
iast (2.045 ms) : 1995, 2095
.   : milestone, 2045,
iast_GLOBAL (2.085 ms) : 2035, 2135
.   : milestone, 2085,
profiling (2.366 ms) : 2127, 2604
.   : milestone, 2366,
tracing (1.903 ms) : 1865, 1941
.   : milestone, 1903,
section candidate
no_agent (1.466 ms) : 1454, 1477
.   : milestone, 1466,
appsec (2.317 ms) : 2276, 2358
.   : milestone, 2317,
iast (2.046 ms) : 1996, 2096
.   : milestone, 2046,
iast_GLOBAL (2.084 ms) : 2033, 2135
.   : milestone, 2084,
profiling (1.93 ms) : 1889, 1970
.   : milestone, 1930,
tracing (1.895 ms) : 1856, 1934
.   : milestone, 1895,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.461 ms [1.449 ms, 1.472 ms] -
appsec 2.276 ms [2.236 ms, 2.316 ms] 815.28 µs (55.8%)
iast 2.045 ms [1.995 ms, 2.095 ms] 583.815 µs (40.0%)
iast_GLOBAL 2.085 ms [2.035 ms, 2.135 ms] 624.122 µs (42.7%)
profiling 2.366 ms [2.127 ms, 2.604 ms] 904.751 µs (61.9%)
tracing 1.903 ms [1.865 ms, 1.941 ms] 442.107 µs (30.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.466 ms [1.454 ms, 1.477 ms] -
appsec 2.317 ms [2.276 ms, 2.358 ms] 851.601 µs (58.1%)
iast 2.046 ms [1.996 ms, 2.096 ms] 580.124 µs (39.6%)
iast_GLOBAL 2.084 ms [2.033 ms, 2.135 ms] 618.241 µs (42.2%)
profiling 1.93 ms [1.889 ms, 1.97 ms] 463.929 µs (31.7%)
tracing 1.895 ms [1.856 ms, 1.934 ms] 429.101 µs (29.3%)
Execution time for biojava
gantt
    title biojava - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.228 s) : 15228000, 15228000
.   : milestone, 15228000,
appsec (15.216 s) : 15216000, 15216000
.   : milestone, 15216000,
iast (18.813 s) : 18813000, 18813000
.   : milestone, 18813000,
iast_GLOBAL (17.976 s) : 17976000, 17976000
.   : milestone, 17976000,
profiling (15.78 s) : 15780000, 15780000
.   : milestone, 15780000,
tracing (15.391 s) : 15391000, 15391000
.   : milestone, 15391000,
section candidate
no_agent (15.536 s) : 15536000, 15536000
.   : milestone, 15536000,
appsec (15.484 s) : 15484000, 15484000
.   : milestone, 15484000,
iast (18.634 s) : 18634000, 18634000
.   : milestone, 18634000,
iast_GLOBAL (17.947 s) : 17947000, 17947000
.   : milestone, 17947000,
profiling (14.929 s) : 14929000, 14929000
.   : milestone, 14929000,
tracing (15.143 s) : 15143000, 15143000
.   : milestone, 15143000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.228 s [15.228 s, 15.228 s] -
appsec 15.216 s [15.216 s, 15.216 s] -12.0 ms (-0.1%)
iast 18.813 s [18.813 s, 18.813 s] 3.585 s (23.5%)
iast_GLOBAL 17.976 s [17.976 s, 17.976 s] 2.748 s (18.0%)
profiling 15.78 s [15.78 s, 15.78 s] 552.0 ms (3.6%)
tracing 15.391 s [15.391 s, 15.391 s] 163.0 ms (1.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.536 s [15.536 s, 15.536 s] -
appsec 15.484 s [15.484 s, 15.484 s] -52.0 ms (-0.3%)
iast 18.634 s [18.634 s, 18.634 s] 3.098 s (19.9%)
iast_GLOBAL 17.947 s [17.947 s, 17.947 s] 2.411 s (15.5%)
profiling 14.929 s [14.929 s, 14.929 s] -607.0 ms (-3.9%)
tracing 15.143 s [15.143 s, 15.143 s] -393.0 ms (-2.5%)

Base automatically changed from malvarez/appsec-reactor-event-tracker to master September 16, 2024 16:35
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/waf-session-fingerprint branch 2 times, most recently from 13dd133 to d3344e8 Compare September 17, 2024 07:49
@manuel-alvarez-alvarez manuel-alvarez-alvarez merged commit 1f250b2 into master Sep 19, 2024
102 checks passed
@manuel-alvarez-alvarez manuel-alvarez-alvarez deleted the malvarez/waf-session-fingerprint branch September 19, 2024 07:44
@github-actions github-actions bot added this to the 1.40.0 milestone Sep 19, 2024
jordan-wong pushed a commit that referenced this pull request Sep 23, 2024
Add support for http session fingerprints
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
comp: asm waf Application Security Management (WAF) type: enhancement
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants