-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update libsqreen library to 11.0.1 fixing fingerprint generation #7655
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
manuel-alvarez-alvarez
added
type: bug
comp: asm waf
Application Security Management (WAF)
labels
Sep 20, 2024
manuel-alvarez-alvarez
requested review from
ValentinZakharov and
jandro996
September 20, 2024 10:23
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 49 metrics, 14 unstable metrics. Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.40.0-SNAPSHOT~c2cd81254b, baseline=1.40.0-SNAPSHOT~58679718b3
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.073 s) : 0, 1072895
Total [baseline] (8.553 s) : 0, 8552526
Agent [candidate] (1.066 s) : 0, 1066134
Total [candidate] (8.533 s) : 0, 8532953
section iast
Agent [baseline] (1.189 s) : 0, 1189300
Total [baseline] (8.97 s) : 0, 8969743
Agent [candidate] (1.197 s) : 0, 1197457
Total [candidate] (9.007 s) : 0, 9006563
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.189 s) : 0, 1189425
Total [baseline] (8.955 s) : 0, 8955218
Agent [candidate] (1.196 s) : 0, 1195976
Total [candidate] (8.994 s) : 0, 8993696
section iast_TELEMETRY_OFF
Agent [baseline] (1.19 s) : 0, 1189862
Total [baseline] (8.983 s) : 0, 8982871
Agent [candidate] (1.187 s) : 0, 1186913
Total [candidate] (8.997 s) : 0, 8997234
gantt
title insecure-bank - break down per module: candidate=1.40.0-SNAPSHOT~c2cd81254b, baseline=1.40.0-SNAPSHOT~58679718b3
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (684.98 ms) : 0, 684980
BytebuddyAgent [candidate] (681.428 ms) : 0, 681428
GlobalTracer [baseline] (311.88 ms) : 0, 311880
GlobalTracer [candidate] (309.047 ms) : 0, 309047
AppSec [baseline] (54.028 ms) : 0, 54028
AppSec [candidate] (53.737 ms) : 0, 53737
Remote Config [baseline] (666.05 µs) : 0, 666
Remote Config [candidate] (687.885 µs) : 0, 688
Telemetry [baseline] (7.592 ms) : 0, 7592
Telemetry [candidate] (7.573 ms) : 0, 7573
section iast
BytebuddyAgent [baseline] (791.741 ms) : 0, 791741
BytebuddyAgent [candidate] (796.93 ms) : 0, 796930
GlobalTracer [baseline] (297.988 ms) : 0, 297988
GlobalTracer [candidate] (299.828 ms) : 0, 299828
AppSec [baseline] (53.759 ms) : 0, 53759
AppSec [candidate] (54.855 ms) : 0, 54855
IAST [baseline] (24.358 ms) : 0, 24358
IAST [candidate] (24.145 ms) : 0, 24145
Remote Config [baseline] (586.09 µs) : 0, 586
Remote Config [candidate] (620.355 µs) : 0, 620
Telemetry [baseline] (7.235 ms) : 0, 7235
Telemetry [candidate] (7.34 ms) : 0, 7340
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (791.062 ms) : 0, 791062
BytebuddyAgent [candidate] (795.841 ms) : 0, 795841
GlobalTracer [baseline] (298.306 ms) : 0, 298306
GlobalTracer [candidate] (299.704 ms) : 0, 299704
AppSec [baseline] (53.232 ms) : 0, 53232
AppSec [candidate] (53.335 ms) : 0, 53335
IAST [baseline] (25.253 ms) : 0, 25253
IAST [candidate] (25.401 ms) : 0, 25401
Remote Config [baseline] (627.313 µs) : 0, 627
Remote Config [candidate] (606.97 µs) : 0, 607
Telemetry [baseline] (7.313 ms) : 0, 7313
Telemetry [candidate] (7.356 ms) : 0, 7356
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (790.736 ms) : 0, 790736
BytebuddyAgent [candidate] (788.874 ms) : 0, 788874
GlobalTracer [baseline] (299.614 ms) : 0, 299614
GlobalTracer [candidate] (298.474 ms) : 0, 298474
AppSec [baseline] (54.967 ms) : 0, 54967
AppSec [candidate] (53.365 ms) : 0, 53365
IAST [baseline] (23.049 ms) : 0, 23049
IAST [candidate] (23.133 ms) : 0, 23133
Remote Config [baseline] (600.727 µs) : 0, 601
Remote Config [candidate] (2.182 ms) : 0, 2182
Telemetry [baseline] (7.194 ms) : 0, 7194
Telemetry [candidate] (7.213 ms) : 0, 7213
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.40.0-SNAPSHOT~c2cd81254b, baseline=1.40.0-SNAPSHOT~58679718b3
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.075 s) : 0, 1074994
Total [baseline] (10.425 s) : 0, 10424943
Agent [candidate] (1.063 s) : 0, 1063219
Total [candidate] (10.334 s) : 0, 10333845
section appsec
Agent [baseline] (1.198 s) : 0, 1197502
Total [baseline] (10.618 s) : 0, 10618035
Agent [candidate] (1.205 s) : 0, 1205483
Total [candidate] (10.615 s) : 0, 10614766
section iast
Agent [baseline] (1.196 s) : 0, 1196386
Total [baseline] (10.802 s) : 0, 10801579
Agent [candidate] (1.198 s) : 0, 1198062
Total [candidate] (10.828 s) : 0, 10827638
section profiling
Agent [baseline] (1.274 s) : 0, 1274485
Total [baseline] (10.648 s) : 0, 10647853
Agent [candidate] (1.273 s) : 0, 1273429
Total [candidate] (10.683 s) : 0, 10682607
gantt
title petclinic - break down per module: candidate=1.40.0-SNAPSHOT~c2cd81254b, baseline=1.40.0-SNAPSHOT~58679718b3
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (687.29 ms) : 0, 687290
BytebuddyAgent [candidate] (677.839 ms) : 0, 677839
GlobalTracer [baseline] (311.643 ms) : 0, 311643
GlobalTracer [candidate] (309.745 ms) : 0, 309745
AppSec [baseline] (54.049 ms) : 0, 54049
AppSec [candidate] (53.831 ms) : 0, 53831
Remote Config [baseline] (658.085 µs) : 0, 658
Remote Config [candidate] (670.407 µs) : 0, 670
Telemetry [baseline] (7.572 ms) : 0, 7572
Telemetry [candidate] (7.522 ms) : 0, 7522
section appsec
BytebuddyAgent [baseline] (700.353 ms) : 0, 700353
BytebuddyAgent [candidate] (705.229 ms) : 0, 705229
GlobalTracer [baseline] (302.539 ms) : 0, 302539
GlobalTracer [candidate] (304.394 ms) : 0, 304394
AppSec [baseline] (162.013 ms) : 0, 162013
AppSec [candidate] (162.172 ms) : 0, 162172
Remote Config [baseline] (635.075 µs) : 0, 635
Remote Config [candidate] (657.458 µs) : 0, 657
Telemetry [baseline] (8.464 ms) : 0, 8464
Telemetry [candidate] (8.808 ms) : 0, 8808
IAST [baseline] (19.838 ms) : 0, 19838
IAST [candidate] (21.051 ms) : 0, 21051
section iast
BytebuddyAgent [baseline] (796.251 ms) : 0, 796251
BytebuddyAgent [candidate] (797.599 ms) : 0, 797599
GlobalTracer [baseline] (300.079 ms) : 0, 300079
GlobalTracer [candidate] (300.159 ms) : 0, 300159
AppSec [baseline] (54.951 ms) : 0, 54951
AppSec [candidate] (57.446 ms) : 0, 57446
Remote Config [baseline] (604.236 µs) : 0, 604
Remote Config [candidate] (644.348 µs) : 0, 644
Telemetry [baseline] (7.33 ms) : 0, 7330
Telemetry [candidate] (7.386 ms) : 0, 7386
IAST [baseline] (23.48 ms) : 0, 23480
IAST [candidate] (21.112 ms) : 0, 21112
section profiling
ProfilingAgent [baseline] (97.375 ms) : 0, 97375
ProfilingAgent [candidate] (97.371 ms) : 0, 97371
BytebuddyAgent [baseline] (679.327 ms) : 0, 679327
BytebuddyAgent [candidate] (678.324 ms) : 0, 678324
GlobalTracer [baseline] (396.578 ms) : 0, 396578
GlobalTracer [candidate] (396.667 ms) : 0, 396667
AppSec [baseline] (54.659 ms) : 0, 54659
AppSec [candidate] (54.646 ms) : 0, 54646
Remote Config [baseline] (649.542 µs) : 0, 650
Remote Config [candidate] (654.202 µs) : 0, 654
Telemetry [baseline] (7.532 ms) : 0, 7532
Telemetry [candidate] (7.456 ms) : 0, 7456
Profiling [baseline] (97.4 ms) : 0, 97400
Profiling [candidate] (97.395 ms) : 0, 97395
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 1 performance regressions! Performance is the same for 9 metrics, 18 unstable metrics.
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~c2cd81254b, baseline=1.40.0-SNAPSHOT~58679718b3
dateFormat X
axisFormat %s
section baseline
no_agent (368.538 µs) : 349, 388
. : milestone, 369,
iast (485.11 µs) : 464, 507
. : milestone, 485,
iast_FULL (547.418 µs) : 526, 569
. : milestone, 547,
iast_GLOBAL (512.212 µs) : 489, 535
. : milestone, 512,
iast_HARDCODED_SECRET_DISABLED (484.069 µs) : 463, 505
. : milestone, 484,
iast_INACTIVE (441.44 µs) : 421, 462
. : milestone, 441,
iast_TELEMETRY_OFF (477.319 µs) : 455, 500
. : milestone, 477,
tracing (439.907 µs) : 420, 460
. : milestone, 440,
section candidate
no_agent (372.148 µs) : 350, 394
. : milestone, 372,
iast (478.014 µs) : 457, 499
. : milestone, 478,
iast_FULL (553.298 µs) : 532, 575
. : milestone, 553,
iast_GLOBAL (498.156 µs) : 477, 519
. : milestone, 498,
iast_HARDCODED_SECRET_DISABLED (482.687 µs) : 461, 504
. : milestone, 483,
iast_INACTIVE (445.514 µs) : 424, 467
. : milestone, 446,
iast_TELEMETRY_OFF (476.52 µs) : 454, 499
. : milestone, 477,
tracing (438.642 µs) : 418, 459
. : milestone, 439,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~c2cd81254b, baseline=1.40.0-SNAPSHOT~58679718b3
dateFormat X
axisFormat %s
section baseline
no_agent (1.362 ms) : 1342, 1382
. : milestone, 1362,
appsec (1.713 ms) : 1689, 1737
. : milestone, 1713,
appsec_no_iast (1.711 ms) : 1687, 1735
. : milestone, 1711,
iast (1.474 ms) : 1451, 1497
. : milestone, 1474,
profiling (1.481 ms) : 1457, 1506
. : milestone, 1481,
tracing (1.45 ms) : 1425, 1474
. : milestone, 1450,
section candidate
no_agent (1.347 ms) : 1328, 1366
. : milestone, 1347,
appsec (1.701 ms) : 1677, 1725
. : milestone, 1701,
appsec_no_iast (1.715 ms) : 1691, 1739
. : milestone, 1715,
iast (1.466 ms) : 1444, 1488
. : milestone, 1466,
profiling (1.539 ms) : 1513, 1566
. : milestone, 1539,
tracing (1.471 ms) : 1447, 1495
. : milestone, 1471,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~c2cd81254b, baseline=1.40.0-SNAPSHOT~58679718b3
dateFormat X
axisFormat %s
section baseline
no_agent (1.473 ms) : 1462, 1485
. : milestone, 1473,
appsec (2.327 ms) : 2286, 2369
. : milestone, 2327,
iast (2.069 ms) : 2019, 2120
. : milestone, 2069,
iast_GLOBAL (2.1 ms) : 2049, 2150
. : milestone, 2100,
profiling (1.941 ms) : 1901, 1981
. : milestone, 1941,
tracing (1.914 ms) : 1875, 1952
. : milestone, 1914,
section candidate
no_agent (1.471 ms) : 1459, 1482
. : milestone, 1471,
appsec (2.326 ms) : 2285, 2367
. : milestone, 2326,
iast (2.059 ms) : 2008, 2110
. : milestone, 2059,
iast_GLOBAL (2.109 ms) : 2057, 2160
. : milestone, 2109,
profiling (1.928 ms) : 1888, 1968
. : milestone, 1928,
tracing (1.902 ms) : 1864, 1940
. : milestone, 1902,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~c2cd81254b, baseline=1.40.0-SNAPSHOT~58679718b3
dateFormat X
axisFormat %s
section baseline
no_agent (15.169 s) : 15169000, 15169000
. : milestone, 15169000,
appsec (15.69 s) : 15690000, 15690000
. : milestone, 15690000,
iast (18.897 s) : 18897000, 18897000
. : milestone, 18897000,
iast_GLOBAL (18.079 s) : 18079000, 18079000
. : milestone, 18079000,
profiling (15.404 s) : 15404000, 15404000
. : milestone, 15404000,
tracing (15.309 s) : 15309000, 15309000
. : milestone, 15309000,
section candidate
no_agent (15.183 s) : 15183000, 15183000
. : milestone, 15183000,
appsec (15.202 s) : 15202000, 15202000
. : milestone, 15202000,
iast (18.679 s) : 18679000, 18679000
. : milestone, 18679000,
iast_GLOBAL (17.848 s) : 17848000, 17848000
. : milestone, 17848000,
profiling (15.448 s) : 15448000, 15448000
. : milestone, 15448000,
tracing (15.348 s) : 15348000, 15348000
. : milestone, 15348000,
|
smola
approved these changes
Sep 20, 2024
smola
pushed a commit
that referenced
this pull request
Sep 23, 2024
(cherry picked from commit 0eb6f8c)
5 tasks
manuel-alvarez-alvarez
added a commit
that referenced
this pull request
Sep 23, 2024
…tion (#7669) * Update libsqreen library to 11.0.1 fixing fingerprint generation (#7655) (cherry picked from commit 0eb6f8c) * Remove session id test from powerwaf module --------- Co-authored-by: Manuel Álvarez Álvarez <[email protected]> Co-authored-by: Manuel Álvarez Álvarez <[email protected]>
jordan-wong
pushed a commit
that referenced
this pull request
Sep 23, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Updates libsqreen library to 11.0.1 that includes a fix handling derivatives from the WAF.
Motivation
Schema derivatives are gziped and encoded in base64, meanwhile fingerprints should be sent as clear text.
Additional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: APPSEC-54547