-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent publishing the same usr.id to the WAF twice #7699
Merged
manuel-alvarez-alvarez
merged 1 commit into
master
from
malvarez/waf-do-not-publish-dup-user-ids
Oct 2, 2024
Merged
Prevent publishing the same usr.id to the WAF twice #7699
manuel-alvarez-alvarez
merged 1 commit into
master
from
malvarez/waf-do-not-publish-dup-user-ids
Oct 2, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
manuel-alvarez-alvarez
added
tag: performance
Performance related changes
comp: asm waf
Application Security Management (WAF)
labels
Oct 1, 2024
manuel-alvarez-alvarez
force-pushed
the
malvarez/waf-do-not-publish-dup-user-ids
branch
2 times, most recently
from
October 1, 2024 12:28
ebe35c3
to
42af107
Compare
smola
approved these changes
Oct 1, 2024
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 52 metrics, 11 unstable metrics. Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.41.0-SNAPSHOT~c9bb1bacc4, baseline=1.41.0-SNAPSHOT~0a80d676b0
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.072 s) : 0, 1072044
Total [baseline] (10.459 s) : 0, 10458981
Agent [candidate] (1.071 s) : 0, 1071403
Total [candidate] (10.475 s) : 0, 10475097
section appsec
Agent [baseline] (1.208 s) : 0, 1208058
Total [baseline] (10.672 s) : 0, 10672484
Agent [candidate] (1.21 s) : 0, 1210411
Total [candidate] (10.652 s) : 0, 10652494
section iast
Agent [baseline] (1.201 s) : 0, 1200661
Total [baseline] (10.884 s) : 0, 10883644
Agent [candidate] (1.201 s) : 0, 1201000
Total [candidate] (10.874 s) : 0, 10873692
section profiling
Agent [baseline] (1.271 s) : 0, 1271014
Total [baseline] (10.641 s) : 0, 10641487
Agent [candidate] (1.279 s) : 0, 1279429
Total [candidate] (10.676 s) : 0, 10676350
gantt
title petclinic - break down per module: candidate=1.41.0-SNAPSHOT~c9bb1bacc4, baseline=1.41.0-SNAPSHOT~0a80d676b0
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (683.851 ms) : 0, 683851
BytebuddyAgent [candidate] (682.719 ms) : 0, 682719
GlobalTracer [baseline] (311.955 ms) : 0, 311955
GlobalTracer [candidate] (311.994 ms) : 0, 311994
AppSec [baseline] (54.106 ms) : 0, 54106
AppSec [candidate] (54.533 ms) : 0, 54533
Remote Config [baseline] (669.74 µs) : 0, 670
Remote Config [candidate] (681.024 µs) : 0, 681
Telemetry [baseline] (7.736 ms) : 0, 7736
Telemetry [candidate] (7.74 ms) : 0, 7740
section appsec
BytebuddyAgent [baseline] (701.85 ms) : 0, 701850
BytebuddyAgent [candidate] (704.435 ms) : 0, 704435
GlobalTracer [baseline] (309.616 ms) : 0, 309616
GlobalTracer [candidate] (309.146 ms) : 0, 309146
AppSec [baseline] (162.773 ms) : 0, 162773
AppSec [candidate] (164.128 ms) : 0, 164128
IAST [baseline] (19.547 ms) : 0, 19547
IAST [candidate] (20.696 ms) : 0, 20696
Remote Config [baseline] (641.446 µs) : 0, 641
Remote Config [candidate] (640.893 µs) : 0, 641
Telemetry [baseline] (9.612 ms) : 0, 9612
Telemetry [candidate] (7.889 ms) : 0, 7889
section iast
BytebuddyAgent [baseline] (799.582 ms) : 0, 799582
BytebuddyAgent [candidate] (800.324 ms) : 0, 800324
GlobalTracer [baseline] (300.697 ms) : 0, 300697
GlobalTracer [candidate] (300.832 ms) : 0, 300832
AppSec [baseline] (56.011 ms) : 0, 56011
AppSec [candidate] (53.854 ms) : 0, 53854
IAST [baseline] (22.944 ms) : 0, 22944
IAST [candidate] (24.455 ms) : 0, 24455
Remote Config [baseline] (612.512 µs) : 0, 613
Remote Config [candidate] (602.524 µs) : 0, 603
Telemetry [baseline] (7.054 ms) : 0, 7054
Telemetry [candidate] (7.136 ms) : 0, 7136
section profiling
BytebuddyAgent [baseline] (677.425 ms) : 0, 677425
BytebuddyAgent [candidate] (681.85 ms) : 0, 681850
GlobalTracer [baseline] (394.529 ms) : 0, 394529
GlobalTracer [candidate] (397.373 ms) : 0, 397373
AppSec [baseline] (54.764 ms) : 0, 54764
AppSec [candidate] (55.056 ms) : 0, 55056
Remote Config [baseline] (654.686 µs) : 0, 655
Remote Config [candidate] (660.072 µs) : 0, 660
Telemetry [baseline] (7.472 ms) : 0, 7472
Telemetry [candidate] (7.505 ms) : 0, 7505
ProfilingAgent [baseline] (97.355 ms) : 0, 97355
ProfilingAgent [candidate] (97.885 ms) : 0, 97885
Profiling [baseline] (97.379 ms) : 0, 97379
Profiling [candidate] (97.909 ms) : 0, 97909
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.41.0-SNAPSHOT~c9bb1bacc4, baseline=1.41.0-SNAPSHOT~0a80d676b0
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.085 s) : 0, 1084594
Total [baseline] (8.596 s) : 0, 8595555
Agent [candidate] (1.078 s) : 0, 1077784
Total [candidate] (8.648 s) : 0, 8648140
section iast
Agent [baseline] (1.209 s) : 0, 1208777
Total [baseline] (9.153 s) : 0, 9153167
Agent [candidate] (1.197 s) : 0, 1196537
Total [candidate] (9.071 s) : 0, 9070642
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.198 s) : 0, 1198079
Total [baseline] (9.1 s) : 0, 9099959
Agent [candidate] (1.199 s) : 0, 1199457
Total [candidate] (9.09 s) : 0, 9089830
section iast_TELEMETRY_OFF
Agent [baseline] (1.197 s) : 0, 1197074
Total [baseline] (9.096 s) : 0, 9096304
Agent [candidate] (1.211 s) : 0, 1210751
Total [candidate] (9.112 s) : 0, 9112380
gantt
title insecure-bank - break down per module: candidate=1.41.0-SNAPSHOT~c9bb1bacc4, baseline=1.41.0-SNAPSHOT~0a80d676b0
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (694.317 ms) : 0, 694317
BytebuddyAgent [candidate] (687.909 ms) : 0, 687909
GlobalTracer [baseline] (313.502 ms) : 0, 313502
GlobalTracer [candidate] (313.251 ms) : 0, 313251
AppSec [baseline] (54.455 ms) : 0, 54455
AppSec [candidate] (54.342 ms) : 0, 54342
Remote Config [baseline] (664.629 µs) : 0, 665
Remote Config [candidate] (667.197 µs) : 0, 667
Telemetry [baseline] (7.681 ms) : 0, 7681
Telemetry [candidate] (7.773 ms) : 0, 7773
section iast
BytebuddyAgent [baseline] (805.365 ms) : 0, 805365
BytebuddyAgent [candidate] (797.315 ms) : 0, 797315
GlobalTracer [baseline] (302.709 ms) : 0, 302709
GlobalTracer [candidate] (300.104 ms) : 0, 300104
AppSec [baseline] (53.85 ms) : 0, 53850
AppSec [candidate] (52.498 ms) : 0, 52498
IAST [baseline] (25.309 ms) : 0, 25309
IAST [candidate] (25.269 ms) : 0, 25269
Remote Config [baseline] (607.298 µs) : 0, 607
Remote Config [candidate] (596.387 µs) : 0, 596
Telemetry [baseline] (7.02 ms) : 0, 7020
Telemetry [candidate] (6.976 ms) : 0, 6976
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (797.704 ms) : 0, 797704
BytebuddyAgent [candidate] (798.201 ms) : 0, 798201
GlobalTracer [baseline] (300.152 ms) : 0, 300152
GlobalTracer [candidate] (300.372 ms) : 0, 300372
AppSec [baseline] (55.022 ms) : 0, 55022
AppSec [candidate] (53.059 ms) : 0, 53059
IAST [baseline] (23.665 ms) : 0, 23665
IAST [candidate] (26.326 ms) : 0, 26326
Remote Config [baseline] (605.704 µs) : 0, 606
Remote Config [candidate] (607.877 µs) : 0, 608
Telemetry [baseline] (7.074 ms) : 0, 7074
Telemetry [candidate] (7.047 ms) : 0, 7047
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (796.708 ms) : 0, 796708
BytebuddyAgent [candidate] (806.457 ms) : 0, 806457
GlobalTracer [baseline] (300.185 ms) : 0, 300185
GlobalTracer [candidate] (303.664 ms) : 0, 303664
AppSec [baseline] (53.683 ms) : 0, 53683
AppSec [candidate] (57.375 ms) : 0, 57375
IAST [baseline] (25.096 ms) : 0, 25096
IAST [candidate] (21.633 ms) : 0, 21633
Remote Config [baseline] (605.122 µs) : 0, 605
Remote Config [candidate] (633.227 µs) : 0, 633
Telemetry [baseline] (6.909 ms) : 0, 6909
Telemetry [candidate] (6.973 ms) : 0, 6973
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 16 unstable metrics. Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.41.0-SNAPSHOT~c9bb1bacc4, baseline=1.41.0-SNAPSHOT~0a80d676b0
dateFormat X
axisFormat %s
section baseline
no_agent (1.349 ms) : 1328, 1369
. : milestone, 1349,
appsec (1.717 ms) : 1693, 1741
. : milestone, 1717,
appsec_no_iast (1.716 ms) : 1691, 1741
. : milestone, 1716,
iast (1.462 ms) : 1440, 1484
. : milestone, 1462,
profiling (1.526 ms) : 1500, 1551
. : milestone, 1526,
tracing (1.453 ms) : 1429, 1478
. : milestone, 1453,
section candidate
no_agent (1.334 ms) : 1314, 1354
. : milestone, 1334,
appsec (1.726 ms) : 1704, 1748
. : milestone, 1726,
appsec_no_iast (1.69 ms) : 1665, 1715
. : milestone, 1690,
iast (1.486 ms) : 1463, 1508
. : milestone, 1486,
profiling (1.478 ms) : 1454, 1503
. : milestone, 1478,
tracing (1.456 ms) : 1431, 1480
. : milestone, 1456,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.41.0-SNAPSHOT~c9bb1bacc4, baseline=1.41.0-SNAPSHOT~0a80d676b0
dateFormat X
axisFormat %s
section baseline
no_agent (374.254 µs) : 355, 394
. : milestone, 374,
iast (490.042 µs) : 469, 511
. : milestone, 490,
iast_FULL (549.469 µs) : 528, 571
. : milestone, 549,
iast_GLOBAL (503.94 µs) : 483, 525
. : milestone, 504,
iast_HARDCODED_SECRET_DISABLED (482.383 µs) : 461, 504
. : milestone, 482,
iast_INACTIVE (443.302 µs) : 423, 464
. : milestone, 443,
iast_TELEMETRY_OFF (470.971 µs) : 450, 492
. : milestone, 471,
tracing (446.797 µs) : 426, 468
. : milestone, 447,
section candidate
no_agent (374.205 µs) : 353, 396
. : milestone, 374,
iast (489.871 µs) : 468, 512
. : milestone, 490,
iast_FULL (555.19 µs) : 534, 577
. : milestone, 555,
iast_GLOBAL (508.151 µs) : 487, 529
. : milestone, 508,
iast_HARDCODED_SECRET_DISABLED (480.833 µs) : 460, 502
. : milestone, 481,
iast_INACTIVE (442.14 µs) : 421, 463
. : milestone, 442,
iast_TELEMETRY_OFF (477.787 µs) : 456, 500
. : milestone, 478,
tracing (440.628 µs) : 420, 461
. : milestone, 441,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.41.0-SNAPSHOT~c9bb1bacc4, baseline=1.41.0-SNAPSHOT~0a80d676b0
dateFormat X
axisFormat %s
section baseline
no_agent (1.459 ms) : 1448, 1471
. : milestone, 1459,
appsec (2.297 ms) : 2257, 2337
. : milestone, 2297,
iast (2.072 ms) : 2021, 2124
. : milestone, 2072,
iast_GLOBAL (2.11 ms) : 2058, 2161
. : milestone, 2110,
profiling (1.939 ms) : 1898, 1980
. : milestone, 1939,
tracing (1.906 ms) : 1867, 1945
. : milestone, 1906,
section candidate
no_agent (1.462 ms) : 1451, 1474
. : milestone, 1462,
appsec (2.313 ms) : 2273, 2353
. : milestone, 2313,
iast (2.064 ms) : 2012, 2115
. : milestone, 2064,
iast_GLOBAL (2.098 ms) : 2046, 2149
. : milestone, 2098,
profiling (1.922 ms) : 1881, 1962
. : milestone, 1922,
tracing (1.906 ms) : 1866, 1945
. : milestone, 1906,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.41.0-SNAPSHOT~c9bb1bacc4, baseline=1.41.0-SNAPSHOT~0a80d676b0
dateFormat X
axisFormat %s
section baseline
no_agent (15.598 s) : 15598000, 15598000
. : milestone, 15598000,
appsec (15.115 s) : 15115000, 15115000
. : milestone, 15115000,
iast (18.87 s) : 18870000, 18870000
. : milestone, 18870000,
iast_GLOBAL (17.622 s) : 17622000, 17622000
. : milestone, 17622000,
profiling (15.242 s) : 15242000, 15242000
. : milestone, 15242000,
tracing (15.13 s) : 15130000, 15130000
. : milestone, 15130000,
section candidate
no_agent (15.064 s) : 15064000, 15064000
. : milestone, 15064000,
appsec (15.17 s) : 15170000, 15170000
. : milestone, 15170000,
iast (18.772 s) : 18772000, 18772000
. : milestone, 18772000,
iast_GLOBAL (17.96 s) : 17960000, 17960000
. : milestone, 17960000,
profiling (15.287 s) : 15287000, 15287000
. : milestone, 15287000,
tracing (15.347 s) : 15347000, 15347000
. : milestone, 15347000,
|
jandro996
approved these changes
Oct 1, 2024
ValentinZakharov
approved these changes
Oct 1, 2024
manuel-alvarez-alvarez
force-pushed
the
malvarez/waf-noise-with-usr-id
branch
from
October 2, 2024 07:28
9bd156d
to
f27309e
Compare
manuel-alvarez-alvarez
force-pushed
the
malvarez/waf-do-not-publish-dup-user-ids
branch
from
October 2, 2024 08:11
42af107
to
c9bb1ba
Compare
Mariovido
approved these changes
Oct 2, 2024
manuel-alvarez-alvarez
deleted the
malvarez/waf-do-not-publish-dup-user-ids
branch
October 2, 2024 10:04
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Avoid publishing the same
usr.id
to the WAF more than once in a request.Motivation
Calls to the WAF are expensive due to the switch between java and native code, this PR should reduce the number of jumps.
Additional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: [PROJ-IDENT]