Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure vulnerabilities are reported with taintable values #7801

Merged

Conversation

manuel-alvarez-alvarez
Copy link
Member

What Does This Do

Makes sure that all sink modules are able to deal with datadog.trace.api.iast.Taintable references when reporting a vulnerability.

Motivation

Taintable references were never expected to reach sinks, as they are just propagation utilities to improve performance, we have detected that in some cases they might reach sinks hiding vulnerabilities.

Additional Notes

Contributor Checklist

Jira ticket: [PROJ-IDENT]

@manuel-alvarez-alvarez manuel-alvarez-alvarez added type: bug comp: asm iast Application Security Management (IAST) labels Oct 18, 2024
@manuel-alvarez-alvarez manuel-alvarez-alvarez marked this pull request as ready for review October 18, 2024 10:27
@manuel-alvarez-alvarez manuel-alvarez-alvarez requested a review from a team as a code owner October 18, 2024 10:27
@pr-commenter
Copy link

pr-commenter bot commented Oct 18, 2024

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/iast-taintable-vulnerabilities
git_commit_date 1729515503 1729517660
git_commit_sha 5ba267f 6e4a946
release_version 1.42.0-SNAPSHOT~5ba267f941 1.42.0-SNAPSHOT~6e4a946642
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1729520086 1729520086
ci_job_id 678370669 678370669
ci_pipeline_id 47038032 47038032
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 54 metrics, 9 unstable metrics.

Startup time reports for petclinic
gantt
    title petclinic - global startup overhead: candidate=1.42.0-SNAPSHOT~6e4a946642, baseline=1.42.0-SNAPSHOT~5ba267f941

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.074 s) : 0, 1073774
Total [baseline] (10.393 s) : 0, 10393056
Agent [candidate] (1.083 s) : 0, 1082969
Total [candidate] (10.347 s) : 0, 10347090
section appsec
Agent [baseline] (1.207 s) : 0, 1206899
Total [baseline] (10.567 s) : 0, 10567439
Agent [candidate] (1.219 s) : 0, 1218942
Total [candidate] (10.589 s) : 0, 10589053
section iast
Agent [baseline] (1.2 s) : 0, 1199612
Total [baseline] (10.819 s) : 0, 10818934
Agent [candidate] (1.201 s) : 0, 1201244
Total [candidate] (10.815 s) : 0, 10815100
section profiling
Agent [baseline] (1.272 s) : 0, 1271867
Total [baseline] (10.651 s) : 0, 10651295
Agent [candidate] (1.27 s) : 0, 1270230
Total [candidate] (10.653 s) : 0, 10652818
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.074 s -
Agent appsec 1.207 s 133.125 ms (12.4%)
Agent iast 1.2 s 125.838 ms (11.7%)
Agent profiling 1.272 s 198.093 ms (18.4%)
Total tracing 10.393 s -
Total appsec 10.567 s 174.383 ms (1.7%)
Total iast 10.819 s 425.878 ms (4.1%)
Total profiling 10.651 s 258.239 ms (2.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.083 s -
Agent appsec 1.219 s 135.973 ms (12.6%)
Agent iast 1.201 s 118.275 ms (10.9%)
Agent profiling 1.27 s 187.261 ms (17.3%)
Total tracing 10.347 s -
Total appsec 10.589 s 241.963 ms (2.3%)
Total iast 10.815 s 468.01 ms (4.5%)
Total profiling 10.653 s 305.728 ms (3.0%)
gantt
    title petclinic - break down per module: candidate=1.42.0-SNAPSHOT~6e4a946642, baseline=1.42.0-SNAPSHOT~5ba267f941

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (684.88 ms) : 0, 684880
BytebuddyAgent [candidate] (691.348 ms) : 0, 691348
GlobalTracer [baseline] (312.418 ms) : 0, 312418
GlobalTracer [candidate] (314.705 ms) : 0, 314705
AppSec [baseline] (54.055 ms) : 0, 54055
AppSec [candidate] (54.341 ms) : 0, 54341
Remote Config [baseline] (662.763 µs) : 0, 663
Remote Config [candidate] (674.35 µs) : 0, 674
Telemetry [baseline] (8.154 ms) : 0, 8154
Telemetry [candidate] (8.147 ms) : 0, 8147
section appsec
BytebuddyAgent [baseline] (701.168 ms) : 0, 701168
BytebuddyAgent [candidate] (708.387 ms) : 0, 708387
GlobalTracer [baseline] (309.094 ms) : 0, 309094
GlobalTracer [candidate] (312.013 ms) : 0, 312013
AppSec [baseline] (165.092 ms) : 0, 165092
AppSec [candidate] (166.589 ms) : 0, 166589
Remote Config [baseline] (635.849 µs) : 0, 636
Remote Config [candidate] (644.824 µs) : 0, 645
Telemetry [baseline] (7.022 ms) : 0, 7022
Telemetry [candidate] (7.47 ms) : 0, 7470
IAST [baseline] (20.657 ms) : 0, 20657
IAST [candidate] (20.186 ms) : 0, 20186
section iast
BytebuddyAgent [baseline] (799.527 ms) : 0, 799527
BytebuddyAgent [candidate] (801.074 ms) : 0, 801074
GlobalTracer [baseline] (301.397 ms) : 0, 301397
GlobalTracer [candidate] (301.312 ms) : 0, 301312
AppSec [baseline] (57.344 ms) : 0, 57344
AppSec [candidate] (57.295 ms) : 0, 57295
Remote Config [baseline] (590.348 µs) : 0, 590
Remote Config [candidate] (595.242 µs) : 0, 595
Telemetry [baseline] (7.0 ms) : 0, 7000
Telemetry [candidate] (7.071 ms) : 0, 7071
IAST [baseline] (20.121 ms) : 0, 20121
IAST [candidate] (20.252 ms) : 0, 20252
section profiling
ProfilingAgent [baseline] (89.907 ms) : 0, 89907
ProfilingAgent [candidate] (90.518 ms) : 0, 90518
BytebuddyAgent [baseline] (679.8 ms) : 0, 679800
BytebuddyAgent [candidate] (678.287 ms) : 0, 678287
GlobalTracer [baseline] (394.665 ms) : 0, 394665
GlobalTracer [candidate] (394.417 ms) : 0, 394417
AppSec [baseline] (54.615 ms) : 0, 54615
AppSec [candidate] (54.618 ms) : 0, 54618
Remote Config [baseline] (663.674 µs) : 0, 664
Remote Config [candidate] (647.969 µs) : 0, 648
Telemetry [baseline] (13.527 ms) : 0, 13527
Telemetry [candidate] (13.147 ms) : 0, 13147
Profiling [baseline] (89.93 ms) : 0, 89930
Profiling [candidate] (90.541 ms) : 0, 90541
Loading
Startup time reports for insecure-bank
gantt
    title insecure-bank - global startup overhead: candidate=1.42.0-SNAPSHOT~6e4a946642, baseline=1.42.0-SNAPSHOT~5ba267f941

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.078 s) : 0, 1077991
Total [baseline] (8.567 s) : 0, 8567259
Agent [candidate] (1.076 s) : 0, 1076184
Total [candidate] (8.552 s) : 0, 8551647
section iast
Agent [baseline] (1.21 s) : 0, 1210473
Total [baseline] (9.146 s) : 0, 9146453
Agent [candidate] (1.201 s) : 0, 1201107
Total [candidate] (9.124 s) : 0, 9123895
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.206 s) : 0, 1206238
Total [baseline] (9.093 s) : 0, 9092772
Agent [candidate] (1.202 s) : 0, 1201889
Total [candidate] (9.091 s) : 0, 9091107
section iast_TELEMETRY_OFF
Agent [baseline] (1.196 s) : 0, 1195952
Total [baseline] (9.064 s) : 0, 9063594
Agent [candidate] (1.198 s) : 0, 1197866
Total [candidate] (9.064 s) : 0, 9064316
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.078 s -
Agent iast 1.21 s 132.482 ms (12.3%)
Agent iast_HARDCODED_SECRET_DISABLED 1.206 s 128.247 ms (11.9%)
Agent iast_TELEMETRY_OFF 1.196 s 117.961 ms (10.9%)
Total tracing 8.567 s -
Total iast 9.146 s 579.194 ms (6.8%)
Total iast_HARDCODED_SECRET_DISABLED 9.093 s 525.513 ms (6.1%)
Total iast_TELEMETRY_OFF 9.064 s 496.335 ms (5.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.076 s -
Agent iast 1.201 s 124.923 ms (11.6%)
Agent iast_HARDCODED_SECRET_DISABLED 1.202 s 125.705 ms (11.7%)
Agent iast_TELEMETRY_OFF 1.198 s 121.682 ms (11.3%)
Total tracing 8.552 s -
Total iast 9.124 s 572.248 ms (6.7%)
Total iast_HARDCODED_SECRET_DISABLED 9.091 s 539.46 ms (6.3%)
Total iast_TELEMETRY_OFF 9.064 s 512.669 ms (6.0%)
gantt
    title insecure-bank - break down per module: candidate=1.42.0-SNAPSHOT~6e4a946642, baseline=1.42.0-SNAPSHOT~5ba267f941

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (686.565 ms) : 0, 686565
BytebuddyAgent [candidate] (685.435 ms) : 0, 685435
GlobalTracer [baseline] (314.092 ms) : 0, 314092
GlobalTracer [candidate] (312.193 ms) : 0, 312193
AppSec [baseline] (54.202 ms) : 0, 54202
AppSec [candidate] (53.929 ms) : 0, 53929
Remote Config [baseline] (669.325 µs) : 0, 669
Remote Config [candidate] (657.001 µs) : 0, 657
Telemetry [baseline] (8.847 ms) : 0, 8847
Telemetry [candidate] (10.346 ms) : 0, 10346
section iast
BytebuddyAgent [baseline] (806.169 ms) : 0, 806169
BytebuddyAgent [candidate] (800.44 ms) : 0, 800440
GlobalTracer [baseline] (304.685 ms) : 0, 304685
GlobalTracer [candidate] (301.459 ms) : 0, 301459
AppSec [baseline] (56.645 ms) : 0, 56645
AppSec [candidate] (55.091 ms) : 0, 55091
IAST [baseline] (21.508 ms) : 0, 21508
IAST [candidate] (22.883 ms) : 0, 22883
Remote Config [baseline] (629.496 µs) : 0, 629
Remote Config [candidate] (608.324 µs) : 0, 608
Telemetry [baseline] (7.106 ms) : 0, 7106
Telemetry [candidate] (7.012 ms) : 0, 7012
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (804.287 ms) : 0, 804287
BytebuddyAgent [candidate] (800.163 ms) : 0, 800163
GlobalTracer [baseline] (302.549 ms) : 0, 302549
GlobalTracer [candidate] (301.543 ms) : 0, 301543
AppSec [baseline] (56.197 ms) : 0, 56197
AppSec [candidate] (58.071 ms) : 0, 58071
IAST [baseline] (21.92 ms) : 0, 21920
IAST [candidate] (20.669 ms) : 0, 20669
Remote Config [baseline] (597.93 µs) : 0, 598
Remote Config [candidate] (623.665 µs) : 0, 624
Telemetry [baseline] (7.013 ms) : 0, 7013
Telemetry [candidate] (7.196 ms) : 0, 7196
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (796.206 ms) : 0, 796206
BytebuddyAgent [candidate] (796.719 ms) : 0, 796719
GlobalTracer [baseline] (300.988 ms) : 0, 300988
GlobalTracer [candidate] (302.552 ms) : 0, 302552
AppSec [baseline] (56.675 ms) : 0, 56675
AppSec [candidate] (57.434 ms) : 0, 57434
IAST [baseline] (20.88 ms) : 0, 20880
IAST [candidate] (19.946 ms) : 0, 19946
Remote Config [baseline] (606.551 µs) : 0, 607
Remote Config [candidate] (594.241 µs) : 0, 594
Telemetry [baseline] (6.985 ms) : 0, 6985
Telemetry [candidate] (6.96 ms) : 0, 6960
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-10-21T13:43:20 2024-10-21T13:50:12
git_branch master malvarez/iast-taintable-vulnerabilities
git_commit_date 1729515503 1729517660
git_commit_sha 5ba267f 6e4a946
release_version 1.42.0-SNAPSHOT~5ba267f941 1.42.0-SNAPSHOT~6e4a946642
start_time 2024-10-21T13:43:07 2024-10-21T13:49:58
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1729518958 1729518958
ci_job_id 678370670 678370670
ci_pipeline_id 47038032 47038032
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics.

Request duration reports for insecure-bank
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.42.0-SNAPSHOT~6e4a946642, baseline=1.42.0-SNAPSHOT~5ba267f941
    dateFormat X
    axisFormat %s
section baseline
no_agent (368.616 µs) : 348, 389
.   : milestone, 369,
iast (484.639 µs) : 463, 506
.   : milestone, 485,
iast_FULL (555.322 µs) : 534, 577
.   : milestone, 555,
iast_GLOBAL (501.445 µs) : 480, 523
.   : milestone, 501,
iast_HARDCODED_SECRET_DISABLED (491.238 µs) : 470, 513
.   : milestone, 491,
iast_INACTIVE (450.487 µs) : 429, 472
.   : milestone, 450,
iast_TELEMETRY_OFF (471.969 µs) : 451, 493
.   : milestone, 472,
tracing (448.067 µs) : 427, 469
.   : milestone, 448,
section candidate
no_agent (376.587 µs) : 357, 396
.   : milestone, 377,
iast (490.422 µs) : 469, 512
.   : milestone, 490,
iast_FULL (558.242 µs) : 537, 580
.   : milestone, 558,
iast_GLOBAL (507.476 µs) : 487, 528
.   : milestone, 507,
iast_HARDCODED_SECRET_DISABLED (485.553 µs) : 464, 507
.   : milestone, 486,
iast_INACTIVE (443.542 µs) : 423, 464
.   : milestone, 444,
iast_TELEMETRY_OFF (475.97 µs) : 455, 497
.   : milestone, 476,
tracing (438.868 µs) : 418, 459
.   : milestone, 439,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 368.616 µs [348.432 µs, 388.8 µs] -
iast 484.639 µs [463.187 µs, 506.092 µs] 116.023 µs (31.5%)
iast_FULL 555.322 µs [533.756 µs, 576.888 µs] 186.706 µs (50.7%)
iast_GLOBAL 501.445 µs [480.291 µs, 522.599 µs] 132.828 µs (36.0%)
iast_HARDCODED_SECRET_DISABLED 491.238 µs [469.743 µs, 512.733 µs] 122.622 µs (33.3%)
iast_INACTIVE 450.487 µs [428.962 µs, 472.012 µs] 81.87 µs (22.2%)
iast_TELEMETRY_OFF 471.969 µs [450.611 µs, 493.327 µs] 103.353 µs (28.0%)
tracing 448.067 µs [426.99 µs, 469.144 µs] 79.451 µs (21.6%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 376.587 µs [356.85 µs, 396.324 µs] -
iast 490.422 µs [469.081 µs, 511.763 µs] 113.835 µs (30.2%)
iast_FULL 558.242 µs [536.934 µs, 579.55 µs] 181.655 µs (48.2%)
iast_GLOBAL 507.476 µs [486.61 µs, 528.342 µs] 130.889 µs (34.8%)
iast_HARDCODED_SECRET_DISABLED 485.553 µs [464.227 µs, 506.878 µs] 108.966 µs (28.9%)
iast_INACTIVE 443.542 µs [423.06 µs, 464.024 µs] 66.955 µs (17.8%)
iast_TELEMETRY_OFF 475.97 µs [454.739 µs, 497.201 µs] 99.383 µs (26.4%)
tracing 438.868 µs [418.261 µs, 459.475 µs] 62.281 µs (16.5%)
Request duration reports for petclinic
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.42.0-SNAPSHOT~6e4a946642, baseline=1.42.0-SNAPSHOT~5ba267f941
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.341 ms) : 1322, 1360
.   : milestone, 1341,
appsec (1.72 ms) : 1696, 1743
.   : milestone, 1720,
appsec_no_iast (1.723 ms) : 1698, 1749
.   : milestone, 1723,
iast (1.469 ms) : 1447, 1492
.   : milestone, 1469,
profiling (1.48 ms) : 1457, 1503
.   : milestone, 1480,
tracing (1.475 ms) : 1451, 1499
.   : milestone, 1475,
section candidate
no_agent (1.318 ms) : 1299, 1338
.   : milestone, 1318,
appsec (1.724 ms) : 1700, 1749
.   : milestone, 1724,
appsec_no_iast (1.707 ms) : 1682, 1732
.   : milestone, 1707,
iast (1.477 ms) : 1454, 1500
.   : milestone, 1477,
profiling (1.473 ms) : 1450, 1495
.   : milestone, 1473,
tracing (1.461 ms) : 1437, 1486
.   : milestone, 1461,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.341 ms [1.322 ms, 1.36 ms] -
appsec 1.72 ms [1.696 ms, 1.743 ms] 378.723 µs (28.2%)
appsec_no_iast 1.723 ms [1.698 ms, 1.749 ms] 382.205 µs (28.5%)
iast 1.469 ms [1.447 ms, 1.492 ms] 128.39 µs (9.6%)
profiling 1.48 ms [1.457 ms, 1.503 ms] 138.847 µs (10.4%)
tracing 1.475 ms [1.451 ms, 1.499 ms] 133.798 µs (10.0%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.318 ms [1.299 ms, 1.338 ms] -
appsec 1.724 ms [1.7 ms, 1.749 ms] 405.796 µs (30.8%)
appsec_no_iast 1.707 ms [1.682 ms, 1.732 ms] 388.826 µs (29.5%)
iast 1.477 ms [1.454 ms, 1.5 ms] 158.564 µs (12.0%)
profiling 1.473 ms [1.45 ms, 1.495 ms] 154.291 µs (11.7%)
tracing 1.461 ms [1.437 ms, 1.486 ms] 143.002 µs (10.8%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/iast-taintable-vulnerabilities
git_commit_date 1729515503 1729517660
git_commit_sha 5ba267f 6e4a946
release_version 1.42.0-SNAPSHOT~5ba267f941 1.42.0-SNAPSHOT~6e4a946642
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1729519599 1729519599
ci_job_id 678370671 678370671
ci_pipeline_id 47038032 47038032
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava
gantt
    title biojava - execution time [CI 0.99] : candidate=1.42.0-SNAPSHOT~6e4a946642, baseline=1.42.0-SNAPSHOT~5ba267f941
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.064 s) : 15064000, 15064000
.   : milestone, 15064000,
appsec (15.06 s) : 15060000, 15060000
.   : milestone, 15060000,
iast (18.994 s) : 18994000, 18994000
.   : milestone, 18994000,
iast_GLOBAL (17.896 s) : 17896000, 17896000
.   : milestone, 17896000,
profiling (15.024 s) : 15024000, 15024000
.   : milestone, 15024000,
tracing (15.299 s) : 15299000, 15299000
.   : milestone, 15299000,
section candidate
no_agent (15.023 s) : 15023000, 15023000
.   : milestone, 15023000,
appsec (15.365 s) : 15365000, 15365000
.   : milestone, 15365000,
iast (18.721 s) : 18721000, 18721000
.   : milestone, 18721000,
iast_GLOBAL (18.052 s) : 18052000, 18052000
.   : milestone, 18052000,
profiling (15.749 s) : 15749000, 15749000
.   : milestone, 15749000,
tracing (15.053 s) : 15053000, 15053000
.   : milestone, 15053000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.064 s [15.064 s, 15.064 s] -
appsec 15.06 s [15.06 s, 15.06 s] -4.0 ms (-0.0%)
iast 18.994 s [18.994 s, 18.994 s] 3.93 s (26.1%)
iast_GLOBAL 17.896 s [17.896 s, 17.896 s] 2.832 s (18.8%)
profiling 15.024 s [15.024 s, 15.024 s] -40.0 ms (-0.3%)
tracing 15.299 s [15.299 s, 15.299 s] 235.0 ms (1.6%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.023 s [15.023 s, 15.023 s] -
appsec 15.365 s [15.365 s, 15.365 s] 342.0 ms (2.3%)
iast 18.721 s [18.721 s, 18.721 s] 3.698 s (24.6%)
iast_GLOBAL 18.052 s [18.052 s, 18.052 s] 3.029 s (20.2%)
profiling 15.749 s [15.749 s, 15.749 s] 726.0 ms (4.8%)
tracing 15.053 s [15.053 s, 15.053 s] 30.0 ms (0.2%)
Execution time for tomcat
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.42.0-SNAPSHOT~6e4a946642, baseline=1.42.0-SNAPSHOT~5ba267f941
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.458 ms) : 1447, 1469
.   : milestone, 1458,
appsec (2.31 ms) : 2270, 2351
.   : milestone, 2310,
iast (2.058 ms) : 2007, 2109
.   : milestone, 2058,
iast_GLOBAL (2.105 ms) : 2053, 2157
.   : milestone, 2105,
profiling (1.917 ms) : 1877, 1958
.   : milestone, 1917,
tracing (1.905 ms) : 1866, 1944
.   : milestone, 1905,
section candidate
no_agent (1.455 ms) : 1444, 1466
.   : milestone, 1455,
appsec (2.307 ms) : 2266, 2347
.   : milestone, 2307,
iast (2.057 ms) : 2007, 2108
.   : milestone, 2057,
iast_GLOBAL (2.11 ms) : 2057, 2162
.   : milestone, 2110,
profiling (1.924 ms) : 1883, 1966
.   : milestone, 1924,
tracing (1.91 ms) : 1870, 1950
.   : milestone, 1910,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.458 ms [1.447 ms, 1.469 ms] -
appsec 2.31 ms [2.27 ms, 2.351 ms] 852.238 µs (58.5%)
iast 2.058 ms [2.007 ms, 2.109 ms] 600.226 µs (41.2%)
iast_GLOBAL 2.105 ms [2.053 ms, 2.157 ms] 647.527 µs (44.4%)
profiling 1.917 ms [1.877 ms, 1.958 ms] 459.44 µs (31.5%)
tracing 1.905 ms [1.866 ms, 1.944 ms] 447.012 µs (30.7%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.455 ms [1.444 ms, 1.466 ms] -
appsec 2.307 ms [2.266 ms, 2.347 ms] 851.842 µs (58.5%)
iast 2.057 ms [2.007 ms, 2.108 ms] 602.502 µs (41.4%)
iast_GLOBAL 2.11 ms [2.057 ms, 2.162 ms] 654.732 µs (45.0%)
profiling 1.924 ms [1.883 ms, 1.966 ms] 469.43 µs (32.3%)
tracing 1.91 ms [1.87 ms, 1.95 ms] 455.066 µs (31.3%)

Copy link
Contributor

@Mariovido Mariovido left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-taintable-vulnerabilities branch from 64d26f7 to 194b3cf Compare October 21, 2024 08:50
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-taintable-vulnerabilities branch from 194b3cf to 6e4a946 Compare October 21, 2024 13:34
@manuel-alvarez-alvarez manuel-alvarez-alvarez merged commit 3fd69de into master Oct 21, 2024
100 of 102 checks passed
@manuel-alvarez-alvarez manuel-alvarez-alvarez deleted the malvarez/iast-taintable-vulnerabilities branch October 21, 2024 15:09
@github-actions github-actions bot added this to the 1.42.0 milestone Oct 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
comp: asm iast Application Security Management (IAST) type: bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants