-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updated ASM rules to 1.13.1 #7831
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 55 metrics, 8 unstable metrics. Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.42.0-SNAPSHOT~bd5473e250, baseline=1.42.0-SNAPSHOT~7010cb865c
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.08 s) : 0, 1080153
Total [baseline] (8.594 s) : 0, 8593884
Agent [candidate] (1.091 s) : 0, 1091248
Total [candidate] (8.59 s) : 0, 8590448
section iast
Agent [baseline] (1.212 s) : 0, 1212415
Total [baseline] (9.162 s) : 0, 9161614
Agent [candidate] (1.209 s) : 0, 1208521
Total [candidate] (9.173 s) : 0, 9172994
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.216 s) : 0, 1216350
Total [baseline] (9.138 s) : 0, 9137829
Agent [candidate] (1.215 s) : 0, 1215023
Total [candidate] (9.174 s) : 0, 9174193
section iast_TELEMETRY_OFF
Agent [baseline] (1.203 s) : 0, 1203158
Total [baseline] (9.129 s) : 0, 9129277
Agent [candidate] (1.205 s) : 0, 1205030
Total [candidate] (9.128 s) : 0, 9127887
gantt
title insecure-bank - break down per module: candidate=1.42.0-SNAPSHOT~bd5473e250, baseline=1.42.0-SNAPSHOT~7010cb865c
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (686.458 ms) : 0, 686458
BytebuddyAgent [candidate] (692.911 ms) : 0, 692911
GlobalTracer [baseline] (314.589 ms) : 0, 314589
GlobalTracer [candidate] (318.214 ms) : 0, 318214
AppSec [baseline] (54.045 ms) : 0, 54045
AppSec [candidate] (55.584 ms) : 0, 55584
Remote Config [baseline] (667.568 µs) : 0, 668
Remote Config [candidate] (675.23 µs) : 0, 675
Telemetry [baseline] (10.621 ms) : 0, 10621
Telemetry [candidate] (9.986 ms) : 0, 9986
section iast
BytebuddyAgent [baseline] (807.606 ms) : 0, 807606
BytebuddyAgent [candidate] (803.685 ms) : 0, 803685
GlobalTracer [baseline] (305.081 ms) : 0, 305081
GlobalTracer [candidate] (303.984 ms) : 0, 303984
AppSec [baseline] (56.945 ms) : 0, 56945
AppSec [candidate] (58.626 ms) : 0, 58626
Remote Config [baseline] (608.995 µs) : 0, 609
Remote Config [candidate] (638.347 µs) : 0, 638
Telemetry [baseline] (7.468 ms) : 0, 7468
Telemetry [candidate] (7.522 ms) : 0, 7522
IAST [baseline] (20.84 ms) : 0, 20840
IAST [candidate] (20.279 ms) : 0, 20279
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (809.646 ms) : 0, 809646
BytebuddyAgent [candidate] (807.91 ms) : 0, 807910
GlobalTracer [baseline] (306.716 ms) : 0, 306716
GlobalTracer [candidate] (306.146 ms) : 0, 306146
AppSec [baseline] (57.743 ms) : 0, 57743
AppSec [candidate] (58.869 ms) : 0, 58869
Remote Config [baseline] (613.793 µs) : 0, 614
Remote Config [candidate] (620.029 µs) : 0, 620
Telemetry [baseline] (7.475 ms) : 0, 7475
Telemetry [candidate] (7.528 ms) : 0, 7528
IAST [baseline] (20.263 ms) : 0, 20263
IAST [candidate] (20.086 ms) : 0, 20086
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (799.393 ms) : 0, 799393
BytebuddyAgent [candidate] (800.951 ms) : 0, 800951
GlobalTracer [baseline] (304.173 ms) : 0, 304173
GlobalTracer [candidate] (304.141 ms) : 0, 304141
AppSec [baseline] (57.284 ms) : 0, 57284
AppSec [candidate] (58.476 ms) : 0, 58476
Remote Config [baseline] (611.349 µs) : 0, 611
Remote Config [candidate] (606.364 µs) : 0, 606
Telemetry [baseline] (8.233 ms) : 0, 8233
Telemetry [candidate] (7.424 ms) : 0, 7424
IAST [baseline] (19.723 ms) : 0, 19723
IAST [candidate] (19.654 ms) : 0, 19654
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.42.0-SNAPSHOT~bd5473e250, baseline=1.42.0-SNAPSHOT~7010cb865c
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.081 s) : 0, 1081278
Total [baseline] (10.367 s) : 0, 10366801
Agent [candidate] (1.092 s) : 0, 1091797
Total [candidate] (10.442 s) : 0, 10441807
section appsec
Agent [baseline] (1.219 s) : 0, 1219204
Total [baseline] (10.692 s) : 0, 10691662
Agent [candidate] (1.216 s) : 0, 1216196
Total [candidate] (10.667 s) : 0, 10666921
section iast
Agent [baseline] (1.208 s) : 0, 1207979
Total [baseline] (10.926 s) : 0, 10925747
Agent [candidate] (1.21 s) : 0, 1210475
Total [candidate] (10.891 s) : 0, 10890875
section profiling
Agent [baseline] (1.277 s) : 0, 1276923
Total [baseline] (10.787 s) : 0, 10787299
Agent [candidate] (1.282 s) : 0, 1281570
Total [candidate] (10.744 s) : 0, 10743972
gantt
title petclinic - break down per module: candidate=1.42.0-SNAPSHOT~bd5473e250, baseline=1.42.0-SNAPSHOT~7010cb865c
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (687.253 ms) : 0, 687253
BytebuddyAgent [candidate] (693.398 ms) : 0, 693398
GlobalTracer [baseline] (315.697 ms) : 0, 315697
GlobalTracer [candidate] (318.453 ms) : 0, 318453
AppSec [baseline] (54.026 ms) : 0, 54026
AppSec [candidate] (55.49 ms) : 0, 55490
Remote Config [baseline] (667.368 µs) : 0, 667
Remote Config [candidate] (672.727 µs) : 0, 673
Telemetry [baseline] (9.884 ms) : 0, 9884
Telemetry [candidate] (9.899 ms) : 0, 9899
section appsec
BytebuddyAgent [baseline] (706.796 ms) : 0, 706796
BytebuddyAgent [candidate] (704.948 ms) : 0, 704948
GlobalTracer [baseline] (313.737 ms) : 0, 313737
GlobalTracer [candidate] (312.588 ms) : 0, 312588
AppSec [baseline] (166.719 ms) : 0, 166719
AppSec [candidate] (165.587 ms) : 0, 165587
Remote Config [baseline] (638.351 µs) : 0, 638
Remote Config [candidate] (642.758 µs) : 0, 643
Telemetry [baseline] (7.409 ms) : 0, 7409
Telemetry [candidate] (7.8 ms) : 0, 7800
IAST [baseline] (20.26 ms) : 0, 20260
IAST [candidate] (21.692 ms) : 0, 21692
section iast
BytebuddyAgent [baseline] (803.979 ms) : 0, 803979
BytebuddyAgent [candidate] (805.503 ms) : 0, 805503
GlobalTracer [baseline] (304.245 ms) : 0, 304245
GlobalTracer [candidate] (305.119 ms) : 0, 305119
AppSec [baseline] (57.878 ms) : 0, 57878
AppSec [candidate] (58.088 ms) : 0, 58088
Remote Config [baseline] (606.544 µs) : 0, 607
Remote Config [candidate] (601.56 µs) : 0, 602
Telemetry [baseline] (7.42 ms) : 0, 7420
Telemetry [candidate] (7.362 ms) : 0, 7362
IAST [baseline] (20.065 ms) : 0, 20065
IAST [candidate] (19.977 ms) : 0, 19977
section profiling
BytebuddyAgent [baseline] (680.309 ms) : 0, 680309
BytebuddyAgent [candidate] (681.716 ms) : 0, 681716
GlobalTracer [baseline] (398.386 ms) : 0, 398386
GlobalTracer [candidate] (399.522 ms) : 0, 399522
AppSec [baseline] (54.528 ms) : 0, 54528
AppSec [candidate] (55.6 ms) : 0, 55600
Remote Config [baseline] (662.87 µs) : 0, 663
Remote Config [candidate] (670.141 µs) : 0, 670
Telemetry [baseline] (13.538 ms) : 0, 13538
Telemetry [candidate] (14.271 ms) : 0, 14271
ProfilingAgent [baseline] (90.676 ms) : 0, 90676
ProfilingAgent [candidate] (90.81 ms) : 0, 90810
Profiling [baseline] (90.699 ms) : 0, 90699
Profiling [candidate] (90.833 ms) : 0, 90833
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 13 metrics, 15 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.42.0-SNAPSHOT~bd5473e250, baseline=1.42.0-SNAPSHOT~7010cb865c
dateFormat X
axisFormat %s
section baseline
no_agent (370.819 µs) : 351, 390
. : milestone, 371,
iast (486.831 µs) : 466, 508
. : milestone, 487,
iast_FULL (644.739 µs) : 623, 666
. : milestone, 645,
iast_GLOBAL (517.91 µs) : 496, 540
. : milestone, 518,
iast_HARDCODED_SECRET_DISABLED (488.025 µs) : 467, 509
. : milestone, 488,
iast_INACTIVE (452.625 µs) : 432, 473
. : milestone, 453,
iast_TELEMETRY_OFF (482.933 µs) : 462, 504
. : milestone, 483,
tracing (447.089 µs) : 427, 468
. : milestone, 447,
section candidate
no_agent (374.549 µs) : 355, 394
. : milestone, 375,
iast (491.942 µs) : 470, 514
. : milestone, 492,
iast_FULL (648.477 µs) : 627, 670
. : milestone, 648,
iast_GLOBAL (514.368 µs) : 493, 535
. : milestone, 514,
iast_HARDCODED_SECRET_DISABLED (487.008 µs) : 466, 508
. : milestone, 487,
iast_INACTIVE (454.097 µs) : 433, 475
. : milestone, 454,
iast_TELEMETRY_OFF (475.288 µs) : 454, 496
. : milestone, 475,
tracing (447.553 µs) : 427, 468
. : milestone, 448,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.42.0-SNAPSHOT~bd5473e250, baseline=1.42.0-SNAPSHOT~7010cb865c
dateFormat X
axisFormat %s
section baseline
no_agent (1.366 ms) : 1346, 1385
. : milestone, 1366,
appsec (1.751 ms) : 1727, 1774
. : milestone, 1751,
appsec_no_iast (1.723 ms) : 1698, 1748
. : milestone, 1723,
iast (1.48 ms) : 1457, 1502
. : milestone, 1480,
profiling (1.492 ms) : 1469, 1515
. : milestone, 1492,
tracing (1.473 ms) : 1449, 1498
. : milestone, 1473,
section candidate
no_agent (1.352 ms) : 1332, 1371
. : milestone, 1352,
appsec (1.75 ms) : 1726, 1775
. : milestone, 1750,
appsec_no_iast (1.727 ms) : 1704, 1751
. : milestone, 1727,
iast (1.481 ms) : 1458, 1504
. : milestone, 1481,
profiling (1.521 ms) : 1496, 1546
. : milestone, 1521,
tracing (1.483 ms) : 1460, 1507
. : milestone, 1483,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics. Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.42.0-SNAPSHOT~bd5473e250, baseline=1.42.0-SNAPSHOT~7010cb865c
dateFormat X
axisFormat %s
section baseline
no_agent (14.989 s) : 14989000, 14989000
. : milestone, 14989000,
appsec (15.074 s) : 15074000, 15074000
. : milestone, 15074000,
iast (18.712 s) : 18712000, 18712000
. : milestone, 18712000,
iast_GLOBAL (17.96 s) : 17960000, 17960000
. : milestone, 17960000,
profiling (15.333 s) : 15333000, 15333000
. : milestone, 15333000,
tracing (15.12 s) : 15120000, 15120000
. : milestone, 15120000,
section candidate
no_agent (15.211 s) : 15211000, 15211000
. : milestone, 15211000,
appsec (15.214 s) : 15214000, 15214000
. : milestone, 15214000,
iast (18.513 s) : 18513000, 18513000
. : milestone, 18513000,
iast_GLOBAL (18.022 s) : 18022000, 18022000
. : milestone, 18022000,
profiling (15.169 s) : 15169000, 15169000
. : milestone, 15169000,
tracing (15.334 s) : 15334000, 15334000
. : milestone, 15334000,
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.42.0-SNAPSHOT~bd5473e250, baseline=1.42.0-SNAPSHOT~7010cb865c
dateFormat X
axisFormat %s
section baseline
no_agent (1.474 ms) : 1462, 1485
. : milestone, 1474,
appsec (2.326 ms) : 2285, 2368
. : milestone, 2326,
iast (2.077 ms) : 2026, 2129
. : milestone, 2077,
iast_GLOBAL (2.12 ms) : 2067, 2173
. : milestone, 2120,
profiling (2.404 ms) : 2221, 2587
. : milestone, 2404,
tracing (1.911 ms) : 1872, 1951
. : milestone, 1911,
section candidate
no_agent (1.474 ms) : 1462, 1486
. : milestone, 1474,
appsec (2.332 ms) : 2291, 2373
. : milestone, 2332,
iast (2.088 ms) : 2035, 2141
. : milestone, 2088,
iast_GLOBAL (2.132 ms) : 2080, 2185
. : milestone, 2132,
profiling (1.934 ms) : 1891, 1976
. : milestone, 1934,
tracing (1.925 ms) : 1885, 1965
. : milestone, 1925,
|
ValentinZakharov
force-pushed
the
vzakharov/asm_rules_v1.13.1
branch
from
October 25, 2024 16:16
2434bc8
to
bd5473e
Compare
smola
approved these changes
Oct 28, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Updated ASM rules to version
1.13.1
Motivation
Enable Exploit Prevention rules (LFI, SQLi and Command injection)
Additional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: APPSEC-55349