Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Limit the visiting of objects for Trust Boundary Violation #7847

Merged
merged 2 commits into from
Oct 31, 2024

Conversation

manuel-alvarez-alvarez
Copy link
Member

What Does This Do

Limits the types that can be visited by IAST in the context of Trust Boundary Violation to just JDK types.

Motivation

Since any arbitrary object can be added to the session, we have to be extra careful in order not to trigger unwanted state modifications (e.g. loading of lazy objects coming from ORMs).

Additional Notes

Contributor Checklist

Jira ticket: [PROJ-IDENT]

@manuel-alvarez-alvarez manuel-alvarez-alvarez added the comp: asm iast Application Security Management (IAST) label Oct 29, 2024
@manuel-alvarez-alvarez manuel-alvarez-alvarez requested a review from a team as a code owner October 29, 2024 12:07
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-limit-tbv-visitor branch 2 times, most recently from 824f49e to d394f9f Compare October 29, 2024 12:12
@pr-commenter
Copy link

pr-commenter bot commented Oct 29, 2024

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/iast-limit-tbv-visitor
git_commit_date 1730315410 1730375203
git_commit_sha 104a441 b3d6675
release_version 1.42.0-SNAPSHOT~104a441d0a 1.42.0-SNAPSHOT~b3d6675e1f
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1730377711 1730377711
ci_job_id 691320234 691320234
ci_pipeline_id 47943793 47943793
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 52 metrics, 10 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:startup:petclinic:iast:Remote Config better
[-67.294µs; -13.727µs] or [-10.637%; -2.170%]
592.109µs 632.619µs
Startup time reports for insecure-bank
gantt
    title insecure-bank - global startup overhead: candidate=1.42.0-SNAPSHOT~b3d6675e1f, baseline=1.42.0-SNAPSHOT~104a441d0a

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.076 s) : 0, 1076038
Total [baseline] (8.547 s) : 0, 8547433
Agent [candidate] (1.08 s) : 0, 1079824
Total [candidate] (8.54 s) : 0, 8539545
section iast
Agent [baseline] (1.204 s) : 0, 1203658
Total [baseline] (9.131 s) : 0, 9131377
Agent [candidate] (1.203 s) : 0, 1202956
Total [candidate] (9.08 s) : 0, 9079773
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.213 s) : 0, 1212731
Total [baseline] (9.08 s) : 0, 9080436
Agent [candidate] (1.228 s) : 0, 1227808
Total [candidate] (9.084 s) : 0, 9083686
section iast_TELEMETRY_OFF
Agent [baseline] (1.21 s) : 0, 1209504
Total [baseline] (9.125 s) : 0, 9124884
Agent [candidate] (1.204 s) : 0, 1204135
Total [candidate] (9.128 s) : 0, 9127902
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.076 s -
Agent iast 1.204 s 127.62 ms (11.9%)
Agent iast_HARDCODED_SECRET_DISABLED 1.213 s 136.693 ms (12.7%)
Agent iast_TELEMETRY_OFF 1.21 s 133.466 ms (12.4%)
Total tracing 8.547 s -
Total iast 9.131 s 583.944 ms (6.8%)
Total iast_HARDCODED_SECRET_DISABLED 9.08 s 533.003 ms (6.2%)
Total iast_TELEMETRY_OFF 9.125 s 577.452 ms (6.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.08 s -
Agent iast 1.203 s 123.133 ms (11.4%)
Agent iast_HARDCODED_SECRET_DISABLED 1.228 s 147.984 ms (13.7%)
Agent iast_TELEMETRY_OFF 1.204 s 124.311 ms (11.5%)
Total tracing 8.54 s -
Total iast 9.08 s 540.228 ms (6.3%)
Total iast_HARDCODED_SECRET_DISABLED 9.084 s 544.141 ms (6.4%)
Total iast_TELEMETRY_OFF 9.128 s 588.357 ms (6.9%)
gantt
    title insecure-bank - break down per module: candidate=1.42.0-SNAPSHOT~b3d6675e1f, baseline=1.42.0-SNAPSHOT~104a441d0a

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (685.315 ms) : 0, 685315
BytebuddyAgent [candidate] (686.116 ms) : 0, 686116
GlobalTracer [baseline] (313.998 ms) : 0, 313998
GlobalTracer [candidate] (314.253 ms) : 0, 314253
AppSec [baseline] (54.1 ms) : 0, 54100
AppSec [candidate] (53.959 ms) : 0, 53959
Remote Config [baseline] (664.689 µs) : 0, 665
Remote Config [candidate] (659.491 µs) : 0, 659
Telemetry [baseline] (8.36 ms) : 0, 8360
Telemetry [candidate] (11.175 ms) : 0, 11175
section iast
BytebuddyAgent [baseline] (802.061 ms) : 0, 802061
BytebuddyAgent [candidate] (800.849 ms) : 0, 800849
GlobalTracer [baseline] (302.354 ms) : 0, 302354
GlobalTracer [candidate] (302.721 ms) : 0, 302721
AppSec [baseline] (57.559 ms) : 0, 57559
AppSec [candidate] (56.491 ms) : 0, 56491
Remote Config [baseline] (615.935 µs) : 0, 616
Remote Config [candidate] (601.839 µs) : 0, 602
Telemetry [baseline] (7.46 ms) : 0, 7460
Telemetry [candidate] (7.405 ms) : 0, 7405
IAST [baseline] (19.974 ms) : 0, 19974
IAST [candidate] (21.266 ms) : 0, 21266
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (809.687 ms) : 0, 809687
BytebuddyAgent [candidate] (818.374 ms) : 0, 818374
GlobalTracer [baseline] (303.956 ms) : 0, 303956
GlobalTracer [candidate] (308.583 ms) : 0, 308583
AppSec [baseline] (56.634 ms) : 0, 56634
AppSec [candidate] (57.168 ms) : 0, 57168
Remote Config [baseline] (616.615 µs) : 0, 617
Remote Config [candidate] (624.335 µs) : 0, 624
Telemetry [baseline] (7.378 ms) : 0, 7378
Telemetry [candidate] (7.495 ms) : 0, 7495
IAST [baseline] (20.693 ms) : 0, 20693
IAST [candidate] (21.64 ms) : 0, 21640
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (805.019 ms) : 0, 805019
BytebuddyAgent [candidate] (800.704 ms) : 0, 800704
GlobalTracer [baseline] (305.368 ms) : 0, 305368
GlobalTracer [candidate] (303.549 ms) : 0, 303549
AppSec [baseline] (56.296 ms) : 0, 56296
AppSec [candidate] (57.145 ms) : 0, 57145
Remote Config [baseline] (604.054 µs) : 0, 604
Remote Config [candidate] (606.118 µs) : 0, 606
Telemetry [baseline] (7.299 ms) : 0, 7299
Telemetry [candidate] (7.386 ms) : 0, 7386
IAST [baseline] (21.181 ms) : 0, 21181
IAST [candidate] (21.03 ms) : 0, 21030
Loading
Startup time reports for petclinic
gantt
    title petclinic - global startup overhead: candidate=1.42.0-SNAPSHOT~b3d6675e1f, baseline=1.42.0-SNAPSHOT~104a441d0a

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.076 s) : 0, 1076334
Total [baseline] (10.511 s) : 0, 10510909
Agent [candidate] (1.081 s) : 0, 1081408
Total [candidate] (10.422 s) : 0, 10422448
section appsec
Agent [baseline] (1.211 s) : 0, 1210583
Total [baseline] (10.611 s) : 0, 10611421
Agent [candidate] (1.215 s) : 0, 1215334
Total [candidate] (10.707 s) : 0, 10707055
section iast
Agent [baseline] (1.229 s) : 0, 1228686
Total [baseline] (11.012 s) : 0, 11011766
Agent [candidate] (1.204 s) : 0, 1204419
Total [candidate] (10.882 s) : 0, 10882472
section profiling
Agent [baseline] (1.285 s) : 0, 1284616
Total [baseline] (10.808 s) : 0, 10807772
Agent [candidate] (1.272 s) : 0, 1271866
Total [candidate] (10.629 s) : 0, 10629419
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.076 s -
Agent appsec 1.211 s 134.249 ms (12.5%)
Agent iast 1.229 s 152.352 ms (14.2%)
Agent profiling 1.285 s 208.282 ms (19.4%)
Total tracing 10.511 s -
Total appsec 10.611 s 100.512 ms (1.0%)
Total iast 11.012 s 500.857 ms (4.8%)
Total profiling 10.808 s 296.863 ms (2.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.081 s -
Agent appsec 1.215 s 133.926 ms (12.4%)
Agent iast 1.204 s 123.01 ms (11.4%)
Agent profiling 1.272 s 190.458 ms (17.6%)
Total tracing 10.422 s -
Total appsec 10.707 s 284.607 ms (2.7%)
Total iast 10.882 s 460.024 ms (4.4%)
Total profiling 10.629 s 206.971 ms (2.0%)
gantt
    title petclinic - break down per module: candidate=1.42.0-SNAPSHOT~b3d6675e1f, baseline=1.42.0-SNAPSHOT~104a441d0a

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (684.906 ms) : 0, 684906
BytebuddyAgent [candidate] (687.488 ms) : 0, 687488
GlobalTracer [baseline] (313.631 ms) : 0, 313631
GlobalTracer [candidate] (315.712 ms) : 0, 315712
AppSec [baseline] (53.802 ms) : 0, 53802
AppSec [candidate] (54.062 ms) : 0, 54062
Remote Config [baseline] (660.62 µs) : 0, 661
Remote Config [candidate] (664.417 µs) : 0, 664
Telemetry [baseline] (9.713 ms) : 0, 9713
Telemetry [candidate] (9.829 ms) : 0, 9829
section appsec
BytebuddyAgent [baseline] (701.851 ms) : 0, 701851
BytebuddyAgent [candidate] (705.161 ms) : 0, 705161
GlobalTracer [baseline] (311.65 ms) : 0, 311650
GlobalTracer [candidate] (312.387 ms) : 0, 312387
AppSec [baseline] (165.169 ms) : 0, 165169
AppSec [candidate] (165.826 ms) : 0, 165826
Remote Config [baseline] (641.824 µs) : 0, 642
Remote Config [candidate] (637.072 µs) : 0, 637
Telemetry [baseline] (8.411 ms) : 0, 8411
Telemetry [candidate] (8.051 ms) : 0, 8051
IAST [baseline] (18.546 ms) : 0, 18546
IAST [candidate] (19.282 ms) : 0, 19282
section iast
BytebuddyAgent [baseline] (819.906 ms) : 0, 819906
BytebuddyAgent [candidate] (802.537 ms) : 0, 802537
GlobalTracer [baseline] (307.596 ms) : 0, 307596
GlobalTracer [candidate] (302.814 ms) : 0, 302814
AppSec [baseline] (58.431 ms) : 0, 58431
AppSec [candidate] (57.022 ms) : 0, 57022
Remote Config [baseline] (632.619 µs) : 0, 633
Remote Config [candidate] (592.109 µs) : 0, 592
Telemetry [baseline] (7.608 ms) : 0, 7608
Telemetry [candidate] (7.377 ms) : 0, 7377
IAST [baseline] (20.576 ms) : 0, 20576
IAST [candidate] (20.407 ms) : 0, 20407
section profiling
BytebuddyAgent [baseline] (685.513 ms) : 0, 685513
BytebuddyAgent [candidate] (678.9 ms) : 0, 678900
GlobalTracer [baseline] (399.542 ms) : 0, 399542
GlobalTracer [candidate] (396.222 ms) : 0, 396222
AppSec [baseline] (54.689 ms) : 0, 54689
AppSec [candidate] (54.101 ms) : 0, 54101
Remote Config [baseline] (661.803 µs) : 0, 662
Remote Config [candidate] (659.561 µs) : 0, 660
Telemetry [baseline] (14.266 ms) : 0, 14266
Telemetry [candidate] (13.355 ms) : 0, 13355
ProfilingAgent [baseline] (90.826 ms) : 0, 90826
ProfilingAgent [candidate] (89.942 ms) : 0, 89942
Profiling [baseline] (90.85 ms) : 0, 90850
Profiling [candidate] (89.965 ms) : 0, 89965
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-10-31T11:56:56 2024-10-31T12:06:05
git_branch master malvarez/iast-limit-tbv-visitor
git_commit_date 1730315410 1730375203
git_commit_sha 104a441 b3d6675
release_version 1.42.0-SNAPSHOT~104a441d0a 1.42.0-SNAPSHOT~b3d6675e1f
start_time 2024-10-31T11:56:40 2024-10-31T12:05:48
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1730376829 1730376829
ci_job_id 691320235 691320235
ci_pipeline_id 47943793 47943793
cpu_model Intel(R) Xeon(R) Platinum 8175M CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8175M CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 7 metrics, 21 unstable metrics.

Request duration reports for insecure-bank
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.42.0-SNAPSHOT~b3d6675e1f, baseline=1.42.0-SNAPSHOT~104a441d0a
    dateFormat X
    axisFormat %s
section baseline
no_agent (454.495 µs) : 426, 483
.   : milestone, 454,
iast (580.933 µs) : 549, 613
.   : milestone, 581,
iast_FULL (835.454 µs) : 803, 868
.   : milestone, 835,
iast_GLOBAL (618.825 µs) : 587, 650
.   : milestone, 619,
iast_HARDCODED_SECRET_DISABLED (590.598 µs) : 558, 623
.   : milestone, 591,
iast_INACTIVE (542.273 µs) : 511, 573
.   : milestone, 542,
iast_TELEMETRY_OFF (580.386 µs) : 548, 613
.   : milestone, 580,
tracing (538.34 µs) : 509, 568
.   : milestone, 538,
section candidate
no_agent (453.237 µs) : 425, 482
.   : milestone, 453,
iast (591.982 µs) : 559, 625
.   : milestone, 592,
iast_FULL (838.267 µs) : 805, 871
.   : milestone, 838,
iast_GLOBAL (615.364 µs) : 582, 649
.   : milestone, 615,
iast_HARDCODED_SECRET_DISABLED (584.413 µs) : 553, 616
.   : milestone, 584,
iast_INACTIVE (544.98 µs) : 514, 576
.   : milestone, 545,
iast_TELEMETRY_OFF (578.24 µs) : 545, 611
.   : milestone, 578,
tracing (542.682 µs) : 511, 574
.   : milestone, 543,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 454.495 µs [425.69 µs, 483.3 µs] -
iast 580.933 µs [549.077 µs, 612.79 µs] 126.439 µs (27.8%)
iast_FULL 835.454 µs [802.56 µs, 868.349 µs] 380.959 µs (83.8%)
iast_GLOBAL 618.825 µs [587.315 µs, 650.336 µs] 164.33 µs (36.2%)
iast_HARDCODED_SECRET_DISABLED 590.598 µs [558.48 µs, 622.716 µs] 136.103 µs (29.9%)
iast_INACTIVE 542.273 µs [511.05 µs, 573.495 µs] 87.778 µs (19.3%)
iast_TELEMETRY_OFF 580.386 µs [548.128 µs, 612.644 µs] 125.891 µs (27.7%)
tracing 538.34 µs [508.668 µs, 568.012 µs] 83.845 µs (18.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 453.237 µs [424.652 µs, 481.823 µs] -
iast 591.982 µs [558.603 µs, 625.36 µs] 138.744 µs (30.6%)
iast_FULL 838.267 µs [805.37 µs, 871.163 µs] 385.029 µs (85.0%)
iast_GLOBAL 615.364 µs [582.171 µs, 648.557 µs] 162.126 µs (35.8%)
iast_HARDCODED_SECRET_DISABLED 584.413 µs [552.796 µs, 616.03 µs] 131.176 µs (28.9%)
iast_INACTIVE 544.98 µs [514.349 µs, 575.612 µs] 91.743 µs (20.2%)
iast_TELEMETRY_OFF 578.24 µs [545.337 µs, 611.143 µs] 125.002 µs (27.6%)
tracing 542.682 µs [511.132 µs, 574.233 µs] 89.445 µs (19.7%)
Request duration reports for petclinic
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.42.0-SNAPSHOT~b3d6675e1f, baseline=1.42.0-SNAPSHOT~104a441d0a
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.734 ms) : 1708, 1759
.   : milestone, 1734,
appsec (2.15 ms) : 2118, 2182
.   : milestone, 2150,
appsec_no_iast (2.189 ms) : 2157, 2221
.   : milestone, 2189,
iast (1.893 ms) : 1863, 1923
.   : milestone, 1893,
profiling (1.916 ms) : 1882, 1949
.   : milestone, 1916,
tracing (1.859 ms) : 1827, 1891
.   : milestone, 1859,
section candidate
no_agent (1.714 ms) : 1688, 1740
.   : milestone, 1714,
appsec (2.202 ms) : 2170, 2234
.   : milestone, 2202,
appsec_no_iast (2.185 ms) : 2154, 2216
.   : milestone, 2185,
iast (1.881 ms) : 1851, 1910
.   : milestone, 1881,
profiling (1.934 ms) : 1900, 1968
.   : milestone, 1934,
tracing (1.88 ms) : 1848, 1911
.   : milestone, 1880,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.734 ms [1.708 ms, 1.759 ms] -
appsec 2.15 ms [2.118 ms, 2.182 ms] 416.131 µs (24.0%)
appsec_no_iast 2.189 ms [2.157 ms, 2.221 ms] 455.226 µs (26.3%)
iast 1.893 ms [1.863 ms, 1.923 ms] 159.535 µs (9.2%)
profiling 1.916 ms [1.882 ms, 1.949 ms] 181.749 µs (10.5%)
tracing 1.859 ms [1.827 ms, 1.891 ms] 125.395 µs (7.2%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.714 ms [1.688 ms, 1.74 ms] -
appsec 2.202 ms [2.17 ms, 2.234 ms] 488.061 µs (28.5%)
appsec_no_iast 2.185 ms [2.154 ms, 2.216 ms] 471.148 µs (27.5%)
iast 1.881 ms [1.851 ms, 1.91 ms] 166.634 µs (9.7%)
profiling 1.934 ms [1.9 ms, 1.968 ms] 220.351 µs (12.9%)
tracing 1.88 ms [1.848 ms, 1.911 ms] 165.82 µs (9.7%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/iast-limit-tbv-visitor
git_commit_date 1730315410 1730375203
git_commit_sha 104a441 b3d6675
release_version 1.42.0-SNAPSHOT~104a441d0a 1.42.0-SNAPSHOT~b3d6675e1f
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1730377886 1730377886
ci_job_id 691320236 691320236
ci_pipeline_id 47943793 47943793
cpu_model Intel(R) Xeon(R) Platinum 8175M CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8175M CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava
gantt
    title biojava - execution time [CI 0.99] : candidate=1.42.0-SNAPSHOT~b3d6675e1f, baseline=1.42.0-SNAPSHOT~104a441d0a
    dateFormat X
    axisFormat %s
section baseline
no_agent (20.649 s) : 20649000, 20649000
.   : milestone, 20649000,
appsec (21.528 s) : 21528000, 21528000
.   : milestone, 21528000,
iast (24.021 s) : 24021000, 24021000
.   : milestone, 24021000,
iast_GLOBAL (25.513 s) : 25513000, 25513000
.   : milestone, 25513000,
profiling (20.668 s) : 20668000, 20668000
.   : milestone, 20668000,
tracing (20.949 s) : 20949000, 20949000
.   : milestone, 20949000,
section candidate
no_agent (20.46 s) : 20460000, 20460000
.   : milestone, 20460000,
appsec (20.777 s) : 20777000, 20777000
.   : milestone, 20777000,
iast (24.788 s) : 24788000, 24788000
.   : milestone, 24788000,
iast_GLOBAL (25.468 s) : 25468000, 25468000
.   : milestone, 25468000,
profiling (21.84 s) : 21840000, 21840000
.   : milestone, 21840000,
tracing (20.94 s) : 20940000, 20940000
.   : milestone, 20940000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 20.649 s [20.649 s, 20.649 s] -
appsec 21.528 s [21.528 s, 21.528 s] 879.0 ms (4.3%)
iast 24.021 s [24.021 s, 24.021 s] 3.372 s (16.3%)
iast_GLOBAL 25.513 s [25.513 s, 25.513 s] 4.864 s (23.6%)
profiling 20.668 s [20.668 s, 20.668 s] 19.0 ms (0.1%)
tracing 20.949 s [20.949 s, 20.949 s] 300.0 ms (1.5%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 20.46 s [20.46 s, 20.46 s] -
appsec 20.777 s [20.777 s, 20.777 s] 317.0 ms (1.5%)
iast 24.788 s [24.788 s, 24.788 s] 4.328 s (21.2%)
iast_GLOBAL 25.468 s [25.468 s, 25.468 s] 5.008 s (24.5%)
profiling 21.84 s [21.84 s, 21.84 s] 1.38 s (6.7%)
tracing 20.94 s [20.94 s, 20.94 s] 480.0 ms (2.3%)
Execution time for tomcat
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.42.0-SNAPSHOT~b3d6675e1f, baseline=1.42.0-SNAPSHOT~104a441d0a
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.55 ms) : 1537, 1563
.   : milestone, 1550,
appsec (2.865 ms) : 2794, 2936
.   : milestone, 2865,
iast (2.516 ms) : 2427, 2605
.   : milestone, 2516,
iast_GLOBAL (2.584 ms) : 2493, 2675
.   : milestone, 2584,
profiling (2.332 ms) : 2256, 2407
.   : milestone, 2332,
tracing (2.315 ms) : 2244, 2387
.   : milestone, 2315,
section candidate
no_agent (1.545 ms) : 1532, 1558
.   : milestone, 1545,
appsec (2.894 ms) : 2822, 2967
.   : milestone, 2894,
iast (2.523 ms) : 2433, 2612
.   : milestone, 2523,
iast_GLOBAL (2.577 ms) : 2487, 2667
.   : milestone, 2577,
profiling (2.351 ms) : 2275, 2427
.   : milestone, 2351,
tracing (2.311 ms) : 2239, 2382
.   : milestone, 2311,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.55 ms [1.537 ms, 1.563 ms] -
appsec 2.865 ms [2.794 ms, 2.936 ms] 1.315 ms (84.8%)
iast 2.516 ms [2.427 ms, 2.605 ms] 966.069 µs (62.3%)
iast_GLOBAL 2.584 ms [2.493 ms, 2.675 ms] 1.034 ms (66.7%)
profiling 2.332 ms [2.256 ms, 2.407 ms] 781.476 µs (50.4%)
tracing 2.315 ms [2.244 ms, 2.387 ms] 765.19 µs (49.4%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.545 ms [1.532 ms, 1.558 ms] -
appsec 2.894 ms [2.822 ms, 2.967 ms] 1.349 ms (87.3%)
iast 2.523 ms [2.433 ms, 2.612 ms] 977.391 µs (63.3%)
iast_GLOBAL 2.577 ms [2.487 ms, 2.667 ms] 1.032 ms (66.8%)
profiling 2.351 ms [2.275 ms, 2.427 ms] 805.654 µs (52.1%)
tracing 2.311 ms [2.239 ms, 2.382 ms] 765.519 µs (49.5%)

@smola smola changed the title Limit the visiting of objects for TBV Limit the visiting of objects for Trust Boundary Violation Oct 31, 2024
Copy link
Member

@jandro996 jandro996 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@manuel-alvarez-alvarez manuel-alvarez-alvarez merged commit 136e6f4 into master Oct 31, 2024
99 of 100 checks passed
@manuel-alvarez-alvarez manuel-alvarez-alvarez deleted the malvarez/iast-limit-tbv-visitor branch October 31, 2024 13:39
@github-actions github-actions bot added this to the 1.42.0 milestone Oct 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
comp: asm iast Application Security Management (IAST)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants