Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expand SSRF support in IAST to java.net.http.HttpClient #7877

Merged
merged 8 commits into from
Nov 6, 2024

Conversation

Mariovido
Copy link
Contributor

@Mariovido Mariovido commented Nov 4, 2024

What Does This Do

Add support for the java-net client library to detect SSRF. This is done by detecting the vulnerability using the HttpClientDecorator.

The new java.net.http.HttpClient methods that will be supported are:

  • send(HttpRequest, HttpResponse.BodyHandler<T>)
  • sendAsync(HttpRequest, HttpResponse.BodyHandler<T>)
  • sendAsync(HttpRequest, HttpResponse.BodyHandler<T>, HttpResponse.PushPromiseHandler<T>)

Motivation

With this change we want to expand the support for SSRF in the different clients supported by the HttpClientDecorator.

Additional Notes

Apart from detecting the vulnerability, a new smoke-test, which uses Java 11, has been created.

Contributor Checklist

Jira ticket: APPSEC-55633

@Mariovido Mariovido added the comp: asm iast Application Security Management (IAST) label Nov 4, 2024
@pr-commenter
Copy link

pr-commenter bot commented Nov 4, 2024

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master mario.vidal/expand_support_ssrf_java_net
git_commit_date 1730797550 1730799132
git_commit_sha 318e5c8 b92685d
release_version 1.43.0-SNAPSHOT~318e5c8bcf 1.42.0-SNAPSHOT~b92685dc0b
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1730801589 1730801589
ci_job_id 695246671 695246671
ci_pipeline_id 48231110 48231110
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 55 metrics, 8 unstable metrics.

Startup time reports for petclinic
gantt
    title petclinic - global startup overhead: candidate=1.42.0-SNAPSHOT~b92685dc0b, baseline=1.43.0-SNAPSHOT~318e5c8bcf

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.09 s) : 0, 1089825
Total [baseline] (10.416 s) : 0, 10416185
Agent [candidate] (1.084 s) : 0, 1083599
Total [candidate] (10.486 s) : 0, 10485936
section appsec
Agent [baseline] (1.224 s) : 0, 1224225
Total [baseline] (10.803 s) : 0, 10803064
Agent [candidate] (1.217 s) : 0, 1217201
Total [candidate] (10.715 s) : 0, 10715041
section iast
Agent [baseline] (1.223 s) : 0, 1222538
Total [baseline] (10.987 s) : 0, 10986600
Agent [candidate] (1.21 s) : 0, 1210487
Total [candidate] (11.043 s) : 0, 11042539
section profiling
Agent [baseline] (1.293 s) : 0, 1293111
Total [baseline] (10.831 s) : 0, 10831379
Agent [candidate] (1.28 s) : 0, 1279727
Total [candidate] (10.78 s) : 0, 10779879
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.09 s -
Agent appsec 1.224 s 134.4 ms (12.3%)
Agent iast 1.223 s 132.712 ms (12.2%)
Agent profiling 1.293 s 203.286 ms (18.7%)
Total tracing 10.416 s -
Total appsec 10.803 s 386.879 ms (3.7%)
Total iast 10.987 s 570.414 ms (5.5%)
Total profiling 10.831 s 415.194 ms (4.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.084 s -
Agent appsec 1.217 s 133.602 ms (12.3%)
Agent iast 1.21 s 126.888 ms (11.7%)
Agent profiling 1.28 s 196.128 ms (18.1%)
Total tracing 10.486 s -
Total appsec 10.715 s 229.105 ms (2.2%)
Total iast 11.043 s 556.603 ms (5.3%)
Total profiling 10.78 s 293.943 ms (2.8%)
gantt
    title petclinic - break down per module: candidate=1.42.0-SNAPSHOT~b92685dc0b, baseline=1.43.0-SNAPSHOT~318e5c8bcf

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (691.005 ms) : 0, 691005
BytebuddyAgent [candidate] (689.058 ms) : 0, 689058
GlobalTracer [baseline] (318.691 ms) : 0, 318691
GlobalTracer [candidate] (316.799 ms) : 0, 316799
AppSec [baseline] (54.84 ms) : 0, 54840
AppSec [candidate] (54.133 ms) : 0, 54133
Remote Config [baseline] (668.719 µs) : 0, 669
Remote Config [candidate] (673.397 µs) : 0, 673
Telemetry [baseline] (10.795 ms) : 0, 10795
Telemetry [candidate] (9.117 ms) : 0, 9117
section appsec
BytebuddyAgent [baseline] (709.863 ms) : 0, 709863
BytebuddyAgent [candidate] (705.134 ms) : 0, 705134
GlobalTracer [baseline] (315.821 ms) : 0, 315821
GlobalTracer [candidate] (313.487 ms) : 0, 313487
AppSec [baseline] (165.881 ms) : 0, 165881
AppSec [candidate] (166.04 ms) : 0, 166040
Remote Config [baseline] (645.72 µs) : 0, 646
Remote Config [candidate] (640.6 µs) : 0, 641
Telemetry [baseline] (8.5 ms) : 0, 8500
Telemetry [candidate] (8.069 ms) : 0, 8069
IAST [baseline] (19.417 ms) : 0, 19417
IAST [candidate] (20.068 ms) : 0, 20068
section iast
BytebuddyAgent [baseline] (811.296 ms) : 0, 811296
BytebuddyAgent [candidate] (804.646 ms) : 0, 804646
GlobalTracer [baseline] (310.097 ms) : 0, 310097
GlobalTracer [candidate] (305.984 ms) : 0, 305984
AppSec [baseline] (55.694 ms) : 0, 55694
AppSec [candidate] (56.792 ms) : 0, 56792
Remote Config [baseline] (626.68 µs) : 0, 627
Remote Config [candidate] (605.777 µs) : 0, 606
Telemetry [baseline] (7.568 ms) : 0, 7568
Telemetry [candidate] (7.439 ms) : 0, 7439
IAST [baseline] (23.39 ms) : 0, 23390
IAST [candidate] (21.126 ms) : 0, 21126
section profiling
ProfilingAgent [baseline] (94.083 ms) : 0, 94083
ProfilingAgent [candidate] (90.6 ms) : 0, 90600
BytebuddyAgent [baseline] (688.262 ms) : 0, 688262
BytebuddyAgent [candidate] (681.584 ms) : 0, 681584
GlobalTracer [baseline] (403.147 ms) : 0, 403147
GlobalTracer [candidate] (399.703 ms) : 0, 399703
AppSec [baseline] (55.125 ms) : 0, 55125
AppSec [candidate] (54.713 ms) : 0, 54713
Remote Config [baseline] (686.846 µs) : 0, 687
Remote Config [candidate] (682.495 µs) : 0, 682
Telemetry [baseline] (12.369 ms) : 0, 12369
Telemetry [candidate] (13.53 ms) : 0, 13530
Profiling [baseline] (94.107 ms) : 0, 94107
Profiling [candidate] (90.623 ms) : 0, 90623
Loading
Startup time reports for insecure-bank
gantt
    title insecure-bank - global startup overhead: candidate=1.42.0-SNAPSHOT~b92685dc0b, baseline=1.43.0-SNAPSHOT~318e5c8bcf

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.087 s) : 0, 1087201
Total [baseline] (8.625 s) : 0, 8624983
Agent [candidate] (1.081 s) : 0, 1081152
Total [candidate] (8.604 s) : 0, 8604248
section iast
Agent [baseline] (1.209 s) : 0, 1209210
Total [baseline] (9.151 s) : 0, 9151499
Agent [candidate] (1.211 s) : 0, 1210679
Total [candidate] (9.19 s) : 0, 9189690
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.215 s) : 0, 1215270
Total [baseline] (9.18 s) : 0, 9180452
Agent [candidate] (1.217 s) : 0, 1217205
Total [candidate] (9.184 s) : 0, 9184288
section iast_TELEMETRY_OFF
Agent [baseline] (1.208 s) : 0, 1207796
Total [baseline] (9.168 s) : 0, 9167510
Agent [candidate] (1.207 s) : 0, 1207240
Total [candidate] (9.148 s) : 0, 9148181
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.087 s -
Agent iast 1.209 s 122.009 ms (11.2%)
Agent iast_HARDCODED_SECRET_DISABLED 1.215 s 128.069 ms (11.8%)
Agent iast_TELEMETRY_OFF 1.208 s 120.595 ms (11.1%)
Total tracing 8.625 s -
Total iast 9.151 s 526.515 ms (6.1%)
Total iast_HARDCODED_SECRET_DISABLED 9.18 s 555.469 ms (6.4%)
Total iast_TELEMETRY_OFF 9.168 s 542.527 ms (6.3%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.081 s -
Agent iast 1.211 s 129.527 ms (12.0%)
Agent iast_HARDCODED_SECRET_DISABLED 1.217 s 136.053 ms (12.6%)
Agent iast_TELEMETRY_OFF 1.207 s 126.088 ms (11.7%)
Total tracing 8.604 s -
Total iast 9.19 s 585.442 ms (6.8%)
Total iast_HARDCODED_SECRET_DISABLED 9.184 s 580.04 ms (6.7%)
Total iast_TELEMETRY_OFF 9.148 s 543.932 ms (6.3%)
gantt
    title insecure-bank - break down per module: candidate=1.42.0-SNAPSHOT~b92685dc0b, baseline=1.43.0-SNAPSHOT~318e5c8bcf

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (690.991 ms) : 0, 690991
BytebuddyAgent [candidate] (686.984 ms) : 0, 686984
GlobalTracer [baseline] (317.926 ms) : 0, 317926
GlobalTracer [candidate] (316.274 ms) : 0, 316274
AppSec [baseline] (54.462 ms) : 0, 54462
AppSec [candidate] (54.298 ms) : 0, 54298
Remote Config [baseline] (670.441 µs) : 0, 670
Remote Config [candidate] (662.479 µs) : 0, 662
Telemetry [baseline] (9.329 ms) : 0, 9329
Telemetry [candidate] (9.132 ms) : 0, 9132
section iast
BytebuddyAgent [baseline] (803.569 ms) : 0, 803569
BytebuddyAgent [candidate] (804.898 ms) : 0, 804898
GlobalTracer [baseline] (305.733 ms) : 0, 305733
GlobalTracer [candidate] (305.565 ms) : 0, 305565
AppSec [baseline] (56.107 ms) : 0, 56107
AppSec [candidate] (57.648 ms) : 0, 57648
Remote Config [baseline] (617.129 µs) : 0, 617
Remote Config [candidate] (609.502 µs) : 0, 610
Telemetry [baseline] (7.409 ms) : 0, 7409
Telemetry [candidate] (7.496 ms) : 0, 7496
IAST [baseline] (21.979 ms) : 0, 21979
IAST [candidate] (20.59 ms) : 0, 20590
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (805.946 ms) : 0, 805946
BytebuddyAgent [candidate] (809.059 ms) : 0, 809059
GlobalTracer [baseline] (308.431 ms) : 0, 308431
GlobalTracer [candidate] (307.55 ms) : 0, 307550
AppSec [baseline] (57.292 ms) : 0, 57292
AppSec [candidate] (57.092 ms) : 0, 57092
Remote Config [baseline] (625.365 µs) : 0, 625
Remote Config [candidate] (625.132 µs) : 0, 625
Telemetry [baseline] (7.58 ms) : 0, 7580
Telemetry [candidate] (7.463 ms) : 0, 7463
IAST [baseline] (21.582 ms) : 0, 21582
IAST [candidate] (21.496 ms) : 0, 21496
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (801.333 ms) : 0, 801333
BytebuddyAgent [candidate] (801.57 ms) : 0, 801570
GlobalTracer [baseline] (306.772 ms) : 0, 306772
GlobalTracer [candidate] (305.551 ms) : 0, 305551
AppSec [baseline] (57.666 ms) : 0, 57666
AppSec [candidate] (57.846 ms) : 0, 57846
Remote Config [baseline] (616.203 µs) : 0, 616
Remote Config [candidate] (620.896 µs) : 0, 621
Telemetry [baseline] (7.415 ms) : 0, 7415
Telemetry [candidate] (7.442 ms) : 0, 7442
IAST [baseline] (20.222 ms) : 0, 20222
IAST [candidate] (20.361 ms) : 0, 20361
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-11-05T09:43:18 2024-11-05T09:50:14
git_branch master mario.vidal/expand_support_ssrf_java_net
git_commit_date 1730797550 1730799132
git_commit_sha 318e5c8 b92685d
release_version 1.43.0-SNAPSHOT~318e5c8bcf 1.42.0-SNAPSHOT~b92685dc0b
start_time 2024-11-05T09:43:05 2024-11-05T09:50:00
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1730800563 1730800563
ci_job_id 695246672 695246672
ci_pipeline_id 48231110 48231110
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics.

Request duration reports for petclinic
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.42.0-SNAPSHOT~b92685dc0b, baseline=1.43.0-SNAPSHOT~318e5c8bcf
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.363 ms) : 1345, 1381
.   : milestone, 1363,
appsec (1.734 ms) : 1710, 1759
.   : milestone, 1734,
appsec_no_iast (1.729 ms) : 1704, 1754
.   : milestone, 1729,
iast (1.49 ms) : 1467, 1512
.   : milestone, 1490,
profiling (1.496 ms) : 1471, 1521
.   : milestone, 1496,
tracing (1.481 ms) : 1457, 1506
.   : milestone, 1481,
section candidate
no_agent (1.333 ms) : 1313, 1352
.   : milestone, 1333,
appsec (1.716 ms) : 1692, 1739
.   : milestone, 1716,
appsec_no_iast (1.723 ms) : 1699, 1746
.   : milestone, 1723,
iast (1.482 ms) : 1459, 1504
.   : milestone, 1482,
profiling (1.515 ms) : 1491, 1540
.   : milestone, 1515,
tracing (1.479 ms) : 1455, 1503
.   : milestone, 1479,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.363 ms [1.345 ms, 1.381 ms] -
appsec 1.734 ms [1.71 ms, 1.759 ms] 371.193 µs (27.2%)
appsec_no_iast 1.729 ms [1.704 ms, 1.754 ms] 365.701 µs (26.8%)
iast 1.49 ms [1.467 ms, 1.512 ms] 126.556 µs (9.3%)
profiling 1.496 ms [1.471 ms, 1.521 ms] 133.065 µs (9.8%)
tracing 1.481 ms [1.457 ms, 1.506 ms] 118.185 µs (8.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.333 ms [1.313 ms, 1.352 ms] -
appsec 1.716 ms [1.692 ms, 1.739 ms] 383.322 µs (28.8%)
appsec_no_iast 1.723 ms [1.699 ms, 1.746 ms] 390.27 µs (29.3%)
iast 1.482 ms [1.459 ms, 1.504 ms] 149.172 µs (11.2%)
profiling 1.515 ms [1.491 ms, 1.54 ms] 182.827 µs (13.7%)
tracing 1.479 ms [1.455 ms, 1.503 ms] 146.691 µs (11.0%)
Request duration reports for insecure-bank
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.42.0-SNAPSHOT~b92685dc0b, baseline=1.43.0-SNAPSHOT~318e5c8bcf
    dateFormat X
    axisFormat %s
section baseline
no_agent (373.54 µs) : 354, 393
.   : milestone, 374,
iast (492.671 µs) : 471, 514
.   : milestone, 493,
iast_FULL (648.661 µs) : 627, 670
.   : milestone, 649,
iast_GLOBAL (520.965 µs) : 499, 543
.   : milestone, 521,
iast_HARDCODED_SECRET_DISABLED (487.687 µs) : 467, 509
.   : milestone, 488,
iast_INACTIVE (455.429 µs) : 434, 477
.   : milestone, 455,
iast_TELEMETRY_OFF (476.582 µs) : 455, 498
.   : milestone, 477,
tracing (448.183 µs) : 427, 469
.   : milestone, 448,
section candidate
no_agent (372.764 µs) : 353, 393
.   : milestone, 373,
iast (491.304 µs) : 470, 513
.   : milestone, 491,
iast_FULL (651.095 µs) : 630, 672
.   : milestone, 651,
iast_GLOBAL (518.041 µs) : 496, 540
.   : milestone, 518,
iast_HARDCODED_SECRET_DISABLED (492.706 µs) : 471, 514
.   : milestone, 493,
iast_INACTIVE (453.182 µs) : 431, 475
.   : milestone, 453,
iast_TELEMETRY_OFF (472.591 µs) : 452, 494
.   : milestone, 473,
tracing (452.54 µs) : 431, 474
.   : milestone, 453,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 373.54 µs [353.946 µs, 393.134 µs] -
iast 492.671 µs [471.163 µs, 514.179 µs] 119.131 µs (31.9%)
iast_FULL 648.661 µs [627.131 µs, 670.191 µs] 275.121 µs (73.7%)
iast_GLOBAL 520.965 µs [498.64 µs, 543.289 µs] 147.425 µs (39.5%)
iast_HARDCODED_SECRET_DISABLED 487.687 µs [466.594 µs, 508.78 µs] 114.147 µs (30.6%)
iast_INACTIVE 455.429 µs [434.021 µs, 476.837 µs] 81.889 µs (21.9%)
iast_TELEMETRY_OFF 476.582 µs [455.167 µs, 497.997 µs] 103.042 µs (27.6%)
tracing 448.183 µs [427.401 µs, 468.965 µs] 74.643 µs (20.0%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 372.764 µs [352.877 µs, 392.651 µs] -
iast 491.304 µs [469.795 µs, 512.813 µs] 118.541 µs (31.8%)
iast_FULL 651.095 µs [629.713 µs, 672.477 µs] 278.332 µs (74.7%)
iast_GLOBAL 518.041 µs [495.843 µs, 540.239 µs] 145.277 µs (39.0%)
iast_HARDCODED_SECRET_DISABLED 492.706 µs [471.412 µs, 514.0 µs] 119.942 µs (32.2%)
iast_INACTIVE 453.182 µs [431.358 µs, 475.007 µs] 80.418 µs (21.6%)
iast_TELEMETRY_OFF 472.591 µs [451.599 µs, 493.583 µs] 99.827 µs (26.8%)
tracing 452.54 µs [431.067 µs, 474.014 µs] 79.777 µs (21.4%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master mario.vidal/expand_support_ssrf_java_net
git_commit_date 1730797550 1730799132
git_commit_sha 318e5c8 b92685d
release_version 1.43.0-SNAPSHOT~318e5c8bcf 1.42.0-SNAPSHOT~b92685dc0b
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1730801083 1730801083
ci_job_id 695246673 695246673
ci_pipeline_id 48231110 48231110
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava
gantt
    title biojava - execution time [CI 0.99] : candidate=1.42.0-SNAPSHOT~b92685dc0b, baseline=1.43.0-SNAPSHOT~318e5c8bcf
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.388 s) : 15388000, 15388000
.   : milestone, 15388000,
appsec (15.021 s) : 15021000, 15021000
.   : milestone, 15021000,
iast (18.411 s) : 18411000, 18411000
.   : milestone, 18411000,
iast_GLOBAL (17.872 s) : 17872000, 17872000
.   : milestone, 17872000,
profiling (15.291 s) : 15291000, 15291000
.   : milestone, 15291000,
tracing (15.146 s) : 15146000, 15146000
.   : milestone, 15146000,
section candidate
no_agent (15.075 s) : 15075000, 15075000
.   : milestone, 15075000,
appsec (15.251 s) : 15251000, 15251000
.   : milestone, 15251000,
iast (19.122 s) : 19122000, 19122000
.   : milestone, 19122000,
iast_GLOBAL (18.223 s) : 18223000, 18223000
.   : milestone, 18223000,
profiling (15.316 s) : 15316000, 15316000
.   : milestone, 15316000,
tracing (15.215 s) : 15215000, 15215000
.   : milestone, 15215000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.388 s [15.388 s, 15.388 s] -
appsec 15.021 s [15.021 s, 15.021 s] -367.0 ms (-2.4%)
iast 18.411 s [18.411 s, 18.411 s] 3.023 s (19.6%)
iast_GLOBAL 17.872 s [17.872 s, 17.872 s] 2.484 s (16.1%)
profiling 15.291 s [15.291 s, 15.291 s] -97.0 ms (-0.6%)
tracing 15.146 s [15.146 s, 15.146 s] -242.0 ms (-1.6%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.075 s [15.075 s, 15.075 s] -
appsec 15.251 s [15.251 s, 15.251 s] 176.0 ms (1.2%)
iast 19.122 s [19.122 s, 19.122 s] 4.047 s (26.8%)
iast_GLOBAL 18.223 s [18.223 s, 18.223 s] 3.148 s (20.9%)
profiling 15.316 s [15.316 s, 15.316 s] 241.0 ms (1.6%)
tracing 15.215 s [15.215 s, 15.215 s] 140.0 ms (0.9%)
Execution time for tomcat
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.42.0-SNAPSHOT~b92685dc0b, baseline=1.43.0-SNAPSHOT~318e5c8bcf
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.465 ms) : 1454, 1477
.   : milestone, 1465,
appsec (2.326 ms) : 2285, 2367
.   : milestone, 2326,
iast (2.073 ms) : 2020, 2125
.   : milestone, 2073,
iast_GLOBAL (2.119 ms) : 2067, 2172
.   : milestone, 2119,
profiling (1.923 ms) : 1882, 1964
.   : milestone, 1923,
tracing (1.91 ms) : 1870, 1949
.   : milestone, 1910,
section candidate
no_agent (1.46 ms) : 1449, 1472
.   : milestone, 1460,
appsec (2.323 ms) : 2281, 2364
.   : milestone, 2323,
iast (2.08 ms) : 2027, 2132
.   : milestone, 2080,
iast_GLOBAL (2.103 ms) : 2052, 2155
.   : milestone, 2103,
profiling (1.949 ms) : 1907, 1992
.   : milestone, 1949,
tracing (1.914 ms) : 1874, 1955
.   : milestone, 1914,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.465 ms [1.454 ms, 1.477 ms] -
appsec 2.326 ms [2.285 ms, 2.367 ms] 860.128 µs (58.7%)
iast 2.073 ms [2.02 ms, 2.125 ms] 607.095 µs (41.4%)
iast_GLOBAL 2.119 ms [2.067 ms, 2.172 ms] 654.002 µs (44.6%)
profiling 1.923 ms [1.882 ms, 1.964 ms] 457.612 µs (31.2%)
tracing 1.91 ms [1.87 ms, 1.949 ms] 444.365 µs (30.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.46 ms [1.449 ms, 1.472 ms] -
appsec 2.323 ms [2.281 ms, 2.364 ms] 862.429 µs (59.1%)
iast 2.08 ms [2.027 ms, 2.132 ms] 619.416 µs (42.4%)
iast_GLOBAL 2.103 ms [2.052 ms, 2.155 ms] 643.178 µs (44.1%)
profiling 1.949 ms [1.907 ms, 1.992 ms] 489.227 µs (33.5%)
tracing 1.914 ms [1.874 ms, 1.955 ms] 454.353 µs (31.1%)

@Mariovido Mariovido marked this pull request as ready for review November 4, 2024 13:36
@Mariovido Mariovido requested review from a team as code owners November 4, 2024 13:36
Copy link
Member

@jandro996 jandro996 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Copy link
Contributor

github-actions bot commented Nov 5, 2024

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

@smola smola changed the title Expand SSRF support in IAST to java-net client Expand SSRF support in IAST to java.net.http.HttpClient Nov 5, 2024
@smola smola added type: enhancement inst: java Core Java language instrumentation labels Nov 5, 2024
@DataDog DataDog deleted a comment from github-actions bot Nov 5, 2024
@DataDog DataDog deleted a comment from github-actions bot Nov 5, 2024
@Mariovido Mariovido merged commit 8233fc5 into master Nov 6, 2024
103 of 106 checks passed
@Mariovido Mariovido deleted the mario.vidal/expand_support_ssrf_java_net branch November 6, 2024 09:56
@github-actions github-actions bot added this to the 1.43.0 milestone Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
comp: asm iast Application Security Management (IAST) inst: java Core Java language instrumentation type: enhancement
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants