-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exclude okio from vulnerability locations #7937
Conversation
Hi! 👋 Thanks for your pull request! 🎉 To help us review it, please make sure to:
If you need help, please check our contributing guidelines. |
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 54 metrics, 9 unstable metrics. Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.43.0-SNAPSHOT~04ac849498, baseline=1.43.0-SNAPSHOT~cb6a6fcd72
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.082 s) : 0, 1081735
Total [baseline] (10.311 s) : 0, 10311456
Agent [candidate] (1.079 s) : 0, 1079044
Total [candidate] (10.397 s) : 0, 10396795
section appsec
Agent [baseline] (1.219 s) : 0, 1218786
Total [baseline] (10.641 s) : 0, 10640696
Agent [candidate] (1.214 s) : 0, 1213824
Total [candidate] (10.568 s) : 0, 10567895
section iast
Agent [baseline] (1.201 s) : 0, 1200711
Total [baseline] (10.936 s) : 0, 10935528
Agent [candidate] (1.214 s) : 0, 1214156
Total [candidate] (10.877 s) : 0, 10877068
section profiling
Agent [baseline] (1.276 s) : 0, 1275921
Total [baseline] (10.719 s) : 0, 10719480
Agent [candidate] (1.282 s) : 0, 1282137
Total [candidate] (10.664 s) : 0, 10663800
gantt
title petclinic - break down per module: candidate=1.43.0-SNAPSHOT~04ac849498, baseline=1.43.0-SNAPSHOT~cb6a6fcd72
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (686.962 ms) : 0, 686962
BytebuddyAgent [candidate] (686.005 ms) : 0, 686005
GlobalTracer [baseline] (314.528 ms) : 0, 314528
GlobalTracer [candidate] (314.268 ms) : 0, 314268
AppSec [baseline] (54.151 ms) : 0, 54151
AppSec [candidate] (53.946 ms) : 0, 53946
Remote Config [baseline] (676.181 µs) : 0, 676
Remote Config [candidate] (673.306 µs) : 0, 673
Telemetry [baseline] (11.831 ms) : 0, 11831
Telemetry [candidate] (10.542 ms) : 0, 10542
section appsec
BytebuddyAgent [baseline] (706.796 ms) : 0, 706796
BytebuddyAgent [candidate] (704.882 ms) : 0, 704882
GlobalTracer [baseline] (313.585 ms) : 0, 313585
GlobalTracer [candidate] (312.243 ms) : 0, 312243
AppSec [baseline] (166.686 ms) : 0, 166686
AppSec [candidate] (165.332 ms) : 0, 165332
Remote Config [baseline] (634.548 µs) : 0, 635
Remote Config [candidate] (636.368 µs) : 0, 636
Telemetry [baseline] (7.715 ms) : 0, 7715
Telemetry [candidate] (7.773 ms) : 0, 7773
IAST [baseline] (19.416 ms) : 0, 19416
IAST [candidate] (18.605 ms) : 0, 18605
section iast
BytebuddyAgent [baseline] (799.044 ms) : 0, 799044
BytebuddyAgent [candidate] (808.704 ms) : 0, 808704
GlobalTracer [baseline] (302.153 ms) : 0, 302153
GlobalTracer [candidate] (305.312 ms) : 0, 305312
AppSec [baseline] (56.35 ms) : 0, 56350
AppSec [candidate] (56.113 ms) : 0, 56113
Remote Config [baseline] (608.986 µs) : 0, 609
Remote Config [candidate] (625.658 µs) : 0, 626
Telemetry [baseline] (7.448 ms) : 0, 7448
Telemetry [candidate] (7.441 ms) : 0, 7441
IAST [baseline] (21.564 ms) : 0, 21564
IAST [candidate] (22.217 ms) : 0, 22217
section profiling
ProfilingAgent [baseline] (91.537 ms) : 0, 91537
ProfilingAgent [candidate] (91.624 ms) : 0, 91624
BytebuddyAgent [baseline] (679.998 ms) : 0, 679998
BytebuddyAgent [candidate] (683.941 ms) : 0, 683941
GlobalTracer [baseline] (397.754 ms) : 0, 397754
GlobalTracer [candidate] (399.637 ms) : 0, 399637
AppSec [baseline] (54.576 ms) : 0, 54576
AppSec [candidate] (54.768 ms) : 0, 54768
Remote Config [baseline] (656.642 µs) : 0, 657
Remote Config [candidate] (661.521 µs) : 0, 662
Telemetry [baseline] (12.578 ms) : 0, 12578
Telemetry [candidate] (12.529 ms) : 0, 12529
Profiling [baseline] (91.56 ms) : 0, 91560
Profiling [candidate] (91.648 ms) : 0, 91648
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.43.0-SNAPSHOT~04ac849498, baseline=1.43.0-SNAPSHOT~cb6a6fcd72
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.096 s) : 0, 1095516
Total [baseline] (8.589 s) : 0, 8588769
Agent [candidate] (1.09 s) : 0, 1089552
Total [candidate] (8.591 s) : 0, 8591031
section iast
Agent [baseline] (1.202 s) : 0, 1202251
Total [baseline] (9.107 s) : 0, 9106687
Agent [candidate] (1.216 s) : 0, 1216362
Total [candidate] (9.198 s) : 0, 9197952
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.209 s) : 0, 1208627
Total [baseline] (9.125 s) : 0, 9124581
Agent [candidate] (1.205 s) : 0, 1204846
Total [candidate] (9.066 s) : 0, 9066192
section iast_TELEMETRY_OFF
Agent [baseline] (1.2 s) : 0, 1200244
Total [baseline] (9.076 s) : 0, 9076313
Agent [candidate] (1.204 s) : 0, 1204335
Total [candidate] (9.096 s) : 0, 9095618
gantt
title insecure-bank - break down per module: candidate=1.43.0-SNAPSHOT~04ac849498, baseline=1.43.0-SNAPSHOT~cb6a6fcd72
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (699.145 ms) : 0, 699145
BytebuddyAgent [candidate] (692.556 ms) : 0, 692556
GlobalTracer [baseline] (317.821 ms) : 0, 317821
GlobalTracer [candidate] (316.248 ms) : 0, 316248
AppSec [baseline] (54.703 ms) : 0, 54703
AppSec [candidate] (54.311 ms) : 0, 54311
Remote Config [baseline] (683.49 µs) : 0, 683
Remote Config [candidate] (681.514 µs) : 0, 682
Telemetry [baseline] (9.265 ms) : 0, 9265
Telemetry [candidate] (12.022 ms) : 0, 12022
section iast
BytebuddyAgent [baseline] (800.098 ms) : 0, 800098
BytebuddyAgent [candidate] (808.913 ms) : 0, 808913
GlobalTracer [baseline] (302.959 ms) : 0, 302959
GlobalTracer [candidate] (306.698 ms) : 0, 306698
AppSec [baseline] (55.474 ms) : 0, 55474
AppSec [candidate] (56.425 ms) : 0, 56425
Remote Config [baseline] (619.685 µs) : 0, 620
Remote Config [candidate] (616.668 µs) : 0, 617
Telemetry [baseline] (7.373 ms) : 0, 7373
Telemetry [candidate] (7.471 ms) : 0, 7471
IAST [baseline] (22.088 ms) : 0, 22088
IAST [candidate] (22.461 ms) : 0, 22461
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (805.909 ms) : 0, 805909
BytebuddyAgent [candidate] (801.319 ms) : 0, 801319
GlobalTracer [baseline] (302.898 ms) : 0, 302898
GlobalTracer [candidate] (303.514 ms) : 0, 303514
AppSec [baseline] (56.449 ms) : 0, 56449
AppSec [candidate] (56.839 ms) : 0, 56839
Remote Config [baseline] (608.229 µs) : 0, 608
Remote Config [candidate] (605.427 µs) : 0, 605
Telemetry [baseline] (7.532 ms) : 0, 7532
Telemetry [candidate] (7.514 ms) : 0, 7514
IAST [baseline] (21.547 ms) : 0, 21547
IAST [candidate] (21.354 ms) : 0, 21354
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (798.196 ms) : 0, 798196
BytebuddyAgent [candidate] (799.962 ms) : 0, 799962
GlobalTracer [baseline] (302.794 ms) : 0, 302794
GlobalTracer [candidate] (304.642 ms) : 0, 304642
AppSec [baseline] (56.972 ms) : 0, 56972
AppSec [candidate] (57.187 ms) : 0, 57187
Remote Config [baseline] (581.705 µs) : 0, 582
Remote Config [candidate] (586.299 µs) : 0, 586
Telemetry [baseline] (7.289 ms) : 0, 7289
Telemetry [candidate] (7.336 ms) : 0, 7336
IAST [baseline] (20.804 ms) : 0, 20804
IAST [candidate] (20.948 ms) : 0, 20948
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 16 unstable metrics. Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~04ac849498, baseline=1.43.0-SNAPSHOT~cb6a6fcd72
dateFormat X
axisFormat %s
section baseline
no_agent (1.345 ms) : 1326, 1364
. : milestone, 1345,
appsec (1.741 ms) : 1717, 1766
. : milestone, 1741,
appsec_no_iast (1.74 ms) : 1715, 1764
. : milestone, 1740,
iast (1.473 ms) : 1450, 1496
. : milestone, 1473,
profiling (1.497 ms) : 1474, 1519
. : milestone, 1497,
tracing (1.467 ms) : 1442, 1492
. : milestone, 1467,
section candidate
no_agent (1.348 ms) : 1329, 1367
. : milestone, 1348,
appsec (1.736 ms) : 1712, 1760
. : milestone, 1736,
appsec_no_iast (1.758 ms) : 1735, 1782
. : milestone, 1758,
iast (1.483 ms) : 1461, 1505
. : milestone, 1483,
profiling (1.493 ms) : 1470, 1516
. : milestone, 1493,
tracing (1.484 ms) : 1460, 1509
. : milestone, 1484,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~04ac849498, baseline=1.43.0-SNAPSHOT~cb6a6fcd72
dateFormat X
axisFormat %s
section baseline
no_agent (373.311 µs) : 353, 394
. : milestone, 373,
iast (496.917 µs) : 475, 519
. : milestone, 497,
iast_FULL (648.231 µs) : 627, 670
. : milestone, 648,
iast_GLOBAL (531.824 µs) : 510, 554
. : milestone, 532,
iast_HARDCODED_SECRET_DISABLED (494.899 µs) : 474, 516
. : milestone, 495,
iast_INACTIVE (449.431 µs) : 429, 470
. : milestone, 449,
iast_TELEMETRY_OFF (476.94 µs) : 456, 498
. : milestone, 477,
tracing (453.445 µs) : 430, 477
. : milestone, 453,
section candidate
no_agent (379.692 µs) : 360, 399
. : milestone, 380,
iast (487.607 µs) : 466, 509
. : milestone, 488,
iast_FULL (650.113 µs) : 629, 672
. : milestone, 650,
iast_GLOBAL (517.663 µs) : 497, 539
. : milestone, 518,
iast_HARDCODED_SECRET_DISABLED (490.699 µs) : 469, 512
. : milestone, 491,
iast_INACTIVE (453.974 µs) : 433, 475
. : milestone, 454,
iast_TELEMETRY_OFF (485.123 µs) : 464, 506
. : milestone, 485,
tracing (448.185 µs) : 427, 469
. : milestone, 448,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~04ac849498, baseline=1.43.0-SNAPSHOT~cb6a6fcd72
dateFormat X
axisFormat %s
section baseline
no_agent (15.563 s) : 15563000, 15563000
. : milestone, 15563000,
appsec (15.303 s) : 15303000, 15303000
. : milestone, 15303000,
iast (18.829 s) : 18829000, 18829000
. : milestone, 18829000,
iast_GLOBAL (18.203 s) : 18203000, 18203000
. : milestone, 18203000,
profiling (15.673 s) : 15673000, 15673000
. : milestone, 15673000,
tracing (15.169 s) : 15169000, 15169000
. : milestone, 15169000,
section candidate
no_agent (15.237 s) : 15237000, 15237000
. : milestone, 15237000,
appsec (15.123 s) : 15123000, 15123000
. : milestone, 15123000,
iast (18.859 s) : 18859000, 18859000
. : milestone, 18859000,
iast_GLOBAL (18.287 s) : 18287000, 18287000
. : milestone, 18287000,
profiling (15.049 s) : 15049000, 15049000
. : milestone, 15049000,
tracing (14.9 s) : 14900000, 14900000
. : milestone, 14900000,
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~04ac849498, baseline=1.43.0-SNAPSHOT~cb6a6fcd72
dateFormat X
axisFormat %s
section baseline
no_agent (1.47 ms) : 1458, 1481
. : milestone, 1470,
appsec (2.314 ms) : 2273, 2354
. : milestone, 2314,
iast (2.07 ms) : 2018, 2123
. : milestone, 2070,
iast_GLOBAL (2.112 ms) : 2060, 2164
. : milestone, 2112,
profiling (1.944 ms) : 1902, 1986
. : milestone, 1944,
tracing (1.914 ms) : 1875, 1954
. : milestone, 1914,
section candidate
no_agent (1.468 ms) : 1456, 1479
. : milestone, 1468,
appsec (2.343 ms) : 2301, 2384
. : milestone, 2343,
iast (2.076 ms) : 2023, 2128
. : milestone, 2076,
iast_GLOBAL (2.111 ms) : 2060, 2163
. : milestone, 2111,
profiling (1.942 ms) : 1901, 1983
. : milestone, 1942,
tracing (1.909 ms) : 1869, 1948
. : milestone, 1909,
|
What Does This Do
Exclude
okio.*
from vunerability locationsMotivation
Avoid
okio.*
as vulnerability location (e.g. weak hash being reported at okio itself when usingokio.ByteString#digest
. The vulnerabilities will still be reported, but with the caller code as location.Additional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issue[ ] Update the public documentation in case of new configuration flag or behaviorJira ticket: APPSEC-55765