-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exclude spark web from vulnerability locations #7939
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
smola
added
type: enhancement
comp: asm iast
Application Security Management (IAST)
labels
Nov 12, 2024
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 56 metrics, 7 unstable metrics. Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.43.0-SNAPSHOT~40efae556f, baseline=1.43.0-SNAPSHOT~0ab886489d
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.088 s) : 0, 1087506
Total [baseline] (8.592 s) : 0, 8592009
Agent [candidate] (1.084 s) : 0, 1084208
Total [candidate] (8.58 s) : 0, 8580093
section iast
Agent [baseline] (1.218 s) : 0, 1218289
Total [baseline] (9.185 s) : 0, 9184638
Agent [candidate] (1.209 s) : 0, 1208845
Total [candidate] (9.169 s) : 0, 9169225
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.211 s) : 0, 1211093
Total [baseline] (9.129 s) : 0, 9128669
Agent [candidate] (1.211 s) : 0, 1210588
Total [candidate] (9.144 s) : 0, 9144214
section iast_TELEMETRY_OFF
Agent [baseline] (1.208 s) : 0, 1207838
Total [baseline] (9.176 s) : 0, 9176279
Agent [candidate] (1.206 s) : 0, 1206248
Total [candidate] (9.147 s) : 0, 9147390
gantt
title insecure-bank - break down per module: candidate=1.43.0-SNAPSHOT~40efae556f, baseline=1.43.0-SNAPSHOT~0ab886489d
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (691.41 ms) : 0, 691410
BytebuddyAgent [candidate] (688.019 ms) : 0, 688019
GlobalTracer [baseline] (317.512 ms) : 0, 317512
GlobalTracer [candidate] (316.08 ms) : 0, 316080
AppSec [baseline] (54.681 ms) : 0, 54681
AppSec [candidate] (54.343 ms) : 0, 54343
Remote Config [baseline] (694.674 µs) : 0, 695
Remote Config [candidate] (689.436 µs) : 0, 689
Telemetry [baseline] (9.335 ms) : 0, 9335
Telemetry [candidate] (11.272 ms) : 0, 11272
section iast
BytebuddyAgent [baseline] (810.062 ms) : 0, 810062
BytebuddyAgent [candidate] (803.327 ms) : 0, 803327
GlobalTracer [baseline] (307.703 ms) : 0, 307703
GlobalTracer [candidate] (305.262 ms) : 0, 305262
AppSec [baseline] (57.743 ms) : 0, 57743
AppSec [candidate] (57.79 ms) : 0, 57790
Remote Config [baseline] (622.914 µs) : 0, 623
Remote Config [candidate] (619.07 µs) : 0, 619
Telemetry [baseline] (7.573 ms) : 0, 7573
Telemetry [candidate] (7.468 ms) : 0, 7468
IAST [baseline] (20.665 ms) : 0, 20665
IAST [candidate] (20.578 ms) : 0, 20578
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (804.814 ms) : 0, 804814
BytebuddyAgent [candidate] (803.703 ms) : 0, 803703
GlobalTracer [baseline] (306.136 ms) : 0, 306136
GlobalTracer [candidate] (305.9 ms) : 0, 305900
AppSec [baseline] (57.63 ms) : 0, 57630
AppSec [candidate] (58.204 ms) : 0, 58204
Remote Config [baseline] (606.887 µs) : 0, 607
Remote Config [candidate] (615.076 µs) : 0, 615
Telemetry [baseline] (7.452 ms) : 0, 7452
Telemetry [candidate] (7.597 ms) : 0, 7597
IAST [baseline] (20.64 ms) : 0, 20640
IAST [candidate] (20.756 ms) : 0, 20756
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (801.567 ms) : 0, 801567
BytebuddyAgent [candidate] (800.518 ms) : 0, 800518
GlobalTracer [baseline] (305.369 ms) : 0, 305369
GlobalTracer [candidate] (305.264 ms) : 0, 305264
AppSec [baseline] (57.844 ms) : 0, 57844
AppSec [candidate] (58.315 ms) : 0, 58315
Remote Config [baseline] (608.328 µs) : 0, 608
Remote Config [candidate] (601.729 µs) : 0, 602
Telemetry [baseline] (7.484 ms) : 0, 7484
Telemetry [candidate] (7.464 ms) : 0, 7464
IAST [baseline] (21.171 ms) : 0, 21171
IAST [candidate] (20.29 ms) : 0, 20290
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.43.0-SNAPSHOT~40efae556f, baseline=1.43.0-SNAPSHOT~0ab886489d
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.084 s) : 0, 1084325
Total [baseline] (10.473 s) : 0, 10473297
Agent [candidate] (1.09 s) : 0, 1089873
Total [candidate] (10.425 s) : 0, 10424888
section appsec
Agent [baseline] (1.227 s) : 0, 1226854
Total [baseline] (10.735 s) : 0, 10735259
Agent [candidate] (1.215 s) : 0, 1215244
Total [candidate] (10.692 s) : 0, 10692447
section iast
Agent [baseline] (1.208 s) : 0, 1208286
Total [baseline] (10.947 s) : 0, 10947466
Agent [candidate] (1.209 s) : 0, 1208521
Total [candidate] (10.951 s) : 0, 10951351
section profiling
Agent [baseline] (1.288 s) : 0, 1287502
Total [baseline] (10.837 s) : 0, 10837212
Agent [candidate] (1.284 s) : 0, 1283968
Total [candidate] (10.758 s) : 0, 10758181
gantt
title petclinic - break down per module: candidate=1.43.0-SNAPSHOT~40efae556f, baseline=1.43.0-SNAPSHOT~0ab886489d
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (688.593 ms) : 0, 688593
BytebuddyAgent [candidate] (692.23 ms) : 0, 692230
GlobalTracer [baseline] (316.302 ms) : 0, 316302
GlobalTracer [candidate] (318.496 ms) : 0, 318496
AppSec [baseline] (54.237 ms) : 0, 54237
AppSec [candidate] (54.489 ms) : 0, 54489
Remote Config [baseline] (674.537 µs) : 0, 675
Remote Config [candidate] (677.679 µs) : 0, 678
Telemetry [baseline] (10.763 ms) : 0, 10763
Telemetry [candidate] (10.136 ms) : 0, 10136
section appsec
BytebuddyAgent [baseline] (711.205 ms) : 0, 711205
BytebuddyAgent [candidate] (703.996 ms) : 0, 703996
GlobalTracer [baseline] (316.252 ms) : 0, 316252
GlobalTracer [candidate] (313.43 ms) : 0, 313430
AppSec [baseline] (166.933 ms) : 0, 166933
AppSec [candidate] (166.709 ms) : 0, 166709
Remote Config [baseline] (641.737 µs) : 0, 642
Remote Config [candidate] (637.926 µs) : 0, 638
Telemetry [baseline] (8.159 ms) : 0, 8159
Telemetry [candidate] (7.384 ms) : 0, 7384
IAST [baseline] (19.609 ms) : 0, 19609
IAST [candidate] (18.713 ms) : 0, 18713
section iast
BytebuddyAgent [baseline] (802.974 ms) : 0, 802974
BytebuddyAgent [candidate] (803.133 ms) : 0, 803133
GlobalTracer [baseline] (305.246 ms) : 0, 305246
GlobalTracer [candidate] (305.32 ms) : 0, 305320
AppSec [baseline] (56.846 ms) : 0, 56846
AppSec [candidate] (56.664 ms) : 0, 56664
Remote Config [baseline] (614.019 µs) : 0, 614
Remote Config [candidate] (631.079 µs) : 0, 631
Telemetry [baseline] (7.435 ms) : 0, 7435
Telemetry [candidate] (7.514 ms) : 0, 7514
IAST [baseline] (21.4 ms) : 0, 21400
IAST [candidate] (21.518 ms) : 0, 21518
section profiling
BytebuddyAgent [baseline] (685.309 ms) : 0, 685309
BytebuddyAgent [candidate] (681.856 ms) : 0, 681856
GlobalTracer [baseline] (402.535 ms) : 0, 402535
GlobalTracer [candidate] (402.516 ms) : 0, 402516
AppSec [baseline] (54.906 ms) : 0, 54906
AppSec [candidate] (55.068 ms) : 0, 55068
Remote Config [baseline] (670.018 µs) : 0, 670
Remote Config [candidate] (694.341 µs) : 0, 694
Telemetry [baseline] (12.03 ms) : 0, 12030
Telemetry [candidate] (11.371 ms) : 0, 11371
ProfilingAgent [baseline] (92.73 ms) : 0, 92730
ProfilingAgent [candidate] (93.389 ms) : 0, 93389
Profiling [baseline] (92.754 ms) : 0, 92754
Profiling [candidate] (93.412 ms) : 0, 93412
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 16 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~40efae556f, baseline=1.43.0-SNAPSHOT~0ab886489d
dateFormat X
axisFormat %s
section baseline
no_agent (373.03 µs) : 353, 393
. : milestone, 373,
iast (490.426 µs) : 469, 512
. : milestone, 490,
iast_FULL (648.335 µs) : 627, 670
. : milestone, 648,
iast_GLOBAL (531.756 µs) : 508, 555
. : milestone, 532,
iast_HARDCODED_SECRET_DISABLED (486.699 µs) : 465, 508
. : milestone, 487,
iast_INACTIVE (446.515 µs) : 426, 467
. : milestone, 447,
iast_TELEMETRY_OFF (486.692 µs) : 465, 509
. : milestone, 487,
tracing (450.175 µs) : 429, 471
. : milestone, 450,
section candidate
no_agent (368.109 µs) : 348, 388
. : milestone, 368,
iast (495.047 µs) : 473, 517
. : milestone, 495,
iast_FULL (649.211 µs) : 628, 671
. : milestone, 649,
iast_GLOBAL (514.453 µs) : 493, 536
. : milestone, 514,
iast_HARDCODED_SECRET_DISABLED (487.093 µs) : 466, 508
. : milestone, 487,
iast_INACTIVE (448.01 µs) : 427, 469
. : milestone, 448,
iast_TELEMETRY_OFF (483.571 µs) : 462, 505
. : milestone, 484,
tracing (446.282 µs) : 425, 467
. : milestone, 446,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~40efae556f, baseline=1.43.0-SNAPSHOT~0ab886489d
dateFormat X
axisFormat %s
section baseline
no_agent (1.334 ms) : 1314, 1353
. : milestone, 1334,
appsec (1.75 ms) : 1725, 1774
. : milestone, 1750,
appsec_no_iast (1.748 ms) : 1724, 1772
. : milestone, 1748,
iast (1.488 ms) : 1466, 1510
. : milestone, 1488,
profiling (1.496 ms) : 1473, 1519
. : milestone, 1496,
tracing (1.473 ms) : 1448, 1498
. : milestone, 1473,
section candidate
no_agent (1.341 ms) : 1321, 1360
. : milestone, 1341,
appsec (1.731 ms) : 1707, 1755
. : milestone, 1731,
appsec_no_iast (1.722 ms) : 1697, 1746
. : milestone, 1722,
iast (1.484 ms) : 1461, 1507
. : milestone, 1484,
profiling (1.489 ms) : 1466, 1512
. : milestone, 1489,
tracing (1.478 ms) : 1453, 1503
. : milestone, 1478,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~40efae556f, baseline=1.43.0-SNAPSHOT~0ab886489d
dateFormat X
axisFormat %s
section baseline
no_agent (1.462 ms) : 1450, 1473
. : milestone, 1462,
appsec (2.327 ms) : 2285, 2368
. : milestone, 2327,
iast (2.076 ms) : 2024, 2129
. : milestone, 2076,
iast_GLOBAL (2.11 ms) : 2057, 2162
. : milestone, 2110,
profiling (1.93 ms) : 1889, 1971
. : milestone, 1930,
tracing (1.914 ms) : 1874, 1953
. : milestone, 1914,
section candidate
no_agent (1.464 ms) : 1453, 1476
. : milestone, 1464,
appsec (2.331 ms) : 2290, 2373
. : milestone, 2331,
iast (2.071 ms) : 2018, 2123
. : milestone, 2071,
iast_GLOBAL (2.114 ms) : 2061, 2167
. : milestone, 2114,
profiling (1.942 ms) : 1900, 1984
. : milestone, 1942,
tracing (1.915 ms) : 1875, 1955
. : milestone, 1915,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~40efae556f, baseline=1.43.0-SNAPSHOT~0ab886489d
dateFormat X
axisFormat %s
section baseline
no_agent (14.852 s) : 14852000, 14852000
. : milestone, 14852000,
appsec (15.052 s) : 15052000, 15052000
. : milestone, 15052000,
iast (18.703 s) : 18703000, 18703000
. : milestone, 18703000,
iast_GLOBAL (18.486 s) : 18486000, 18486000
. : milestone, 18486000,
profiling (14.974 s) : 14974000, 14974000
. : milestone, 14974000,
tracing (15.081 s) : 15081000, 15081000
. : milestone, 15081000,
section candidate
no_agent (15.114 s) : 15114000, 15114000
. : milestone, 15114000,
appsec (15.075 s) : 15075000, 15075000
. : milestone, 15075000,
iast (18.793 s) : 18793000, 18793000
. : milestone, 18793000,
iast_GLOBAL (18.369 s) : 18369000, 18369000
. : milestone, 18369000,
profiling (15.172 s) : 15172000, 15172000
. : milestone, 15172000,
tracing (15.023 s) : 15023000, 15023000
. : milestone, 15023000,
|
Mariovido
approved these changes
Nov 13, 2024
jandro996
approved these changes
Nov 13, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Exclude
spark.*
from vunerability locations.Motivation
Avoid vulnerabilities such as header injection being reported with
spark.Response
as its location. The vulnerabilities will still be reported, but with the caller code as location.Additional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issue[ ] Update the public documentation in case of new configuration flag or behaviorJira ticket: APPSEC-55756
[