-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not reset IAST concurrent request counter #7963
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 56 metrics, 7 unstable metrics. Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.43.0-SNAPSHOT~87c5c789f5, baseline=1.43.0-SNAPSHOT~6181783bd1
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.082 s) : 0, 1081896
Total [baseline] (8.577 s) : 0, 8576927
Agent [candidate] (1.08 s) : 0, 1080000
Total [candidate] (8.545 s) : 0, 8545158
section iast
Agent [baseline] (1.214 s) : 0, 1213894
Total [baseline] (9.138 s) : 0, 9138318
Agent [candidate] (1.206 s) : 0, 1205815
Total [candidate] (9.105 s) : 0, 9105033
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.215 s) : 0, 1215112
Total [baseline] (9.116 s) : 0, 9116366
Agent [candidate] (1.209 s) : 0, 1209455
Total [candidate] (9.103 s) : 0, 9103220
section iast_TELEMETRY_OFF
Agent [baseline] (1.213 s) : 0, 1213110
Total [baseline] (9.152 s) : 0, 9151884
Agent [candidate] (1.203 s) : 0, 1202543
Total [candidate] (9.104 s) : 0, 9104128
gantt
title insecure-bank - break down per module: candidate=1.43.0-SNAPSHOT~87c5c789f5, baseline=1.43.0-SNAPSHOT~6181783bd1
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (687.091 ms) : 0, 687091
BytebuddyAgent [candidate] (685.79 ms) : 0, 685790
GlobalTracer [baseline] (316.224 ms) : 0, 316224
GlobalTracer [candidate] (315.225 ms) : 0, 315225
AppSec [baseline] (54.314 ms) : 0, 54314
AppSec [candidate] (54.086 ms) : 0, 54086
Remote Config [baseline] (682.264 µs) : 0, 682
Remote Config [candidate] (682.07 µs) : 0, 682
Telemetry [baseline] (9.897 ms) : 0, 9897
Telemetry [candidate] (10.534 ms) : 0, 10534
section iast
BytebuddyAgent [baseline] (807.588 ms) : 0, 807588
BytebuddyAgent [candidate] (802.065 ms) : 0, 802065
GlobalTracer [baseline] (306.826 ms) : 0, 306826
GlobalTracer [candidate] (304.601 ms) : 0, 304601
AppSec [baseline] (57.361 ms) : 0, 57361
AppSec [candidate] (57.106 ms) : 0, 57106
IAST [baseline] (20.378 ms) : 0, 20378
IAST [candidate] (20.408 ms) : 0, 20408
Remote Config [baseline] (600.267 µs) : 0, 600
Remote Config [candidate] (600.312 µs) : 0, 600
Telemetry [baseline] (7.396 ms) : 0, 7396
Telemetry [candidate] (7.352 ms) : 0, 7352
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (807.759 ms) : 0, 807759
BytebuddyAgent [candidate] (802.954 ms) : 0, 802954
GlobalTracer [baseline] (306.77 ms) : 0, 306770
GlobalTracer [candidate] (307.045 ms) : 0, 307045
AppSec [baseline] (57.73 ms) : 0, 57730
AppSec [candidate] (57.308 ms) : 0, 57308
IAST [baseline] (20.814 ms) : 0, 20814
IAST [candidate] (20.454 ms) : 0, 20454
Remote Config [baseline] (620.385 µs) : 0, 620
Remote Config [candidate] (595.75 µs) : 0, 596
Telemetry [baseline] (7.639 ms) : 0, 7639
Telemetry [candidate] (7.383 ms) : 0, 7383
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (806.325 ms) : 0, 806325
BytebuddyAgent [candidate] (799.148 ms) : 0, 799148
GlobalTracer [baseline] (306.327 ms) : 0, 306327
GlobalTracer [candidate] (304.373 ms) : 0, 304373
AppSec [baseline] (58.07 ms) : 0, 58070
AppSec [candidate] (57.351 ms) : 0, 57351
IAST [baseline] (20.522 ms) : 0, 20522
IAST [candidate] (20.173 ms) : 0, 20173
Remote Config [baseline] (629.015 µs) : 0, 629
Remote Config [candidate] (601.476 µs) : 0, 601
Telemetry [baseline] (7.458 ms) : 0, 7458
Telemetry [candidate] (7.228 ms) : 0, 7228
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.43.0-SNAPSHOT~87c5c789f5, baseline=1.43.0-SNAPSHOT~6181783bd1
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.08 s) : 0, 1079971
Total [baseline] (10.409 s) : 0, 10409158
Agent [candidate] (1.082 s) : 0, 1081953
Total [candidate] (10.405 s) : 0, 10404920
section appsec
Agent [baseline] (1.218 s) : 0, 1217953
Total [baseline] (10.682 s) : 0, 10682289
Agent [candidate] (1.22 s) : 0, 1219676
Total [candidate] (10.684 s) : 0, 10683989
section iast
Agent [baseline] (1.206 s) : 0, 1205511
Total [baseline] (10.932 s) : 0, 10931518
Agent [candidate] (1.207 s) : 0, 1207192
Total [candidate] (10.849 s) : 0, 10848923
section profiling
Agent [baseline] (1.288 s) : 0, 1287789
Total [baseline] (10.785 s) : 0, 10784640
Agent [candidate] (1.287 s) : 0, 1286593
Total [candidate] (10.729 s) : 0, 10729054
gantt
title petclinic - break down per module: candidate=1.43.0-SNAPSHOT~87c5c789f5, baseline=1.43.0-SNAPSHOT~6181783bd1
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (685.601 ms) : 0, 685601
BytebuddyAgent [candidate] (688.05 ms) : 0, 688050
GlobalTracer [baseline] (315.423 ms) : 0, 315423
GlobalTracer [candidate] (315.887 ms) : 0, 315887
AppSec [baseline] (54.09 ms) : 0, 54090
AppSec [candidate] (54.366 ms) : 0, 54366
Remote Config [baseline] (682.35 µs) : 0, 682
Remote Config [candidate] (677.902 µs) : 0, 678
Telemetry [baseline] (10.562 ms) : 0, 10562
Telemetry [candidate] (9.241 ms) : 0, 9241
section appsec
BytebuddyAgent [baseline] (705.552 ms) : 0, 705552
BytebuddyAgent [candidate] (707.139 ms) : 0, 707139
GlobalTracer [baseline] (313.617 ms) : 0, 313617
GlobalTracer [candidate] (314.531 ms) : 0, 314531
AppSec [baseline] (167.31 ms) : 0, 167310
AppSec [candidate] (164.889 ms) : 0, 164889
Remote Config [baseline] (638.612 µs) : 0, 639
Remote Config [candidate] (638.583 µs) : 0, 639
Telemetry [baseline] (7.463 ms) : 0, 7463
Telemetry [candidate] (8.916 ms) : 0, 8916
IAST [baseline] (19.417 ms) : 0, 19417
IAST [candidate] (19.711 ms) : 0, 19711
section iast
BytebuddyAgent [baseline] (800.955 ms) : 0, 800955
BytebuddyAgent [candidate] (802.888 ms) : 0, 802888
GlobalTracer [baseline] (304.746 ms) : 0, 304746
GlobalTracer [candidate] (305.09 ms) : 0, 305090
AppSec [baseline] (56.698 ms) : 0, 56698
AppSec [candidate] (57.076 ms) : 0, 57076
Remote Config [baseline] (607.485 µs) : 0, 607
Remote Config [candidate] (603.903 µs) : 0, 604
Telemetry [baseline] (7.417 ms) : 0, 7417
Telemetry [candidate] (7.314 ms) : 0, 7314
IAST [baseline] (21.424 ms) : 0, 21424
IAST [candidate] (20.538 ms) : 0, 20538
section profiling
BytebuddyAgent [baseline] (686.851 ms) : 0, 686851
BytebuddyAgent [candidate] (685.632 ms) : 0, 685632
GlobalTracer [baseline] (401.261 ms) : 0, 401261
GlobalTracer [candidate] (400.727 ms) : 0, 400727
AppSec [baseline] (54.949 ms) : 0, 54949
AppSec [candidate] (54.93 ms) : 0, 54930
Remote Config [baseline] (670.413 µs) : 0, 670
Remote Config [candidate] (665.835 µs) : 0, 666
Telemetry [baseline] (13.484 ms) : 0, 13484
Telemetry [candidate] (10.65 ms) : 0, 10650
ProfilingAgent [baseline] (91.381 ms) : 0, 91381
ProfilingAgent [candidate] (94.756 ms) : 0, 94756
Profiling [baseline] (91.405 ms) : 0, 91405
Profiling [candidate] (94.78 ms) : 0, 94780
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 16 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~87c5c789f5, baseline=1.43.0-SNAPSHOT~6181783bd1
dateFormat X
axisFormat %s
section baseline
no_agent (371.566 µs) : 351, 392
. : milestone, 372,
iast (475.878 µs) : 455, 497
. : milestone, 476,
iast_FULL (636.187 µs) : 615, 657
. : milestone, 636,
iast_GLOBAL (510.44 µs) : 489, 532
. : milestone, 510,
iast_HARDCODED_SECRET_DISABLED (479.182 µs) : 458, 501
. : milestone, 479,
iast_INACTIVE (446.205 µs) : 425, 467
. : milestone, 446,
iast_TELEMETRY_OFF (471.528 µs) : 450, 493
. : milestone, 472,
tracing (443.56 µs) : 423, 464
. : milestone, 444,
section candidate
no_agent (367.869 µs) : 349, 387
. : milestone, 368,
iast (485.042 µs) : 464, 507
. : milestone, 485,
iast_FULL (637.065 µs) : 616, 658
. : milestone, 637,
iast_GLOBAL (504.355 µs) : 483, 526
. : milestone, 504,
iast_HARDCODED_SECRET_DISABLED (483.062 µs) : 462, 504
. : milestone, 483,
iast_INACTIVE (444.228 µs) : 423, 465
. : milestone, 444,
iast_TELEMETRY_OFF (475.806 µs) : 454, 498
. : milestone, 476,
tracing (442.243 µs) : 422, 463
. : milestone, 442,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~87c5c789f5, baseline=1.43.0-SNAPSHOT~6181783bd1
dateFormat X
axisFormat %s
section baseline
no_agent (1.33 ms) : 1311, 1350
. : milestone, 1330,
appsec (1.729 ms) : 1704, 1754
. : milestone, 1729,
appsec_no_iast (1.713 ms) : 1688, 1738
. : milestone, 1713,
iast (1.455 ms) : 1432, 1478
. : milestone, 1455,
profiling (1.476 ms) : 1454, 1499
. : milestone, 1476,
tracing (1.475 ms) : 1451, 1499
. : milestone, 1475,
section candidate
no_agent (1.327 ms) : 1308, 1346
. : milestone, 1327,
appsec (1.722 ms) : 1699, 1746
. : milestone, 1722,
appsec_no_iast (1.731 ms) : 1707, 1754
. : milestone, 1731,
iast (1.489 ms) : 1466, 1513
. : milestone, 1489,
profiling (1.486 ms) : 1463, 1509
. : milestone, 1486,
tracing (1.473 ms) : 1448, 1498
. : milestone, 1473,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~87c5c789f5, baseline=1.43.0-SNAPSHOT~6181783bd1
dateFormat X
axisFormat %s
section baseline
no_agent (15.148 s) : 15148000, 15148000
. : milestone, 15148000,
appsec (15.232 s) : 15232000, 15232000
. : milestone, 15232000,
iast (19.039 s) : 19039000, 19039000
. : milestone, 19039000,
iast_GLOBAL (18.289 s) : 18289000, 18289000
. : milestone, 18289000,
profiling (14.946 s) : 14946000, 14946000
. : milestone, 14946000,
tracing (15.312 s) : 15312000, 15312000
. : milestone, 15312000,
section candidate
no_agent (15.248 s) : 15248000, 15248000
. : milestone, 15248000,
appsec (15.04 s) : 15040000, 15040000
. : milestone, 15040000,
iast (18.943 s) : 18943000, 18943000
. : milestone, 18943000,
iast_GLOBAL (17.95 s) : 17950000, 17950000
. : milestone, 17950000,
profiling (14.875 s) : 14875000, 14875000
. : milestone, 14875000,
tracing (14.891 s) : 14891000, 14891000
. : milestone, 14891000,
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~87c5c789f5, baseline=1.43.0-SNAPSHOT~6181783bd1
dateFormat X
axisFormat %s
section baseline
no_agent (1.466 ms) : 1455, 1478
. : milestone, 1466,
appsec (2.331 ms) : 2290, 2373
. : milestone, 2331,
iast (2.065 ms) : 2013, 2117
. : milestone, 2065,
iast_GLOBAL (2.117 ms) : 2064, 2170
. : milestone, 2117,
profiling (1.959 ms) : 1915, 2003
. : milestone, 1959,
tracing (1.918 ms) : 1878, 1958
. : milestone, 1918,
section candidate
no_agent (1.464 ms) : 1453, 1475
. : milestone, 1464,
appsec (2.341 ms) : 2300, 2382
. : milestone, 2341,
iast (2.058 ms) : 2007, 2109
. : milestone, 2058,
iast_GLOBAL (2.109 ms) : 2057, 2162
. : milestone, 2109,
profiling (1.942 ms) : 1899, 1985
. : milestone, 1942,
tracing (1.914 ms) : 1874, 1953
. : milestone, 1914,
|
manuel-alvarez-alvarez
approved these changes
Nov 18, 2024
manuel-alvarez-alvarez
force-pushed
the
smola/avoid-iast-context-reset
branch
from
November 19, 2024 09:09
3765b7d
to
87c5c78
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Until now, every 30s we did reset some values for IAST overhead control, including the counter for maximum concurrent requests. This change does:
Motivation
We observed an akka-http service with an abnormal number of IAST contexts in the heap:
Additional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issue[ ] Update the public documentation in case of new configuration flag or behaviorJira ticket: APPSEC-55869