Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix issue with call sites in super calls to constructor #7991

Merged
merged 3 commits into from
Nov 24, 2024

Conversation

manuel-alvarez-alvarez
Copy link
Member

@manuel-alvarez-alvarez manuel-alvarez-alvarez commented Nov 21, 2024

What Does This Do

Fixes an issue in IAST with call-sites instrumenting constructor super calls. The Java compiler generates different bytecode when the <init> method is called from a new instruction or via super:

  • new
public class TestStringReaderSuite {
    public static void init(String input) {
        new StringReader(input);
    }
}
NEW java/io/StringReader
DUP
ALOAD 0
INVOKESPECIAL java/io/StringReader.<init> (Ljava/lang/String;)V
  • super
public class TestStringReaderIssue extends StringReader {
    public TestStringReaderIssue(String s) {
        super(s);
    }
}
ALOAD 0
ALOAD 1
INVOKESPECIAL java/io/StringReader.<init> (Ljava/lang/String;)V

This PR ensures that the CallSiteTransformer is able to deal with both cases successfully.

Motivation

One customer reported an issue when enabling IAST:

karta.servlet.ServletException: Handler processing failed: java.lang.VerifyError: Operand stack underflow
Exception Details:
  Location:
    x.y.z.StringReader.<init>(Ljava/lang/String;)V @12: dup_x2
  Reason:
    Attempt to pop empty stack.
  Current Frame:
    bci: @12
    flags: { flagThisUninit }
    locals: { uninitializedThis, 'java/lang/String' }
    stack: { uninitializedThis, '[Ljava/lang/Object;' }
  Bytecode:
    0000000: 2a2b 04bd 001b 5a5f 1000 5f53 5b59 0332
    0000010: c000 1d5f 57b7 0001 b800 232a 2bb5 0007
    0000020: b1

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-55918

@manuel-alvarez-alvarez manuel-alvarez-alvarez added type: bug comp: asm iast Application Security Management (IAST) labels Nov 21, 2024
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-callsites-super-ctor branch from 99bb102 to a3e6e6d Compare November 21, 2024 11:50
@pr-commenter
Copy link

pr-commenter bot commented Nov 21, 2024

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/iast-fix-callsites-super-ctor
git_commit_date 1732311036 1732482081
git_commit_sha c8030bd 0468adc
release_version 1.43.0-SNAPSHOT~c8030bdceb 1.43.0-SNAPSHOT~0468adced4
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1732489584 1732489584
ci_job_id 718257247 718257247
ci_pipeline_id 49816719 49816719
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 47 metrics, 16 unstable metrics.

Startup time reports for insecure-bank
gantt
    title insecure-bank - global startup overhead: candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.093 s) : 0, 1092790
Total [baseline] (8.664 s) : 0, 8664425
Agent [candidate] (1.089 s) : 0, 1089082
Total [candidate] (8.641 s) : 0, 8640721
section iast
Agent [baseline] (1.225 s) : 0, 1224990
Total [baseline] (9.28 s) : 0, 9280199
Agent [candidate] (1.225 s) : 0, 1225162
Total [candidate] (9.217 s) : 0, 9217404
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.217 s) : 0, 1217102
Total [baseline] (9.184 s) : 0, 9183501
Agent [candidate] (1.226 s) : 0, 1226205
Total [candidate] (9.21 s) : 0, 9209915
section iast_TELEMETRY_OFF
Agent [baseline] (1.215 s) : 0, 1214788
Total [baseline] (9.191 s) : 0, 9191403
Agent [candidate] (1.224 s) : 0, 1223954
Total [candidate] (9.221 s) : 0, 9221379
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.093 s -
Agent iast 1.225 s 132.2 ms (12.1%)
Agent iast_HARDCODED_SECRET_DISABLED 1.217 s 124.312 ms (11.4%)
Agent iast_TELEMETRY_OFF 1.215 s 121.998 ms (11.2%)
Total tracing 8.664 s -
Total iast 9.28 s 615.774 ms (7.1%)
Total iast_HARDCODED_SECRET_DISABLED 9.184 s 519.076 ms (6.0%)
Total iast_TELEMETRY_OFF 9.191 s 526.978 ms (6.1%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.089 s -
Agent iast 1.225 s 136.079 ms (12.5%)
Agent iast_HARDCODED_SECRET_DISABLED 1.226 s 137.123 ms (12.6%)
Agent iast_TELEMETRY_OFF 1.224 s 134.872 ms (12.4%)
Total tracing 8.641 s -
Total iast 9.217 s 576.682 ms (6.7%)
Total iast_HARDCODED_SECRET_DISABLED 9.21 s 569.194 ms (6.6%)
Total iast_TELEMETRY_OFF 9.221 s 580.658 ms (6.7%)
gantt
    title insecure-bank - break down per module: candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (692.752 ms) : 0, 692752
BytebuddyAgent [candidate] (692.298 ms) : 0, 692298
GlobalTracer [baseline] (317.268 ms) : 0, 317268
GlobalTracer [candidate] (317.232 ms) : 0, 317232
AppSec [baseline] (54.784 ms) : 0, 54784
AppSec [candidate] (55.256 ms) : 0, 55256
Remote Config [baseline] (687.34 µs) : 0, 687
Remote Config [candidate] (683.385 µs) : 0, 683
Telemetry [baseline] (13.645 ms) : 0, 13645
Telemetry [candidate] (9.937 ms) : 0, 9937
section iast
BytebuddyAgent [baseline] (814.952 ms) : 0, 814952
BytebuddyAgent [candidate] (815.199 ms) : 0, 815199
GlobalTracer [baseline] (308.236 ms) : 0, 308236
GlobalTracer [candidate] (308.792 ms) : 0, 308792
AppSec [baseline] (57.898 ms) : 0, 57898
AppSec [candidate] (58.215 ms) : 0, 58215
IAST [baseline] (21.977 ms) : 0, 21977
IAST [candidate] (21.02 ms) : 0, 21020
Remote Config [baseline] (617.275 µs) : 0, 617
Remote Config [candidate] (638.151 µs) : 0, 638
Telemetry [baseline] (7.544 ms) : 0, 7544
Telemetry [candidate] (7.532 ms) : 0, 7532
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (809.665 ms) : 0, 809665
BytebuddyAgent [candidate] (815.634 ms) : 0, 815634
GlobalTracer [baseline] (307.047 ms) : 0, 307047
GlobalTracer [candidate] (309.2 ms) : 0, 309200
AppSec [baseline] (58.056 ms) : 0, 58056
AppSec [candidate] (57.482 ms) : 0, 57482
IAST [baseline] (20.568 ms) : 0, 20568
IAST [candidate] (21.888 ms) : 0, 21888
Remote Config [baseline] (613.303 µs) : 0, 613
Remote Config [candidate] (641.121 µs) : 0, 641
Telemetry [baseline] (7.469 ms) : 0, 7469
Telemetry [candidate] (7.57 ms) : 0, 7570
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (807.447 ms) : 0, 807447
BytebuddyAgent [candidate] (813.831 ms) : 0, 813831
GlobalTracer [baseline] (306.477 ms) : 0, 306477
GlobalTracer [candidate] (308.546 ms) : 0, 308546
AppSec [baseline] (56.88 ms) : 0, 56880
AppSec [candidate] (56.42 ms) : 0, 56420
IAST [baseline] (21.365 ms) : 0, 21365
IAST [candidate] (23.255 ms) : 0, 23255
Remote Config [baseline] (649.389 µs) : 0, 649
Remote Config [candidate] (644.71 µs) : 0, 645
Telemetry [baseline] (8.289 ms) : 0, 8289
Telemetry [candidate] (7.451 ms) : 0, 7451
Loading
Startup time reports for petclinic
gantt
    title petclinic - global startup overhead: candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.084 s) : 0, 1084062
Total [baseline] (10.432 s) : 0, 10432307
Agent [candidate] (1.09 s) : 0, 1090403
Total [candidate] (10.406 s) : 0, 10406445
section appsec
Agent [baseline] (1.223 s) : 0, 1222735
Total [baseline] (10.738 s) : 0, 10738260
Agent [candidate] (1.222 s) : 0, 1222107
Total [candidate] (10.704 s) : 0, 10703946
section iast
Agent [baseline] (1.233 s) : 0, 1232912
Total [baseline] (11.006 s) : 0, 11006315
Agent [candidate] (1.218 s) : 0, 1218407
Total [candidate] (10.929 s) : 0, 10929083
section profiling
Agent [baseline] (1.316 s) : 0, 1315861
Total [baseline] (10.827 s) : 0, 10826807
Agent [candidate] (1.318 s) : 0, 1317812
Total [candidate] (10.758 s) : 0, 10757935
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.084 s -
Agent appsec 1.223 s 138.672 ms (12.8%)
Agent iast 1.233 s 148.85 ms (13.7%)
Agent profiling 1.316 s 231.799 ms (21.4%)
Total tracing 10.432 s -
Total appsec 10.738 s 305.953 ms (2.9%)
Total iast 11.006 s 574.008 ms (5.5%)
Total profiling 10.827 s 394.5 ms (3.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.09 s -
Agent appsec 1.222 s 131.705 ms (12.1%)
Agent iast 1.218 s 128.005 ms (11.7%)
Agent profiling 1.318 s 227.41 ms (20.9%)
Total tracing 10.406 s -
Total appsec 10.704 s 297.501 ms (2.9%)
Total iast 10.929 s 522.639 ms (5.0%)
Total profiling 10.758 s 351.491 ms (3.4%)
gantt
    title petclinic - break down per module: candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (689.92 ms) : 0, 689920
BytebuddyAgent [candidate] (692.007 ms) : 0, 692007
GlobalTracer [baseline] (316.088 ms) : 0, 316088
GlobalTracer [candidate] (317.28 ms) : 0, 317280
AppSec [baseline] (54.453 ms) : 0, 54453
AppSec [candidate] (54.701 ms) : 0, 54701
Remote Config [baseline] (702.87 µs) : 0, 703
Remote Config [candidate] (684.4 µs) : 0, 684
Telemetry [baseline] (9.207 ms) : 0, 9207
Telemetry [candidate] (12.022 ms) : 0, 12022
section appsec
BytebuddyAgent [baseline] (709.577 ms) : 0, 709577
BytebuddyAgent [candidate] (709.569 ms) : 0, 709569
GlobalTracer [baseline] (313.848 ms) : 0, 313848
GlobalTracer [candidate] (314.124 ms) : 0, 314124
AppSec [baseline] (165.751 ms) : 0, 165751
AppSec [candidate] (164.938 ms) : 0, 164938
IAST [baseline] (21.338 ms) : 0, 21338
IAST [candidate] (21.2 ms) : 0, 21200
Remote Config [baseline] (643.243 µs) : 0, 643
Remote Config [candidate] (647.222 µs) : 0, 647
Telemetry [baseline] (8.559 ms) : 0, 8559
Telemetry [candidate] (8.542 ms) : 0, 8542
section iast
BytebuddyAgent [baseline] (822.07 ms) : 0, 822070
BytebuddyAgent [candidate] (810.416 ms) : 0, 810416
GlobalTracer [baseline] (309.478 ms) : 0, 309478
GlobalTracer [candidate] (307.479 ms) : 0, 307479
AppSec [baseline] (57.719 ms) : 0, 57719
AppSec [candidate] (56.372 ms) : 0, 56372
IAST [baseline] (21.688 ms) : 0, 21688
IAST [candidate] (22.346 ms) : 0, 22346
Remote Config [baseline] (604.398 µs) : 0, 604
Remote Config [candidate] (617.49 µs) : 0, 617
Telemetry [baseline] (7.457 ms) : 0, 7457
Telemetry [candidate] (7.429 ms) : 0, 7429
section profiling
BytebuddyAgent [baseline] (686.222 ms) : 0, 686222
BytebuddyAgent [candidate] (687.338 ms) : 0, 687338
GlobalTracer [baseline] (434.755 ms) : 0, 434755
GlobalTracer [candidate] (436.216 ms) : 0, 436216
AppSec [baseline] (53.753 ms) : 0, 53753
AppSec [candidate] (53.624 ms) : 0, 53624
Remote Config [baseline] (686.348 µs) : 0, 686
Remote Config [candidate] (671.76 µs) : 0, 672
Telemetry [baseline] (7.733 ms) : 0, 7733
Telemetry [candidate] (7.801 ms) : 0, 7801
ProfilingAgent [baseline] (93.55 ms) : 0, 93550
ProfilingAgent [candidate] (93.005 ms) : 0, 93005
Profiling [baseline] (93.573 ms) : 0, 93573
Profiling [candidate] (93.028 ms) : 0, 93028
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-11-24T22:39:51 2024-11-24T22:46:49
git_branch master malvarez/iast-fix-callsites-super-ctor
git_commit_date 1732311036 1732482081
git_commit_sha c8030bd 0468adc
release_version 1.43.0-SNAPSHOT~c8030bdceb 1.43.0-SNAPSHOT~0468adced4
start_time 2024-11-24T22:39:37 2024-11-24T22:46:35
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1732488764 1732488764
ci_job_id 718257246 718257246
ci_pipeline_id 49816719 49816719
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics.

Request duration reports for insecure-bank
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb
    dateFormat X
    axisFormat %s
section baseline
no_agent (376.624 µs) : 356, 397
.   : milestone, 377,
iast (489.463 µs) : 468, 511
.   : milestone, 489,
iast_FULL (653.941 µs) : 632, 676
.   : milestone, 654,
iast_GLOBAL (514.304 µs) : 493, 536
.   : milestone, 514,
iast_HARDCODED_SECRET_DISABLED (496.114 µs) : 474, 518
.   : milestone, 496,
iast_INACTIVE (451.659 µs) : 431, 472
.   : milestone, 452,
iast_TELEMETRY_OFF (479.799 µs) : 459, 501
.   : milestone, 480,
tracing (450.435 µs) : 429, 472
.   : milestone, 450,
section candidate
no_agent (384.279 µs) : 365, 404
.   : milestone, 384,
iast (491.783 µs) : 470, 513
.   : milestone, 492,
iast_FULL (649.56 µs) : 628, 671
.   : milestone, 650,
iast_GLOBAL (529.854 µs) : 507, 553
.   : milestone, 530,
iast_HARDCODED_SECRET_DISABLED (495.686 µs) : 474, 517
.   : milestone, 496,
iast_INACTIVE (453.653 µs) : 432, 475
.   : milestone, 454,
iast_TELEMETRY_OFF (477.504 µs) : 456, 499
.   : milestone, 478,
tracing (451.057 µs) : 430, 472
.   : milestone, 451,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 376.624 µs [355.947 µs, 397.301 µs] -
iast 489.463 µs [468.073 µs, 510.853 µs] 112.839 µs (30.0%)
iast_FULL 653.941 µs [632.332 µs, 675.549 µs] 277.317 µs (73.6%)
iast_GLOBAL 514.304 µs [493.057 µs, 535.55 µs] 137.679 µs (36.6%)
iast_HARDCODED_SECRET_DISABLED 496.114 µs [474.151 µs, 518.077 µs] 119.49 µs (31.7%)
iast_INACTIVE 451.659 µs [430.942 µs, 472.377 µs] 75.035 µs (19.9%)
iast_TELEMETRY_OFF 479.799 µs [458.532 µs, 501.067 µs] 103.175 µs (27.4%)
tracing 450.435 µs [429.124 µs, 471.747 µs] 73.811 µs (19.6%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 384.279 µs [364.611 µs, 403.947 µs] -
iast 491.783 µs [470.439 µs, 513.127 µs] 107.503 µs (28.0%)
iast_FULL 649.56 µs [628.203 µs, 670.917 µs] 265.281 µs (69.0%)
iast_GLOBAL 529.854 µs [507.094 µs, 552.615 µs] 145.575 µs (37.9%)
iast_HARDCODED_SECRET_DISABLED 495.686 µs [474.008 µs, 517.363 µs] 111.406 µs (29.0%)
iast_INACTIVE 453.653 µs [432.208 µs, 475.098 µs] 69.374 µs (18.1%)
iast_TELEMETRY_OFF 477.504 µs [456.236 µs, 498.772 µs] 93.225 µs (24.3%)
tracing 451.057 µs [430.188 µs, 471.925 µs] 66.777 µs (17.4%)
Request duration reports for petclinic
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.353 ms) : 1334, 1373
.   : milestone, 1353,
appsec (1.736 ms) : 1711, 1761
.   : milestone, 1736,
appsec_no_iast (1.766 ms) : 1742, 1791
.   : milestone, 1766,
iast (1.489 ms) : 1466, 1512
.   : milestone, 1489,
profiling (1.539 ms) : 1515, 1563
.   : milestone, 1539,
tracing (1.486 ms) : 1462, 1511
.   : milestone, 1486,
section candidate
no_agent (1.355 ms) : 1336, 1375
.   : milestone, 1355,
appsec (1.755 ms) : 1730, 1780
.   : milestone, 1755,
appsec_no_iast (1.765 ms) : 1741, 1788
.   : milestone, 1765,
iast (1.503 ms) : 1481, 1525
.   : milestone, 1503,
profiling (1.565 ms) : 1540, 1590
.   : milestone, 1565,
tracing (1.489 ms) : 1464, 1514
.   : milestone, 1489,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.353 ms [1.334 ms, 1.373 ms] -
appsec 1.736 ms [1.711 ms, 1.761 ms] 383.099 µs (28.3%)
appsec_no_iast 1.766 ms [1.742 ms, 1.791 ms] 413.094 µs (30.5%)
iast 1.489 ms [1.466 ms, 1.512 ms] 135.543 µs (10.0%)
profiling 1.539 ms [1.515 ms, 1.563 ms] 185.559 µs (13.7%)
tracing 1.486 ms [1.462 ms, 1.511 ms] 133.039 µs (9.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.355 ms [1.336 ms, 1.375 ms] -
appsec 1.755 ms [1.73 ms, 1.78 ms] 399.354 µs (29.5%)
appsec_no_iast 1.765 ms [1.741 ms, 1.788 ms] 409.158 µs (30.2%)
iast 1.503 ms [1.481 ms, 1.525 ms] 147.48 µs (10.9%)
profiling 1.565 ms [1.54 ms, 1.59 ms] 209.349 µs (15.4%)
tracing 1.489 ms [1.464 ms, 1.514 ms] 133.141 µs (9.8%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/iast-fix-callsites-super-ctor
git_commit_date 1732311036 1732482081
git_commit_sha c8030bd 0468adc
release_version 1.43.0-SNAPSHOT~c8030bdceb 1.43.0-SNAPSHOT~0468adced4
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1732489155 1732489155
ci_job_id 718257227 718257227
ci_pipeline_id 49816719 49816719
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.475 ms) : 1464, 1487
.   : milestone, 1475,
appsec (2.34 ms) : 2299, 2381
.   : milestone, 2340,
iast (2.084 ms) : 2032, 2136
.   : milestone, 2084,
iast_GLOBAL (2.128 ms) : 2076, 2180
.   : milestone, 2128,
profiling (1.955 ms) : 1913, 1996
.   : milestone, 1955,
tracing (1.923 ms) : 1883, 1963
.   : milestone, 1923,
section candidate
no_agent (1.469 ms) : 1457, 1480
.   : milestone, 1469,
appsec (2.344 ms) : 2303, 2385
.   : milestone, 2344,
iast (2.089 ms) : 2037, 2142
.   : milestone, 2089,
iast_GLOBAL (2.126 ms) : 2074, 2179
.   : milestone, 2126,
profiling (1.973 ms) : 1930, 2016
.   : milestone, 1973,
tracing (1.935 ms) : 1894, 1975
.   : milestone, 1935,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.475 ms [1.464 ms, 1.487 ms] -
appsec 2.34 ms [2.299 ms, 2.381 ms] 864.599 µs (58.6%)
iast 2.084 ms [2.032 ms, 2.136 ms] 608.294 µs (41.2%)
iast_GLOBAL 2.128 ms [2.076 ms, 2.18 ms] 652.353 µs (44.2%)
profiling 1.955 ms [1.913 ms, 1.996 ms] 479.171 µs (32.5%)
tracing 1.923 ms [1.883 ms, 1.963 ms] 447.386 µs (30.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.469 ms [1.457 ms, 1.48 ms] -
appsec 2.344 ms [2.303 ms, 2.385 ms] 875.141 µs (59.6%)
iast 2.089 ms [2.037 ms, 2.142 ms] 620.216 µs (42.2%)
iast_GLOBAL 2.126 ms [2.074 ms, 2.179 ms] 657.208 µs (44.7%)
profiling 1.973 ms [1.93 ms, 2.016 ms] 503.922 µs (34.3%)
tracing 1.935 ms [1.894 ms, 1.975 ms] 465.635 µs (31.7%)
Execution time for biojava
gantt
    title biojava - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.031 s) : 15031000, 15031000
.   : milestone, 15031000,
appsec (15.07 s) : 15070000, 15070000
.   : milestone, 15070000,
iast (18.71 s) : 18710000, 18710000
.   : milestone, 18710000,
iast_GLOBAL (17.693 s) : 17693000, 17693000
.   : milestone, 17693000,
profiling (14.704 s) : 14704000, 14704000
.   : milestone, 14704000,
tracing (14.851 s) : 14851000, 14851000
.   : milestone, 14851000,
section candidate
no_agent (14.916 s) : 14916000, 14916000
.   : milestone, 14916000,
appsec (15.165 s) : 15165000, 15165000
.   : milestone, 15165000,
iast (18.856 s) : 18856000, 18856000
.   : milestone, 18856000,
iast_GLOBAL (18.103 s) : 18103000, 18103000
.   : milestone, 18103000,
profiling (14.817 s) : 14817000, 14817000
.   : milestone, 14817000,
tracing (14.839 s) : 14839000, 14839000
.   : milestone, 14839000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.031 s [15.031 s, 15.031 s] -
appsec 15.07 s [15.07 s, 15.07 s] 39.0 ms (0.3%)
iast 18.71 s [18.71 s, 18.71 s] 3.679 s (24.5%)
iast_GLOBAL 17.693 s [17.693 s, 17.693 s] 2.662 s (17.7%)
profiling 14.704 s [14.704 s, 14.704 s] -327.0 ms (-2.2%)
tracing 14.851 s [14.851 s, 14.851 s] -180.0 ms (-1.2%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.916 s [14.916 s, 14.916 s] -
appsec 15.165 s [15.165 s, 15.165 s] 249.0 ms (1.7%)
iast 18.856 s [18.856 s, 18.856 s] 3.94 s (26.4%)
iast_GLOBAL 18.103 s [18.103 s, 18.103 s] 3.187 s (21.4%)
profiling 14.817 s [14.817 s, 14.817 s] -99.0 ms (-0.7%)
tracing 14.839 s [14.839 s, 14.839 s] -77.0 ms (-0.5%)

@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-callsites-super-ctor branch from a3e6e6d to 1430279 Compare November 21, 2024 15:24
@manuel-alvarez-alvarez manuel-alvarez-alvarez requested a review from a team as a code owner November 21, 2024 15:24
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-callsites-super-ctor branch 2 times, most recently from 47f7387 to 3ca1eed Compare November 21, 2024 15:33
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-callsites-super-ctor branch 3 times, most recently from 4ce7c30 to a09f99e Compare November 22, 2024 15:20
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-callsites-super-ctor branch from a09f99e to 9ecadb3 Compare November 24, 2024 20:30
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-fix-callsites-super-ctor branch from 9ecadb3 to 0468adc Compare November 24, 2024 21:01
@manuel-alvarez-alvarez manuel-alvarez-alvarez merged commit 4925a50 into master Nov 24, 2024
102 checks passed
@manuel-alvarez-alvarez manuel-alvarez-alvarez deleted the malvarez/iast-fix-callsites-super-ctor branch November 24, 2024 23:13
@github-actions github-actions bot added this to the 1.43.0 milestone Nov 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
comp: asm iast Application Security Management (IAST) type: bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants