Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address cookie vulnerability cardinality issues #8210

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Address cookie vulnerability cardinality issues #8210

wants to merge 2 commits into from

Conversation

jandro996
Copy link
Member

@jandro996 jandro996 commented Jan 15, 2025
edited by jira bot
Loading

What Does This Do

Change the evidence hash calculation for the location one

Motivation

Using evidence for the cookie vulnerabilities hash is not the most effective approach. In some applications, a different cookie name is used per request or session. This leads to a large number of duplicate vulnerabilities. Deduplicating by location leads to a predictably low and bounded number of vulnerabilities.

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-56366

@jandro996 jandro996 added type: enhancement comp: asm iast Application Security Management (IAST) labels Jan 15, 2025
@jandro996 jandro996 force-pushed the alejandro.gonzalez/Address-cookie-vulnerability-cardinality-issues branch from 61b9d84 to 7fcd910 Compare January 15, 2025 14:52
@pr-commenter
Copy link

pr-commenter bot commented Jan 15, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/Address-cookie-vulnerability-cardinality-issues
git_commit_date 1736975505 1737012421
git_commit_sha 6ece325 af7b5fa
release_version 1.46.0-SNAPSHOT~6ece325a84 1.46.0-SNAPSHOT~af7b5fa5f3
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1737014953 1737014953
ci_job_id 768473858 768473858
ci_pipeline_id 53151392 53151392
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 59 metrics, 4 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.46.0-SNAPSHOT~af7b5fa5f3, baseline=1.46.0-SNAPSHOT~6ece325a84

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.055 s) : 0, 1054886
Total [baseline] (10.429 s) : 0, 10429022
Agent [candidate] (1.064 s) : 0, 1063517
Total [candidate] (10.49 s) : 0, 10489902
section appsec
Agent [baseline] (1.188 s) : 0, 1187801
Total [baseline] (10.665 s) : 0, 10664825
Agent [candidate] (1.192 s) : 0, 1192403
Total [candidate] (10.731 s) : 0, 10731144
section iast
Agent [baseline] (1.183 s) : 0, 1183217
Total [baseline] (11.053 s) : 0, 11053405
Agent [candidate] (1.181 s) : 0, 1180868
Total [candidate] (10.941 s) : 0, 10941146
section profiling
Agent [baseline] (1.252 s) : 0, 1252265
Total [baseline] (10.841 s) : 0, 10840591
Agent [candidate] (1.255 s) : 0, 1254763
Total [candidate] (10.783 s) : 0, 10782528
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.055 s -
Agent appsec 1.188 s 132.915 ms (12.6%)
Agent iast 1.183 s 128.33 ms (12.2%)
Agent profiling 1.252 s 197.378 ms (18.7%)
Total tracing 10.429 s -
Total appsec 10.665 s 235.803 ms (2.3%)
Total iast 11.053 s 624.383 ms (6.0%)
Total profiling 10.841 s 411.569 ms (3.9%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.064 s -
Agent appsec 1.192 s 128.887 ms (12.1%)
Agent iast 1.181 s 117.351 ms (11.0%)
Agent profiling 1.255 s 191.247 ms (18.0%)
Total tracing 10.49 s -
Total appsec 10.731 s 241.243 ms (2.3%)
Total iast 10.941 s 451.245 ms (4.3%)
Total profiling 10.783 s 292.627 ms (2.8%) 
gantt
    title petclinic - break down per module: candidate=1.46.0-SNAPSHOT~af7b5fa5f3, baseline=1.46.0-SNAPSHOT~6ece325a84

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (712.455 ms) : 0, 712455
BytebuddyAgent [candidate] (720.568 ms) : 0, 720568
GlobalTracer [baseline] (255.118 ms) : 0, 255118
GlobalTracer [candidate] (257.326 ms) : 0, 257326
AppSec [baseline] (55.811 ms) : 0, 55811
AppSec [candidate] (56.22 ms) : 0, 56220
Remote Config [baseline] (719.522 µs) : 0, 720
Remote Config [candidate] (733.278 µs) : 0, 733
Telemetry [baseline] (15.819 ms) : 0, 15819
Telemetry [candidate] (13.605 ms) : 0, 13605
section appsec
BytebuddyAgent [baseline] (730.843 ms) : 0, 730843
BytebuddyAgent [candidate] (734.134 ms) : 0, 734134
GlobalTracer [baseline] (252.827 ms) : 0, 252827
GlobalTracer [candidate] (253.296 ms) : 0, 253296
AppSec [baseline] (170.625 ms) : 0, 170625
AppSec [candidate] (171.246 ms) : 0, 171246
Remote Config [baseline] (660.808 µs) : 0, 661
Remote Config [candidate] (667.781 µs) : 0, 668
Telemetry [baseline] (8.205 ms) : 0, 8205
Telemetry [candidate] (8.228 ms) : 0, 8228
IAST [baseline] (19.364 ms) : 0, 19364
IAST [candidate] (19.502 ms) : 0, 19502
section iast
BytebuddyAgent [baseline] (832.478 ms) : 0, 832478
BytebuddyAgent [candidate] (829.822 ms) : 0, 829822
GlobalTracer [baseline] (246.885 ms) : 0, 246885
GlobalTracer [candidate] (247.722 ms) : 0, 247722
AppSec [baseline] (57.901 ms) : 0, 57901
AppSec [candidate] (57.792 ms) : 0, 57792
Remote Config [baseline] (670.751 µs) : 0, 671
Remote Config [candidate] (649.659 µs) : 0, 650
Telemetry [baseline] (8.745 ms) : 0, 8745
Telemetry [candidate] (8.587 ms) : 0, 8587
IAST [baseline] (21.523 ms) : 0, 21523
IAST [candidate] (21.302 ms) : 0, 21302
section profiling
BytebuddyAgent [baseline] (702.377 ms) : 0, 702377
BytebuddyAgent [candidate] (702.847 ms) : 0, 702847
GlobalTracer [baseline] (349.36 ms) : 0, 349360
GlobalTracer [candidate] (352.146 ms) : 0, 352146
AppSec [baseline] (54.615 ms) : 0, 54615
AppSec [candidate] (53.534 ms) : 0, 53534
Remote Config [baseline] (655.554 µs) : 0, 656
Remote Config [candidate] (676.477 µs) : 0, 676
Telemetry [baseline] (8.824 ms) : 0, 8824
Telemetry [candidate] (8.889 ms) : 0, 8889
ProfilingAgent [baseline] (94.578 ms) : 0, 94578
ProfilingAgent [candidate] (94.785 ms) : 0, 94785
Profiling [baseline] (94.603 ms) : 0, 94603
Profiling [candidate] (94.81 ms) : 0, 94810
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.46.0-SNAPSHOT~af7b5fa5f3, baseline=1.46.0-SNAPSHOT~6ece325a84

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.064 s) : 0, 1063569
Total [baseline] (8.648 s) : 0, 8647755
Agent [candidate] (1.071 s) : 0, 1071430
Total [candidate] (8.655 s) : 0, 8655282
section iast
Agent [baseline] (1.182 s) : 0, 1182422
Total [baseline] (9.194 s) : 0, 9193699
Agent [candidate] (1.19 s) : 0, 1190054
Total [candidate] (9.197 s) : 0, 9196511
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.18 s) : 0, 1180419
Total [baseline] (9.152 s) : 0, 9152189
Agent [candidate] (1.186 s) : 0, 1185668
Total [candidate] (9.22 s) : 0, 9220172
section iast_TELEMETRY_OFF
Agent [baseline] (1.188 s) : 0, 1187704
Total [baseline] (9.2 s) : 0, 9199812
Agent [candidate] (1.178 s) : 0, 1177642
Total [candidate] (9.188 s) : 0, 9188243
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.064 s -
Agent iast 1.182 s 118.853 ms (11.2%)
Agent iast_HARDCODED_SECRET_DISABLED 1.18 s 116.85 ms (11.0%)
Agent iast_TELEMETRY_OFF 1.188 s 124.135 ms (11.7%)
Total tracing 8.648 s -
Total iast 9.194 s 545.943 ms (6.3%)
Total iast_HARDCODED_SECRET_DISABLED 9.152 s 504.433 ms (5.8%)
Total iast_TELEMETRY_OFF 9.2 s 552.057 ms (6.4%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.071 s -
Agent iast 1.19 s 118.624 ms (11.1%)
Agent iast_HARDCODED_SECRET_DISABLED 1.186 s 114.238 ms (10.7%)
Agent iast_TELEMETRY_OFF 1.178 s 106.212 ms (9.9%)
Total tracing 8.655 s -
Total iast 9.197 s 541.229 ms (6.3%)
Total iast_HARDCODED_SECRET_DISABLED 9.22 s 564.89 ms (6.5%)
Total iast_TELEMETRY_OFF 9.188 s 532.961 ms (6.2%) 
gantt
    title insecure-bank - break down per module: candidate=1.46.0-SNAPSHOT~af7b5fa5f3, baseline=1.46.0-SNAPSHOT~6ece325a84

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (721.062 ms) : 0, 721062
BytebuddyAgent [candidate] (723.638 ms) : 0, 723638
GlobalTracer [baseline] (258.14 ms) : 0, 258140
GlobalTracer [candidate] (260.399 ms) : 0, 260399
AppSec [baseline] (56.373 ms) : 0, 56373
AppSec [candidate] (56.915 ms) : 0, 56915
Remote Config [baseline] (727.642 µs) : 0, 728
Remote Config [candidate] (738.267 µs) : 0, 738
Telemetry [baseline] (12.1 ms) : 0, 12100
Telemetry [candidate] (14.538 ms) : 0, 14538
section iast
BytebuddyAgent [baseline] (832.131 ms) : 0, 832131
BytebuddyAgent [candidate] (838.09 ms) : 0, 838090
GlobalTracer [baseline] (246.688 ms) : 0, 246688
GlobalTracer [candidate] (247.9 ms) : 0, 247900
AppSec [baseline] (58.044 ms) : 0, 58044
AppSec [candidate] (57.933 ms) : 0, 57933
Remote Config [baseline] (657.635 µs) : 0, 658
Remote Config [candidate] (682.455 µs) : 0, 682
Telemetry [baseline] (8.684 ms) : 0, 8684
Telemetry [candidate] (8.738 ms) : 0, 8738
IAST [baseline] (21.221 ms) : 0, 21221
IAST [candidate] (21.585 ms) : 0, 21585
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (829.978 ms) : 0, 829978
BytebuddyAgent [candidate] (834.323 ms) : 0, 834323
GlobalTracer [baseline] (246.386 ms) : 0, 246386
GlobalTracer [candidate] (247.189 ms) : 0, 247189
AppSec [baseline] (58.043 ms) : 0, 58043
AppSec [candidate] (58.09 ms) : 0, 58090
Remote Config [baseline] (658.572 µs) : 0, 659
Remote Config [candidate] (676.626 µs) : 0, 677
Telemetry [baseline] (8.763 ms) : 0, 8763
Telemetry [candidate] (8.783 ms) : 0, 8783
IAST [baseline] (21.571 ms) : 0, 21571
IAST [candidate] (21.447 ms) : 0, 21447
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (835.576 ms) : 0, 835576
BytebuddyAgent [candidate] (827.86 ms) : 0, 827860
GlobalTracer [baseline] (248.37 ms) : 0, 248370
GlobalTracer [candidate] (246.6 ms) : 0, 246600
AppSec [baseline] (58.035 ms) : 0, 58035
AppSec [candidate] (57.916 ms) : 0, 57916
Remote Config [baseline] (680.265 µs) : 0, 680
Remote Config [candidate] (664.377 µs) : 0, 664
Telemetry [baseline] (8.749 ms) : 0, 8749
Telemetry [candidate] (8.7 ms) : 0, 8700
IAST [baseline] (21.214 ms) : 0, 21214
IAST [candidate] (20.877 ms) : 0, 20877
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2025-01-16T07:39:14 2025-01-16T07:46:16
git_branch master alejandro.gonzalez/Address-cookie-vulnerability-cardinality-issues
git_commit_date 1736975505 1737012421
git_commit_sha 6ece325 af7b5fa
release_version 1.46.0-SNAPSHOT~6ece325a84 1.46.0-SNAPSHOT~af7b5fa5f3
start_time 2025-01-16T07:39:00 2025-01-16T07:46:03
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1737013934 1737013934
ci_job_id 768473859 768473859
ci_pipeline_id 53151392 53151392
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics.

Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.46.0-SNAPSHOT~af7b5fa5f3, baseline=1.46.0-SNAPSHOT~6ece325a84
    dateFormat X
    axisFormat %s
section baseline
no_agent (374.131 µs) : 354, 394
.   : milestone, 374,
iast (499.801 µs) : 478, 521
.   : milestone, 500,
iast_FULL (741.899 µs) : 720, 764
.   : milestone, 742,
iast_GLOBAL (548.151 µs) : 526, 570
.   : milestone, 548,
iast_HARDCODED_SECRET_DISABLED (501.307 µs) : 480, 523
.   : milestone, 501,
iast_INACTIVE (449.236 µs) : 428, 470
.   : milestone, 449,
iast_TELEMETRY_OFF (485.501 µs) : 464, 507
.   : milestone, 486,
tracing (450.047 µs) : 428, 472
.   : milestone, 450,
section candidate
no_agent (380.931 µs) : 361, 401
.   : milestone, 381,
iast (501.937 µs) : 480, 523
.   : milestone, 502,
iast_FULL (744.772 µs) : 723, 767
.   : milestone, 745,
iast_GLOBAL (559.6 µs) : 536, 583
.   : milestone, 560,
iast_HARDCODED_SECRET_DISABLED (506.265 µs) : 484, 528
.   : milestone, 506,
iast_INACTIVE (450.172 µs) : 429, 471
.   : milestone, 450,
iast_TELEMETRY_OFF (485.046 µs) : 464, 507
.   : milestone, 485,
tracing (450.039 µs) : 429, 471
.   : milestone, 450,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 374.131 µs [354.4 µs, 393.862 µs] -
iast 499.801 µs [478.25 µs, 521.352 µs] 125.67 µs (33.6%)
iast_FULL 741.899 µs [720.073 µs, 763.724 µs] 367.768 µs (98.3%)
iast_GLOBAL 548.151 µs [525.921 µs, 570.381 µs] 174.02 µs (46.5%)
iast_HARDCODED_SECRET_DISABLED 501.307 µs [479.775 µs, 522.838 µs] 127.176 µs (34.0%)
iast_INACTIVE 449.236 µs [428.417 µs, 470.055 µs] 75.105 µs (20.1%)
iast_TELEMETRY_OFF 485.501 µs [464.061 µs, 506.941 µs] 111.37 µs (29.8%)
tracing 450.047 µs [428.398 µs, 471.696 µs] 75.916 µs (20.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 380.931 µs [361.102 µs, 400.759 µs] -
iast 501.937 µs [480.397 µs, 523.476 µs] 121.006 µs (31.8%)
iast_FULL 744.772 µs [722.718 µs, 766.826 µs] 363.842 µs (95.5%)
iast_GLOBAL 559.6 µs [535.993 µs, 583.207 µs] 178.67 µs (46.9%)
iast_HARDCODED_SECRET_DISABLED 506.265 µs [484.359 µs, 528.171 µs] 125.334 µs (32.9%)
iast_INACTIVE 450.172 µs [429.241 µs, 471.103 µs] 69.241 µs (18.2%)
iast_TELEMETRY_OFF 485.046 µs [463.508 µs, 506.585 µs] 104.116 µs (27.3%)
tracing 450.039 µs [428.958 µs, 471.119 µs] 69.108 µs (18.1%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.46.0-SNAPSHOT~af7b5fa5f3, baseline=1.46.0-SNAPSHOT~6ece325a84
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.341 ms) : 1322, 1361
.   : milestone, 1341,
appsec (1.736 ms) : 1712, 1761
.   : milestone, 1736,
appsec_no_iast (1.734 ms) : 1710, 1757
.   : milestone, 1734,
iast (1.498 ms) : 1474, 1523
.   : milestone, 1498,
profiling (1.557 ms) : 1531, 1584
.   : milestone, 1557,
tracing (1.471 ms) : 1446, 1496
.   : milestone, 1471,
section candidate
no_agent (1.367 ms) : 1348, 1386
.   : milestone, 1367,
appsec (1.755 ms) : 1731, 1779
.   : milestone, 1755,
appsec_no_iast (1.749 ms) : 1725, 1772
.   : milestone, 1749,
iast (1.519 ms) : 1495, 1544
.   : milestone, 1519,
profiling (1.52 ms) : 1494, 1545
.   : milestone, 1520,
tracing (1.47 ms) : 1445, 1496
.   : milestone, 1470,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.341 ms [1.322 ms, 1.361 ms] -
appsec 1.736 ms [1.712 ms, 1.761 ms] 395.414 µs (29.5%)
appsec_no_iast 1.734 ms [1.71 ms, 1.757 ms] 392.467 µs (29.3%)
iast 1.498 ms [1.474 ms, 1.523 ms] 157.398 µs (11.7%)
profiling 1.557 ms [1.531 ms, 1.584 ms] 216.292 µs (16.1%)
tracing 1.471 ms [1.446 ms, 1.496 ms] 130.043 µs (9.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.367 ms [1.348 ms, 1.386 ms] -
appsec 1.755 ms [1.731 ms, 1.779 ms] 388.139 µs (28.4%)
appsec_no_iast 1.749 ms [1.725 ms, 1.772 ms] 381.806 µs (27.9%)
iast 1.519 ms [1.495 ms, 1.544 ms] 152.519 µs (11.2%)
profiling 1.52 ms [1.494 ms, 1.545 ms] 152.615 µs (11.2%)
tracing 1.47 ms [1.445 ms, 1.496 ms] 103.422 µs (7.6%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/Address-cookie-vulnerability-cardinality-issues
git_commit_date 1736975505 1737012421
git_commit_sha 6ece325 af7b5fa
release_version 1.46.0-SNAPSHOT~6ece325a84 1.46.0-SNAPSHOT~af7b5fa5f3
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1737014515 1737014515
ci_job_id 768473860 768473860
ci_pipeline_id 53151392 53151392
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.46.0-SNAPSHOT~af7b5fa5f3, baseline=1.46.0-SNAPSHOT~6ece325a84
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.516 s) : 15516000, 15516000
.   : milestone, 15516000,
appsec (15.35 s) : 15350000, 15350000
.   : milestone, 15350000,
iast (18.238 s) : 18238000, 18238000
.   : milestone, 18238000,
iast_GLOBAL (18.133 s) : 18133000, 18133000
.   : milestone, 18133000,
profiling (15.196 s) : 15196000, 15196000
.   : milestone, 15196000,
tracing (14.886 s) : 14886000, 14886000
.   : milestone, 14886000,
section candidate
no_agent (14.963 s) : 14963000, 14963000
.   : milestone, 14963000,
appsec (14.939 s) : 14939000, 14939000
.   : milestone, 14939000,
iast (18.716 s) : 18716000, 18716000
.   : milestone, 18716000,
iast_GLOBAL (18.309 s) : 18309000, 18309000
.   : milestone, 18309000,
profiling (15.602 s) : 15602000, 15602000
.   : milestone, 15602000,
tracing (14.917 s) : 14917000, 14917000
.   : milestone, 14917000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.516 s [15.516 s, 15.516 s] -
appsec 15.35 s [15.35 s, 15.35 s] -166.0 ms (-1.1%)
iast 18.238 s [18.238 s, 18.238 s] 2.722 s (17.5%)
iast_GLOBAL 18.133 s [18.133 s, 18.133 s] 2.617 s (16.9%)
profiling 15.196 s [15.196 s, 15.196 s] -320.0 ms (-2.1%)
tracing 14.886 s [14.886 s, 14.886 s] -630.0 ms (-4.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.963 s [14.963 s, 14.963 s] -
appsec 14.939 s [14.939 s, 14.939 s] -24.0 ms (-0.2%)
iast 18.716 s [18.716 s, 18.716 s] 3.753 s (25.1%)
iast_GLOBAL 18.309 s [18.309 s, 18.309 s] 3.346 s (22.4%)
profiling 15.602 s [15.602 s, 15.602 s] 639.0 ms (4.3%)
tracing 14.917 s [14.917 s, 14.917 s] -46.0 ms (-0.3%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.46.0-SNAPSHOT~af7b5fa5f3, baseline=1.46.0-SNAPSHOT~6ece325a84
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.474 ms) : 1462, 1485
.   : milestone, 1474,
appsec (2.373 ms) : 2330, 2416
.   : milestone, 2373,
iast (2.121 ms) : 2065, 2176
.   : milestone, 2121,
iast_GLOBAL (2.16 ms) : 2105, 2215
.   : milestone, 2160,
profiling (1.981 ms) : 1936, 2026
.   : milestone, 1981,
tracing (1.95 ms) : 1908, 1993
.   : milestone, 1950,
section candidate
no_agent (1.473 ms) : 1462, 1485
.   : milestone, 1473,
appsec (2.37 ms) : 2326, 2413
.   : milestone, 2370,
iast (2.119 ms) : 2064, 2174
.   : milestone, 2119,
iast_GLOBAL (2.162 ms) : 2107, 2217
.   : milestone, 2162,
profiling (1.995 ms) : 1950, 2040
.   : milestone, 1995,
tracing (1.954 ms) : 1912, 1996
.   : milestone, 1954,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.474 ms [1.462 ms, 1.485 ms] -
appsec 2.373 ms [2.33 ms, 2.416 ms] 899.435 µs (61.0%)
iast 2.121 ms [2.065 ms, 2.176 ms] 646.691 µs (43.9%)
iast_GLOBAL 2.16 ms [2.105 ms, 2.215 ms] 686.143 µs (46.6%)
profiling 1.981 ms [1.936 ms, 2.026 ms] 506.987 µs (34.4%)
tracing 1.95 ms [1.908 ms, 1.993 ms] 476.621 µs (32.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.473 ms [1.462 ms, 1.485 ms] -
appsec 2.37 ms [2.326 ms, 2.413 ms] 896.54 µs (60.8%)
iast 2.119 ms [2.064 ms, 2.174 ms] 645.49 µs (43.8%)
iast_GLOBAL 2.162 ms [2.107 ms, 2.217 ms] 688.697 µs (46.7%)
profiling 1.995 ms [1.95 ms, 2.04 ms] 521.795 µs (35.4%)
tracing 1.954 ms [1.912 ms, 1.996 ms] 480.747 µs (32.6%)

@jandro996 jandro996 marked this pull request as ready for review January 16, 2025 08:23
@jandro996 jandro996 requested a review from a team as a code owner January 16, 2025 08:23
smola
smola approved these changes Jan 16, 2025
View reviewed changes
Copy link
Member

@smola smola left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. To be approved in the next IAST sync or with the IAST working group before merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mariovido Mariovido Mariovido approved these changes

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@smola smola smola approved these changes

@ValentinZakharov ValentinZakharov Awaiting requested review from ValentinZakharov ValentinZakharov is a code owner automatically assigned from DataDog/asm-java

Assignees
No one assigned
Labels
comp: asm iast Application Security Management (IAST) type: enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jandro996 @smola @manuel-alvarez-alvarez @Mariovido