-
Notifications
You must be signed in to change notification settings - Fork 279
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exclude net.jodah.failsafe from IAST #6200
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 54 cases. Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.24.0-SNAPSHOT~38c994e825, baseline=1.24.0-SNAPSHOT~3fb888b81b
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.034 s) : 0, 1033771
Total [baseline] (8.781 s) : 0, 8780524
Agent [candidate] (1.036 s) : 0, 1036257
Total [candidate] (8.759 s) : 0, 8758852
section iast
Agent [baseline] (1.151 s) : 0, 1151092
Total [baseline] (9.291 s) : 0, 9291459
Agent [candidate] (1.154 s) : 0, 1153735
Total [candidate] (9.314 s) : 0, 9313978
section iast_TELEMETRY_OFF
Agent [baseline] (1.142 s) : 0, 1141582
Total [baseline] (9.269 s) : 0, 9268889
Agent [candidate] (1.145 s) : 0, 1145054
Total [candidate] (9.272 s) : 0, 9272154
gantt
title insecure-bank - break down per module: candidate=1.24.0-SNAPSHOT~38c994e825, baseline=1.24.0-SNAPSHOT~3fb888b81b
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (644.632 ms) : 0, 644632
BytebuddyAgent [candidate] (646.407 ms) : 0, 646407
GlobalTracer [baseline] (294.177 ms) : 0, 294177
GlobalTracer [candidate] (294.567 ms) : 0, 294567
AppSec [baseline] (48.666 ms) : 0, 48666
AppSec [candidate] (48.814 ms) : 0, 48814
Remote Config [baseline] (698.599 µs) : 0, 699
Remote Config [candidate] (695.95 µs) : 0, 696
Telemetry [baseline] (11.271 ms) : 0, 11271
Telemetry [candidate] (11.321 ms) : 0, 11321
section iast
BytebuddyAgent [baseline] (764.51 ms) : 0, 764510
BytebuddyAgent [candidate] (765.431 ms) : 0, 765431
GlobalTracer [baseline] (274.025 ms) : 0, 274025
GlobalTracer [candidate] (274.894 ms) : 0, 274894
AppSec [baseline] (46.786 ms) : 0, 46786
AppSec [candidate] (46.793 ms) : 0, 46793
Remote Config [baseline] (572.226 µs) : 0, 572
Remote Config [candidate] (577.028 µs) : 0, 577
Telemetry [baseline] (13.238 ms) : 0, 13238
Telemetry [candidate] (14.671 ms) : 0, 14671
IAST [baseline] (17.494 ms) : 0, 17494
IAST [candidate] (16.939 ms) : 0, 16939
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (756.464 ms) : 0, 756464
BytebuddyAgent [candidate] (758.65 ms) : 0, 758650
GlobalTracer [baseline] (273.536 ms) : 0, 273536
GlobalTracer [candidate] (274.231 ms) : 0, 274231
AppSec [baseline] (46.788 ms) : 0, 46788
AppSec [candidate] (46.626 ms) : 0, 46626
Remote Config [baseline] (563.978 µs) : 0, 564
Remote Config [candidate] (556.849 µs) : 0, 557
Telemetry [baseline] (11.789 ms) : 0, 11789
Telemetry [candidate] (13.939 ms) : 0, 13939
IAST [baseline] (18.03 ms) : 0, 18030
IAST [candidate] (16.644 ms) : 0, 16644
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.24.0-SNAPSHOT~38c994e825, baseline=1.24.0-SNAPSHOT~3fb888b81b
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.034 s) : 0, 1034440
Total [baseline] (9.267 s) : 0, 9267002
Agent [candidate] (1.036 s) : 0, 1035755
Total [candidate] (9.295 s) : 0, 9295074
section appsec
Agent [baseline] (1.119 s) : 0, 1119428
Total [baseline] (9.446 s) : 0, 9446484
Agent [candidate] (1.121 s) : 0, 1121339
Total [candidate] (9.423 s) : 0, 9423016
section iast
Agent [baseline] (1.151 s) : 0, 1150562
Total [baseline] (9.476 s) : 0, 9476417
Agent [candidate] (1.153 s) : 0, 1152821
Total [candidate] (9.544 s) : 0, 9544293
section profiling
Agent [baseline] (1.216 s) : 0, 1216067
Total [baseline] (9.507 s) : 0, 9507387
Agent [candidate] (1.219 s) : 0, 1218743
Total [candidate] (9.508 s) : 0, 9507557
gantt
title petclinic - break down per module: candidate=1.24.0-SNAPSHOT~38c994e825, baseline=1.24.0-SNAPSHOT~3fb888b81b
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (645.383 ms) : 0, 645383
BytebuddyAgent [candidate] (645.374 ms) : 0, 645374
GlobalTracer [baseline] (293.785 ms) : 0, 293785
GlobalTracer [candidate] (294.984 ms) : 0, 294984
AppSec [baseline] (48.709 ms) : 0, 48709
AppSec [candidate] (49.016 ms) : 0, 49016
Remote Config [baseline] (695.884 µs) : 0, 696
Remote Config [candidate] (689.375 µs) : 0, 689
Telemetry [baseline] (11.44 ms) : 0, 11440
Telemetry [candidate] (11.315 ms) : 0, 11315
section appsec
BytebuddyAgent [baseline] (645.296 ms) : 0, 645296
BytebuddyAgent [candidate] (646.039 ms) : 0, 646039
GlobalTracer [baseline] (293.479 ms) : 0, 293479
GlobalTracer [candidate] (294.686 ms) : 0, 294686
AppSec [baseline] (138.72 ms) : 0, 138720
AppSec [candidate] (138.777 ms) : 0, 138777
Remote Config [baseline] (640.257 µs) : 0, 640
Remote Config [candidate] (637.256 µs) : 0, 637
Telemetry [baseline] (6.865 ms) : 0, 6865
Telemetry [candidate] (6.852 ms) : 0, 6852
section iast
BytebuddyAgent [baseline] (765.401 ms) : 0, 765401
BytebuddyAgent [candidate] (766.214 ms) : 0, 766214
GlobalTracer [baseline] (273.209 ms) : 0, 273209
GlobalTracer [candidate] (274.903 ms) : 0, 274903
AppSec [baseline] (46.738 ms) : 0, 46738
AppSec [candidate] (47.025 ms) : 0, 47025
Remote Config [baseline] (581.846 µs) : 0, 582
Remote Config [candidate] (580.772 µs) : 0, 581
Telemetry [baseline] (11.166 ms) : 0, 11166
Telemetry [candidate] (11.9 ms) : 0, 11900
IAST [baseline] (18.924 ms) : 0, 18924
IAST [candidate] (17.721 ms) : 0, 17721
section profiling
BytebuddyAgent [baseline] (654.724 ms) : 0, 654724
BytebuddyAgent [candidate] (656.781 ms) : 0, 656781
GlobalTracer [baseline] (357.752 ms) : 0, 357752
GlobalTracer [candidate] (358.566 ms) : 0, 358566
AppSec [baseline] (48.91 ms) : 0, 48910
AppSec [candidate] (48.904 ms) : 0, 48904
Remote Config [baseline] (640.993 µs) : 0, 641
Remote Config [candidate] (642.966 µs) : 0, 643
Telemetry [baseline] (11.256 ms) : 0, 11256
Telemetry [candidate] (11.375 ms) : 0, 11375
ProfilingAgent [baseline] (88.63 ms) : 0, 88630
ProfilingAgent [candidate] (88.154 ms) : 0, 88154
Profiling [baseline] (88.655 ms) : 0, 88655
Profiling [candidate] (88.177 ms) : 0, 88177
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 22 cases. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.24.0-SNAPSHOT~38c994e825, baseline=1.24.0-SNAPSHOT~3fb888b81b
dateFormat X
axisFormat %s
section baseline
no_agent (358.241 µs) : 338, 378
. : milestone, 358,
iast (460.323 µs) : 439, 481
. : milestone, 460,
iast_FULL (518.627 µs) : 498, 539
. : milestone, 519,
iast_INACTIVE (431.946 µs) : 411, 453
. : milestone, 432,
iast_TELEMETRY_OFF (455.452 µs) : 435, 476
. : milestone, 455,
tracing (428.265 µs) : 407, 449
. : milestone, 428,
section candidate
no_agent (361.881 µs) : 341, 382
. : milestone, 362,
iast (461.49 µs) : 441, 482
. : milestone, 461,
iast_FULL (513.742 µs) : 493, 534
. : milestone, 514,
iast_INACTIVE (432.845 µs) : 412, 454
. : milestone, 433,
iast_TELEMETRY_OFF (454.989 µs) : 434, 476
. : milestone, 455,
tracing (429.245 µs) : 408, 451
. : milestone, 429,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.24.0-SNAPSHOT~38c994e825, baseline=1.24.0-SNAPSHOT~3fb888b81b
dateFormat X
axisFormat %s
section baseline
no_agent (1.343 ms) : 1324, 1362
. : milestone, 1343,
appsec (1.701 ms) : 1677, 1726
. : milestone, 1701,
iast (1.468 ms) : 1443, 1492
. : milestone, 1468,
profiling (1.469 ms) : 1442, 1495
. : milestone, 1469,
tracing (1.469 ms) : 1445, 1493
. : milestone, 1469,
section candidate
no_agent (1.34 ms) : 1321, 1359
. : milestone, 1340,
appsec (1.699 ms) : 1675, 1724
. : milestone, 1699,
iast (1.48 ms) : 1456, 1504
. : milestone, 1480,
profiling (1.47 ms) : 1444, 1495
. : milestone, 1470,
tracing (1.438 ms) : 1414, 1462
. : milestone, 1438,
|
manuel-alvarez-alvarez
approved these changes
Nov 13, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Exclude
net.jodah.failsafe.*
from IAST instrumentation.Motivation
Leads to weak randomness false positive, and it is unlikely we find other vulnerabilities here, so avoid the performance overhead.
Additional Notes
Jira ticket: APPSEC-12195