-
Notifications
You must be signed in to change notification settings - Fork 278
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Collect common WAF request header values by default #7010
Merged
manuel-alvarez-alvarez
merged 1 commit into
master
from
malvarez/asm-extra-header-collection
May 13, 2024
Merged
Collect common WAF request header values by default #7010
manuel-alvarez-alvarez
merged 1 commit into
master
from
malvarez/asm-extra-header-collection
May 13, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 50 metrics, 13 unstable metrics. Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.35.0-SNAPSHOT~4f60289bc2, baseline=1.35.0-SNAPSHOT~f6f57a6190
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.077 s) : 0, 1076682
Total [baseline] (8.57 s) : 0, 8569507
Agent [candidate] (1.086 s) : 0, 1086072
Total [candidate] (8.561 s) : 0, 8561056
section iast
Agent [baseline] (1.203 s) : 0, 1202684
Total [baseline] (9.034 s) : 0, 9034208
Agent [candidate] (1.212 s) : 0, 1212260
Total [candidate] (9.033 s) : 0, 9033443
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.203 s) : 0, 1203060
Total [baseline] (8.996 s) : 0, 8996228
Agent [candidate] (1.212 s) : 0, 1211743
Total [candidate] (9.004 s) : 0, 9004212
section iast_TELEMETRY_OFF
Agent [baseline] (1.208 s) : 0, 1207555
Total [baseline] (9.028 s) : 0, 9028345
Agent [candidate] (1.203 s) : 0, 1202839
Total [candidate] (9.076 s) : 0, 9075968
gantt
title insecure-bank - break down per module: candidate=1.35.0-SNAPSHOT~4f60289bc2, baseline=1.35.0-SNAPSHOT~f6f57a6190
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (673.649 ms) : 0, 673649
BytebuddyAgent [candidate] (679.911 ms) : 0, 679911
GlobalTracer [baseline] (311.129 ms) : 0, 311129
GlobalTracer [candidate] (313.458 ms) : 0, 313458
AppSec [baseline] (49.402 ms) : 0, 49402
AppSec [candidate] (49.754 ms) : 0, 49754
Remote Config [baseline] (659.451 µs) : 0, 659
Remote Config [candidate] (655.726 µs) : 0, 656
Telemetry [baseline] (7.533 ms) : 0, 7533
Telemetry [candidate] (7.63 ms) : 0, 7630
section iast
BytebuddyAgent [baseline] (794.904 ms) : 0, 794904
BytebuddyAgent [candidate] (801.723 ms) : 0, 801723
GlobalTracer [baseline] (291.362 ms) : 0, 291362
GlobalTracer [candidate] (293.134 ms) : 0, 293134
AppSec [baseline] (51.539 ms) : 0, 51539
AppSec [candidate] (49.467 ms) : 0, 49467
Remote Config [baseline] (596.327 µs) : 0, 596
Remote Config [candidate] (1.371 ms) : 0, 1371
Telemetry [baseline] (6.642 ms) : 0, 6642
Telemetry [candidate] (6.639 ms) : 0, 6639
IAST [baseline] (23.219 ms) : 0, 23219
IAST [candidate] (25.183 ms) : 0, 25183
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (794.417 ms) : 0, 794417
BytebuddyAgent [candidate] (801.107 ms) : 0, 801107
GlobalTracer [baseline] (291.019 ms) : 0, 291019
GlobalTracer [candidate] (293.467 ms) : 0, 293467
AppSec [baseline] (53.852 ms) : 0, 53852
AppSec [candidate] (50.7 ms) : 0, 50700
Remote Config [baseline] (613.053 µs) : 0, 613
Remote Config [candidate] (599.93 µs) : 0, 600
Telemetry [baseline] (6.778 ms) : 0, 6778
Telemetry [candidate] (6.653 ms) : 0, 6653
IAST [baseline] (22.018 ms) : 0, 22018
IAST [candidate] (24.566 ms) : 0, 24566
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (797.317 ms) : 0, 797317
BytebuddyAgent [candidate] (793.584 ms) : 0, 793584
GlobalTracer [baseline] (292.756 ms) : 0, 292756
GlobalTracer [candidate] (291.918 ms) : 0, 291918
AppSec [baseline] (50.837 ms) : 0, 50837
AppSec [candidate] (50.024 ms) : 0, 50024
Remote Config [baseline] (602.857 µs) : 0, 603
Remote Config [candidate] (593.54 µs) : 0, 594
Telemetry [baseline] (7.409 ms) : 0, 7409
Telemetry [candidate] (7.299 ms) : 0, 7299
IAST [baseline] (24.097 ms) : 0, 24097
IAST [candidate] (25.047 ms) : 0, 25047
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.35.0-SNAPSHOT~4f60289bc2, baseline=1.35.0-SNAPSHOT~f6f57a6190
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.08 s) : 0, 1080009
Total [baseline] (10.429 s) : 0, 10428609
Agent [candidate] (1.077 s) : 0, 1077057
Total [candidate] (10.366 s) : 0, 10365998
section appsec
Agent [baseline] (1.203 s) : 0, 1202925
Total [baseline] (10.502 s) : 0, 10501646
Agent [candidate] (1.205 s) : 0, 1205364
Total [candidate] (10.494 s) : 0, 10494193
section iast
Agent [baseline] (1.211 s) : 0, 1211439
Total [baseline] (10.763 s) : 0, 10762570
Agent [candidate] (1.21 s) : 0, 1210158
Total [candidate] (10.901 s) : 0, 10901364
section profiling
Agent [baseline] (1.27 s) : 0, 1269787
Total [baseline] (10.653 s) : 0, 10652683
Agent [candidate] (1.279 s) : 0, 1278790
Total [candidate] (10.645 s) : 0, 10644932
gantt
title petclinic - break down per module: candidate=1.35.0-SNAPSHOT~4f60289bc2, baseline=1.35.0-SNAPSHOT~f6f57a6190
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (675.398 ms) : 0, 675398
BytebuddyAgent [candidate] (674.258 ms) : 0, 674258
GlobalTracer [baseline] (312.011 ms) : 0, 312011
GlobalTracer [candidate] (310.823 ms) : 0, 310823
AppSec [baseline] (49.872 ms) : 0, 49872
AppSec [candidate] (49.433 ms) : 0, 49433
Remote Config [baseline] (666.68 µs) : 0, 667
Remote Config [candidate] (653.63 µs) : 0, 654
Telemetry [baseline] (7.639 ms) : 0, 7639
Telemetry [candidate] (7.55 ms) : 0, 7550
section appsec
BytebuddyAgent [baseline] (700.845 ms) : 0, 700845
BytebuddyAgent [candidate] (702.107 ms) : 0, 702107
GlobalTracer [baseline] (295.325 ms) : 0, 295325
GlobalTracer [candidate] (295.885 ms) : 0, 295885
AppSec [baseline] (153.241 ms) : 0, 153241
AppSec [candidate] (153.15 ms) : 0, 153150
Remote Config [baseline] (620.901 µs) : 0, 621
Remote Config [candidate] (620.957 µs) : 0, 621
Telemetry [baseline] (8.498 ms) : 0, 8498
Telemetry [candidate] (9.207 ms) : 0, 9207
IAST [baseline] (19.553 ms) : 0, 19553
IAST [candidate] (19.536 ms) : 0, 19536
section iast
BytebuddyAgent [baseline] (801.548 ms) : 0, 801548
BytebuddyAgent [candidate] (799.862 ms) : 0, 799862
GlobalTracer [baseline] (293.021 ms) : 0, 293021
GlobalTracer [candidate] (292.935 ms) : 0, 292935
AppSec [baseline] (49.899 ms) : 0, 49899
AppSec [candidate] (50.635 ms) : 0, 50635
Remote Config [baseline] (651.201 µs) : 0, 651
Remote Config [candidate] (1.391 ms) : 0, 1391
Telemetry [baseline] (6.607 ms) : 0, 6607
Telemetry [candidate] (6.6 ms) : 0, 6600
IAST [baseline] (25.08 ms) : 0, 25080
IAST [candidate] (24.153 ms) : 0, 24153
section profiling
BytebuddyAgent [baseline] (677.682 ms) : 0, 677682
BytebuddyAgent [candidate] (683.225 ms) : 0, 683225
GlobalTracer [baseline] (381.196 ms) : 0, 381196
GlobalTracer [candidate] (383.823 ms) : 0, 383823
AppSec [baseline] (50.306 ms) : 0, 50306
AppSec [candidate] (50.771 ms) : 0, 50771
Remote Config [baseline] (710.602 µs) : 0, 711
Remote Config [candidate] (720.383 µs) : 0, 720
Telemetry [baseline] (7.521 ms) : 0, 7521
Telemetry [candidate] (7.568 ms) : 0, 7568
ProfilingAgent [baseline] (95.994 ms) : 0, 95994
ProfilingAgent [candidate] (95.768 ms) : 0, 95768
Profiling [baseline] (96.018 ms) : 0, 96018
Profiling [candidate] (95.792 ms) : 0, 95792
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 18 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.35.0-SNAPSHOT~4f60289bc2, baseline=1.35.0-SNAPSHOT~f6f57a6190
dateFormat X
axisFormat %s
section baseline
no_agent (366.882 µs) : 347, 387
. : milestone, 367,
iast (470.068 µs) : 449, 491
. : milestone, 470,
iast_FULL (530.209 µs) : 509, 551
. : milestone, 530,
iast_GLOBAL (487.486 µs) : 467, 508
. : milestone, 487,
iast_HARDCODED_SECRET_DISABLED (465.617 µs) : 445, 486
. : milestone, 466,
iast_INACTIVE (442.733 µs) : 421, 464
. : milestone, 443,
iast_TELEMETRY_OFF (471.979 µs) : 450, 494
. : milestone, 472,
tracing (438.866 µs) : 418, 460
. : milestone, 439,
section candidate
no_agent (369.117 µs) : 349, 389
. : milestone, 369,
iast (464.03 µs) : 443, 485
. : milestone, 464,
iast_FULL (533.223 µs) : 513, 554
. : milestone, 533,
iast_GLOBAL (488.65 µs) : 467, 510
. : milestone, 489,
iast_HARDCODED_SECRET_DISABLED (463.078 µs) : 443, 483
. : milestone, 463,
iast_INACTIVE (452.492 µs) : 432, 473
. : milestone, 452,
iast_TELEMETRY_OFF (465.045 µs) : 443, 487
. : milestone, 465,
tracing (435.11 µs) : 415, 456
. : milestone, 435,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.35.0-SNAPSHOT~4f60289bc2, baseline=1.35.0-SNAPSHOT~f6f57a6190
dateFormat X
axisFormat %s
section baseline
no_agent (1.356 ms) : 1336, 1375
. : milestone, 1356,
appsec (1.722 ms) : 1698, 1745
. : milestone, 1722,
appsec_no_iast (1.728 ms) : 1704, 1751
. : milestone, 1728,
iast (1.452 ms) : 1429, 1475
. : milestone, 1452,
profiling (1.483 ms) : 1459, 1508
. : milestone, 1483,
tracing (1.468 ms) : 1444, 1492
. : milestone, 1468,
section candidate
no_agent (1.336 ms) : 1317, 1355
. : milestone, 1336,
appsec (1.708 ms) : 1684, 1731
. : milestone, 1708,
appsec_no_iast (1.689 ms) : 1665, 1714
. : milestone, 1689,
iast (1.456 ms) : 1433, 1479
. : milestone, 1456,
profiling (1.471 ms) : 1446, 1496
. : milestone, 1471,
tracing (1.47 ms) : 1446, 1493
. : milestone, 1470,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.35.0-SNAPSHOT~4f60289bc2, baseline=1.35.0-SNAPSHOT~f6f57a6190
dateFormat X
axisFormat %s
section baseline
no_agent (15.161 s) : 15161000, 15161000
. : milestone, 15161000,
appsec (14.848 s) : 14848000, 14848000
. : milestone, 14848000,
iast (18.823 s) : 18823000, 18823000
. : milestone, 18823000,
iast_GLOBAL (18.001 s) : 18001000, 18001000
. : milestone, 18001000,
profiling (15.192 s) : 15192000, 15192000
. : milestone, 15192000,
tracing (15.267 s) : 15267000, 15267000
. : milestone, 15267000,
section candidate
no_agent (15.141 s) : 15141000, 15141000
. : milestone, 15141000,
appsec (14.845 s) : 14845000, 14845000
. : milestone, 14845000,
iast (19.175 s) : 19175000, 19175000
. : milestone, 19175000,
iast_GLOBAL (17.843 s) : 17843000, 17843000
. : milestone, 17843000,
profiling (15.279 s) : 15279000, 15279000
. : milestone, 15279000,
tracing (14.907 s) : 14907000, 14907000
. : milestone, 14907000,
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.35.0-SNAPSHOT~4f60289bc2, baseline=1.35.0-SNAPSHOT~f6f57a6190
dateFormat X
axisFormat %s
section baseline
no_agent (1.463 ms) : 1451, 1474
. : milestone, 1463,
appsec (2.209 ms) : 2175, 2243
. : milestone, 2209,
iast (1.894 ms) : 1859, 1930
. : milestone, 1894,
iast_GLOBAL (1.928 ms) : 1892, 1965
. : milestone, 1928,
profiling (1.836 ms) : 1802, 1869
. : milestone, 1836,
tracing (1.83 ms) : 1798, 1863
. : milestone, 1830,
section candidate
no_agent (1.473 ms) : 1462, 1485
. : milestone, 1473,
appsec (2.211 ms) : 2177, 2245
. : milestone, 2211,
iast (1.885 ms) : 1850, 1920
. : milestone, 1885,
iast_GLOBAL (1.93 ms) : 1894, 1966
. : milestone, 1930,
profiling (1.841 ms) : 1809, 1874
. : milestone, 1841,
tracing (1.84 ms) : 1808, 1872
. : milestone, 1840,
|
a78d34c
to
20660ea
Compare
743e1b1
to
657a875
Compare
smola
approved these changes
May 13, 2024
2f79a56
to
5d13bee
Compare
ab74adc
to
4f60289
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Collect common WAF request header values by default
Motivation
https://docs.google.com/document/d/1xf-s6PtSr6heZxmO_QLUtcFzY_X_rT94lRXNq6-Ghws/edit
Additional Notes
Jira ticket: APPSEC-51375