Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply appsec rate limiter on event instead of when request end #7221

Merged
merged 7 commits into from
Jun 26, 2024
Merged

Apply appsec rate limiter on event instead of when request end #7221

merged 7 commits into from
Jun 26, 2024
+171 −134

Conversation

jandro996
Copy link
Member

@jandro996 jandro996 commented Jun 19, 2024
edited
Loading

What Does This Do

  • check rate limiter once per request
  • only waf events are rate limited

Motivation

We need to propagate sampling decision on appsec event, not on request end

Additional Notes

Jira ticket: [PROJ-IDENT]

@pr-commenter
Copy link

pr-commenter bot commented Jun 19, 2024
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/appsec_rate_limiter_on_event
git_commit_date 1719309238 1719315372
git_commit_sha d19ceac 354ccb5
release_version 1.36.0-SNAPSHOT~d19ceac03e 1.36.0-SNAPSHOT~354ccb526a
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1719318461 1719318461
ci_job_id 552516977 552516977
ci_pipeline_id 37494755 37494755
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 51 metrics, 12 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.36.0-SNAPSHOT~354ccb526a, baseline=1.36.0-SNAPSHOT~d19ceac03e

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.073 s) : 0, 1073184
Total [baseline] (10.368 s) : 0, 10368315
Agent [candidate] (1.07 s) : 0, 1070443
Total [candidate] (10.366 s) : 0, 10365564
section appsec
Agent [baseline] (1.194 s) : 0, 1194263
Total [baseline] (10.526 s) : 0, 10526013
Agent [candidate] (1.193 s) : 0, 1193382
Total [candidate] (10.518 s) : 0, 10517625
section iast
Agent [baseline] (1.171 s) : 0, 1171097
Total [baseline] (10.673 s) : 0, 10673139
Agent [candidate] (1.181 s) : 0, 1181422
Total [candidate] (10.795 s) : 0, 10795051
section profiling
Agent [baseline] (1.263 s) : 0, 1263327
Total [baseline] (10.64 s) : 0, 10640367
Agent [candidate] (1.262 s) : 0, 1262120
Total [candidate] (10.642 s) : 0, 10642384
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.073 s -
Agent appsec 1.194 s 121.079 ms (11.3%)
Agent iast 1.171 s 97.913 ms (9.1%)
Agent profiling 1.263 s 190.143 ms (17.7%)
Total tracing 10.368 s -
Total appsec 10.526 s 157.698 ms (1.5%)
Total iast 10.673 s 304.824 ms (2.9%)
Total profiling 10.64 s 272.052 ms (2.6%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.07 s -
Agent appsec 1.193 s 122.939 ms (11.5%)
Agent iast 1.181 s 110.978 ms (10.4%)
Agent profiling 1.262 s 191.677 ms (17.9%)
Total tracing 10.366 s -
Total appsec 10.518 s 152.061 ms (1.5%)
Total iast 10.795 s 429.487 ms (4.1%)
Total profiling 10.642 s 276.82 ms (2.7%) 
gantt
    title petclinic - break down per module: candidate=1.36.0-SNAPSHOT~354ccb526a, baseline=1.36.0-SNAPSHOT~d19ceac03e

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (671.192 ms) : 0, 671192
BytebuddyAgent [candidate] (671.444 ms) : 0, 671444
GlobalTracer [baseline] (308.193 ms) : 0, 308193
GlobalTracer [candidate] (305.86 ms) : 0, 305860
AppSec [baseline] (50.696 ms) : 0, 50696
AppSec [candidate] (50.105 ms) : 0, 50105
Remote Config [baseline] (693.014 µs) : 0, 693
Remote Config [candidate] (687.035 µs) : 0, 687
Telemetry [baseline] (7.741 ms) : 0, 7741
Telemetry [candidate] (7.555 ms) : 0, 7555
section appsec
BytebuddyAgent [baseline] (683.393 ms) : 0, 683393
BytebuddyAgent [candidate] (682.942 ms) : 0, 682942
GlobalTracer [baseline] (300.541 ms) : 0, 300541
GlobalTracer [candidate] (300.444 ms) : 0, 300444
AppSec [baseline] (154.175 ms) : 0, 154175
AppSec [candidate] (154.854 ms) : 0, 154854
Remote Config [baseline] (645.285 µs) : 0, 645
Remote Config [candidate] (648.133 µs) : 0, 648
Telemetry [baseline] (9.538 ms) : 0, 9538
Telemetry [candidate] (8.915 ms) : 0, 8915
IAST [baseline] (22.425 ms) : 0, 22425
IAST [candidate] (21.342 ms) : 0, 21342
section iast
BytebuddyAgent [baseline] (780.262 ms) : 0, 780262
BytebuddyAgent [candidate] (790.667 ms) : 0, 790667
GlobalTracer [baseline] (293.344 ms) : 0, 293344
GlobalTracer [candidate] (295.959 ms) : 0, 295959
AppSec [baseline] (47.153 ms) : 0, 47153
AppSec [candidate] (47.447 ms) : 0, 47447
Remote Config [baseline] (598.015 µs) : 0, 598
Remote Config [candidate] (632.824 µs) : 0, 633
Telemetry [baseline] (7.625 ms) : 0, 7625
Telemetry [candidate] (7.046 ms) : 0, 7046
IAST [baseline] (28.791 ms) : 0, 28791
IAST [candidate] (26.157 ms) : 0, 26157
section profiling
ProfilingAgent [baseline] (96.911 ms) : 0, 96911
ProfilingAgent [candidate] (96.002 ms) : 0, 96002
BytebuddyAgent [baseline] (663.517 ms) : 0, 663517
BytebuddyAgent [candidate] (663.237 ms) : 0, 663237
GlobalTracer [baseline] (386.091 ms) : 0, 386091
GlobalTracer [candidate] (386.435 ms) : 0, 386435
AppSec [baseline] (51.711 ms) : 0, 51711
AppSec [candidate] (51.353 ms) : 0, 51353
Remote Config [baseline] (741.554 µs) : 0, 742
Remote Config [candidate] (728.147 µs) : 0, 728
Telemetry [baseline] (7.419 ms) : 0, 7419
Telemetry [candidate] (7.361 ms) : 0, 7361
Profiling [baseline] (96.936 ms) : 0, 96936
Profiling [candidate] (96.028 ms) : 0, 96028
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.36.0-SNAPSHOT~354ccb526a, baseline=1.36.0-SNAPSHOT~d19ceac03e

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.064 s) : 0, 1063741
Total [baseline] (8.548 s) : 0, 8547827
Agent [candidate] (1.061 s) : 0, 1060639
Total [candidate] (8.535 s) : 0, 8534868
section iast
Agent [baseline] (1.17 s) : 0, 1170416
Total [baseline] (8.995 s) : 0, 8995013
Agent [candidate] (1.182 s) : 0, 1182060
Total [candidate] (9.049 s) : 0, 9049374
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.182 s) : 0, 1181745
Total [baseline] (9.032 s) : 0, 9032191
Agent [candidate] (1.18 s) : 0, 1180058
Total [candidate] (8.989 s) : 0, 8988870
section iast_TELEMETRY_OFF
Agent [baseline] (1.165 s) : 0, 1164843
Total [baseline] (9.029 s) : 0, 9029354
Agent [candidate] (1.17 s) : 0, 1169516
Total [candidate] (9.018 s) : 0, 9017905
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.064 s -
Agent iast 1.17 s 106.675 ms (10.0%)
Agent iast_HARDCODED_SECRET_DISABLED 1.182 s 118.004 ms (11.1%)
Agent iast_TELEMETRY_OFF 1.165 s 101.101 ms (9.5%)
Total tracing 8.548 s -
Total iast 8.995 s 447.186 ms (5.2%)
Total iast_HARDCODED_SECRET_DISABLED 9.032 s 484.364 ms (5.7%)
Total iast_TELEMETRY_OFF 9.029 s 481.527 ms (5.6%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.061 s -
Agent iast 1.182 s 121.421 ms (11.4%)
Agent iast_HARDCODED_SECRET_DISABLED 1.18 s 119.419 ms (11.3%)
Agent iast_TELEMETRY_OFF 1.17 s 108.876 ms (10.3%)
Total tracing 8.535 s -
Total iast 9.049 s 514.506 ms (6.0%)
Total iast_HARDCODED_SECRET_DISABLED 8.989 s 454.002 ms (5.3%)
Total iast_TELEMETRY_OFF 9.018 s 483.037 ms (5.7%) 
gantt
    title insecure-bank - break down per module: candidate=1.36.0-SNAPSHOT~354ccb526a, baseline=1.36.0-SNAPSHOT~d19ceac03e

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (666.753 ms) : 0, 666753
BytebuddyAgent [candidate] (664.701 ms) : 0, 664701
GlobalTracer [baseline] (304.172 ms) : 0, 304172
GlobalTracer [candidate] (303.378 ms) : 0, 303378
AppSec [baseline] (50.126 ms) : 0, 50126
AppSec [candidate] (49.944 ms) : 0, 49944
Remote Config [baseline] (690.813 µs) : 0, 691
Remote Config [candidate] (685.231 µs) : 0, 685
Telemetry [baseline] (7.569 ms) : 0, 7569
Telemetry [candidate] (7.651 ms) : 0, 7651
section iast
BytebuddyAgent [baseline] (782.184 ms) : 0, 782184
BytebuddyAgent [candidate] (787.697 ms) : 0, 787697
GlobalTracer [baseline] (293.142 ms) : 0, 293142
GlobalTracer [candidate] (296.958 ms) : 0, 296958
AppSec [baseline] (46.943 ms) : 0, 46943
AppSec [candidate] (47.541 ms) : 0, 47541
Remote Config [baseline] (644.7 µs) : 0, 645
Remote Config [candidate] (658.274 µs) : 0, 658
Telemetry [baseline] (6.983 ms) : 0, 6983
Telemetry [candidate] (6.897 ms) : 0, 6897
IAST [baseline] (27.234 ms) : 0, 27234
IAST [candidate] (28.911 ms) : 0, 28911
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (788.439 ms) : 0, 788439
BytebuddyAgent [candidate] (786.884 ms) : 0, 786884
GlobalTracer [baseline] (296.519 ms) : 0, 296519
GlobalTracer [candidate] (296.525 ms) : 0, 296525
AppSec [baseline] (47.86 ms) : 0, 47860
AppSec [candidate] (47.554 ms) : 0, 47554
Remote Config [baseline] (640.283 µs) : 0, 640
Remote Config [candidate] (607.442 µs) : 0, 607
Telemetry [baseline] (7.143 ms) : 0, 7143
Telemetry [candidate] (7.622 ms) : 0, 7622
IAST [baseline] (27.688 ms) : 0, 27688
IAST [candidate] (27.415 ms) : 0, 27415
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (776.205 ms) : 0, 776205
BytebuddyAgent [candidate] (779.344 ms) : 0, 779344
GlobalTracer [baseline] (292.991 ms) : 0, 292991
GlobalTracer [candidate] (294.111 ms) : 0, 294111
AppSec [baseline] (47.253 ms) : 0, 47253
AppSec [candidate] (47.052 ms) : 0, 47052
Remote Config [baseline] (592.45 µs) : 0, 592
Remote Config [candidate] (596.018 µs) : 0, 596
Telemetry [baseline] (7.579 ms) : 0, 7579
Telemetry [candidate] (9.192 ms) : 0, 9192
IAST [baseline] (26.886 ms) : 0, 26886
IAST [candidate] (25.848 ms) : 0, 25848
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-06-25T11:58:26 2024-06-25T12:05:16
git_branch master alejandro.gonzalez/appsec_rate_limiter_on_event
git_commit_date 1719309238 1719315372
git_commit_sha d19ceac 354ccb5
release_version 1.36.0-SNAPSHOT~d19ceac03e 1.36.0-SNAPSHOT~354ccb526a
start_time 2024-06-25T11:58:12 2024-06-25T12:05:03
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1719317461 1719317461
ci_job_id 552516978 552516978
ci_pipeline_id 37494755 37494755
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.36.0-SNAPSHOT~354ccb526a, baseline=1.36.0-SNAPSHOT~d19ceac03e
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.341 ms) : 1322, 1360
.   : milestone, 1341,
appsec (1.713 ms) : 1688, 1738
.   : milestone, 1713,
appsec_no_iast (1.721 ms) : 1696, 1746
.   : milestone, 1721,
iast (1.493 ms) : 1470, 1516
.   : milestone, 1493,
profiling (1.532 ms) : 1506, 1557
.   : milestone, 1532,
tracing (1.481 ms) : 1457, 1504
.   : milestone, 1481,
section candidate
no_agent (1.352 ms) : 1333, 1371
.   : milestone, 1352,
appsec (1.72 ms) : 1696, 1743
.   : milestone, 1720,
appsec_no_iast (1.708 ms) : 1683, 1733
.   : milestone, 1708,
iast (1.491 ms) : 1469, 1513
.   : milestone, 1491,
profiling (1.484 ms) : 1459, 1509
.   : milestone, 1484,
tracing (1.465 ms) : 1441, 1489
.   : milestone, 1465,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.341 ms [1.322 ms, 1.36 ms] -
appsec 1.713 ms [1.688 ms, 1.738 ms] 371.719 µs (27.7%)
appsec_no_iast 1.721 ms [1.696 ms, 1.746 ms] 379.938 µs (28.3%)
iast 1.493 ms [1.47 ms, 1.516 ms] 151.425 µs (11.3%)
profiling 1.532 ms [1.506 ms, 1.557 ms] 190.348 µs (14.2%)
tracing 1.481 ms [1.457 ms, 1.504 ms] 139.707 µs (10.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.352 ms [1.333 ms, 1.371 ms] -
appsec 1.72 ms [1.696 ms, 1.743 ms] 368.125 µs (27.2%)
appsec_no_iast 1.708 ms [1.683 ms, 1.733 ms] 356.709 µs (26.4%)
iast 1.491 ms [1.469 ms, 1.513 ms] 139.426 µs (10.3%)
profiling 1.484 ms [1.459 ms, 1.509 ms] 132.331 µs (9.8%)
tracing 1.465 ms [1.441 ms, 1.489 ms] 113.373 µs (8.4%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.36.0-SNAPSHOT~354ccb526a, baseline=1.36.0-SNAPSHOT~d19ceac03e
    dateFormat X
    axisFormat %s
section baseline
no_agent (367.33 µs) : 347, 387
.   : milestone, 367,
iast (488.603 µs) : 467, 510
.   : milestone, 489,
iast_FULL (557.507 µs) : 536, 579
.   : milestone, 558,
iast_GLOBAL (507.542 µs) : 485, 530
.   : milestone, 508,
iast_HARDCODED_SECRET_DISABLED (481.183 µs) : 460, 503
.   : milestone, 481,
iast_INACTIVE (453.92 µs) : 433, 475
.   : milestone, 454,
iast_TELEMETRY_OFF (469.775 µs) : 449, 491
.   : milestone, 470,
tracing (443.775 µs) : 423, 465
.   : milestone, 444,
section candidate
no_agent (376.018 µs) : 355, 397
.   : milestone, 376,
iast (481.07 µs) : 460, 503
.   : milestone, 481,
iast_FULL (551.829 µs) : 530, 573
.   : milestone, 552,
iast_GLOBAL (508.196 µs) : 486, 530
.   : milestone, 508,
iast_HARDCODED_SECRET_DISABLED (479.964 µs) : 458, 502
.   : milestone, 480,
iast_INACTIVE (456.041 µs) : 434, 478
.   : milestone, 456,
iast_TELEMETRY_OFF (470.525 µs) : 449, 492
.   : milestone, 471,
tracing (439.607 µs) : 419, 460
.   : milestone, 440,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 367.33 µs [347.34 µs, 387.32 µs] -
iast 488.603 µs [467.236 µs, 509.97 µs] 121.273 µs (33.0%)
iast_FULL 557.507 µs [536.354 µs, 578.66 µs] 190.177 µs (51.8%)
iast_GLOBAL 507.542 µs [485.339 µs, 529.744 µs] 140.212 µs (38.2%)
iast_HARDCODED_SECRET_DISABLED 481.183 µs [459.774 µs, 502.591 µs] 113.853 µs (31.0%)
iast_INACTIVE 453.92 µs [432.501 µs, 475.339 µs] 86.59 µs (23.6%)
iast_TELEMETRY_OFF 469.775 µs [448.627 µs, 490.923 µs] 102.445 µs (27.9%)
tracing 443.775 µs [422.583 µs, 464.968 µs] 76.445 µs (20.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 376.018 µs [355.0 µs, 397.036 µs] -
iast 481.07 µs [459.624 µs, 502.515 µs] 105.052 µs (27.9%)
iast_FULL 551.829 µs [530.463 µs, 573.196 µs] 175.811 µs (46.8%)
iast_GLOBAL 508.196 µs [486.251 µs, 530.141 µs] 132.178 µs (35.2%)
iast_HARDCODED_SECRET_DISABLED 479.964 µs [458.122 µs, 501.805 µs] 103.946 µs (27.6%)
iast_INACTIVE 456.041 µs [434.456 µs, 477.626 µs] 80.023 µs (21.3%)
iast_TELEMETRY_OFF 470.525 µs [449.237 µs, 491.813 µs] 94.507 µs (25.1%)
tracing 439.607 µs [419.31 µs, 459.903 µs] 63.589 µs (16.9%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/appsec_rate_limiter_on_event
git_commit_date 1719309238 1719315372
git_commit_sha d19ceac 354ccb5
release_version 1.36.0-SNAPSHOT~d19ceac03e 1.36.0-SNAPSHOT~354ccb526a
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1719317997 1719317997
ci_job_id 552516979 552516979
ci_pipeline_id 37494755 37494755
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.36.0-SNAPSHOT~354ccb526a, baseline=1.36.0-SNAPSHOT~d19ceac03e
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.641 s) : 15641000, 15641000
.   : milestone, 15641000,
appsec (15.14 s) : 15140000, 15140000
.   : milestone, 15140000,
iast (18.485 s) : 18485000, 18485000
.   : milestone, 18485000,
iast_GLOBAL (18.01 s) : 18010000, 18010000
.   : milestone, 18010000,
profiling (15.161 s) : 15161000, 15161000
.   : milestone, 15161000,
tracing (15.207 s) : 15207000, 15207000
.   : milestone, 15207000,
section candidate
no_agent (15.154 s) : 15154000, 15154000
.   : milestone, 15154000,
appsec (14.955 s) : 14955000, 14955000
.   : milestone, 14955000,
iast (19.049 s) : 19049000, 19049000
.   : milestone, 19049000,
iast_GLOBAL (18.001 s) : 18001000, 18001000
.   : milestone, 18001000,
profiling (14.806 s) : 14806000, 14806000
.   : milestone, 14806000,
tracing (15.276 s) : 15276000, 15276000
.   : milestone, 15276000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.641 s [15.641 s, 15.641 s] -
appsec 15.14 s [15.14 s, 15.14 s] -501.0 ms (-3.2%)
iast 18.485 s [18.485 s, 18.485 s] 2.844 s (18.2%)
iast_GLOBAL 18.01 s [18.01 s, 18.01 s] 2.369 s (15.1%)
profiling 15.161 s [15.161 s, 15.161 s] -480.0 ms (-3.1%)
tracing 15.207 s [15.207 s, 15.207 s] -434.0 ms (-2.8%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.154 s [15.154 s, 15.154 s] -
appsec 14.955 s [14.955 s, 14.955 s] -199.0 ms (-1.3%)
iast 19.049 s [19.049 s, 19.049 s] 3.895 s (25.7%)
iast_GLOBAL 18.001 s [18.001 s, 18.001 s] 2.847 s (18.8%)
profiling 14.806 s [14.806 s, 14.806 s] -348.0 ms (-2.3%)
tracing 15.276 s [15.276 s, 15.276 s] 122.0 ms (0.8%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.36.0-SNAPSHOT~354ccb526a, baseline=1.36.0-SNAPSHOT~d19ceac03e
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.46 ms) : 1448, 1471
.   : milestone, 1460,
appsec (2.202 ms) : 2168, 2236
.   : milestone, 2202,
iast (1.978 ms) : 1936, 2020
.   : milestone, 1978,
iast_GLOBAL (1.997 ms) : 1956, 2038
.   : milestone, 1997,
profiling (1.859 ms) : 1825, 1893
.   : milestone, 1859,
tracing (1.833 ms) : 1801, 1865
.   : milestone, 1833,
section candidate
no_agent (1.466 ms) : 1454, 1477
.   : milestone, 1466,
appsec (2.225 ms) : 2190, 2259
.   : milestone, 2225,
iast (1.971 ms) : 1930, 2013
.   : milestone, 1971,
iast_GLOBAL (2.005 ms) : 1964, 2046
.   : milestone, 2005,
profiling (1.855 ms) : 1820, 1889
.   : milestone, 1855,
tracing (1.833 ms) : 1801, 1865
.   : milestone, 1833,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.46 ms [1.448 ms, 1.471 ms] -
appsec 2.202 ms [2.168 ms, 2.236 ms] 742.032 µs (50.8%)
iast 1.978 ms [1.936 ms, 2.02 ms] 517.994 µs (35.5%)
iast_GLOBAL 1.997 ms [1.956 ms, 2.038 ms] 537.368 µs (36.8%)
profiling 1.859 ms [1.825 ms, 1.893 ms] 399.441 µs (27.4%)
tracing 1.833 ms [1.801 ms, 1.865 ms] 373.278 µs (25.6%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.466 ms [1.454 ms, 1.477 ms] -
appsec 2.225 ms [2.19 ms, 2.259 ms] 758.808 µs (51.8%)
iast 1.971 ms [1.93 ms, 2.013 ms] 505.541 µs (34.5%)
iast_GLOBAL 2.005 ms [1.964 ms, 2.046 ms] 538.818 µs (36.8%)
profiling 1.855 ms [1.82 ms, 1.889 ms] 389.049 µs (26.5%)
tracing 1.833 ms [1.801 ms, 1.865 ms] 367.409 µs (25.1%)

@jandro996 jandro996 force-pushed the alejandro.gonzalez/appsec_rate_limiter_on_event branch from fa07efa to f0ce538 Compare June 21, 2024 06:31
@jandro996 jandro996 marked this pull request as ready for review June 21, 2024 07:50
@jandro996 jandro996 requested a review from a team as a code owner June 21, 2024 07:50
@jandro996 jandro996 assigned jandro996 and unassigned jandro996 Jun 21, 2024
@jandro996 jandro996 requested a review from smola June 21, 2024 07:50
@jandro996 jandro996 added the comp: asm waf Application Security Management (WAF) label Jun 21, 2024
@jandro996 jandro996 requested a review from smola June 21, 2024 11:21
@jandro996 jandro996 force-pushed the alejandro.gonzalez/appsec_rate_limiter_on_event branch from 612a1d0 to 4960298 Compare June 21, 2024 11:23
@jandro996 jandro996 requested a review from smola June 24, 2024 11:33
@ValentinZakharov
Copy link
Contributor

ValentinZakharov commented Jun 25, 2024
edited
Loading

Can we rename ReteLimiter to WafRateLimiter and move it to com.datadog.appsec.powerwaf to emphasise it's purpose?

ValentinZakharov
ValentinZakharov reviewed Jun 25, 2024
View reviewed changes
dd-java-agent/appsec/src/main/java/com/datadog/appsec/AppSecSystem.java Outdated
@@ -41,6 +41,7 @@ public class AppSecSystem {
private static AppSecConfigServiceImpl APP_SEC_CONFIG_SERVICE;
private static ReplaceableEventProducerService REPLACEABLE_EVENT_PRODUCER; // testing
private static Runnable RESET_SUBSCRIPTION_SERVICE;
private static RateLimiter RATE_LIMITER; // static for testing purpose
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any particular reason to keep RateLimiter in AppSecSystem?
I'd rather move it into PowerWAFModule 🤔

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've moved the RateLimiter to PowerWafModule

@jandro996 jandro996 merged commit 04cda74 into master Jun 26, 2024
82 checks passed
@jandro996 jandro996 deleted the alejandro.gonzalez/appsec_rate_limiter_on_event branch June 26, 2024 05:55
@github-actions github-actions bot added this to the 1.36.0 milestone Jun 26, 2024
@manuel-alvarez-alvarez manuel-alvarez-alvarez mentioned this pull request Jun 27, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smola smola smola approved these changes

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@ValentinZakharov ValentinZakharov ValentinZakharov approved these changes

Assignees

@jandro996 jandro996

Labels
comp: asm waf Application Security Management (WAF)
Projects
None yet
Milestone
1.36.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jandro996 @ValentinZakharov @smola @manuel-alvarez-alvarez