Skip to content

Extract Jersey json body response schemas #9014

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: malvarez/vertx-response-extraction
Choose a base branch
from
Draft

Extract Jersey json body response schemas #9014

wants to merge 3 commits into from

Conversation

jandro996
Copy link
Member

What Does This Do

Adds response body extraction for Jersey JSON endpoints to enable automatic API schema discovery and protection by the Web Application Firewall (WAF).

Motivation

Additional Notes

Contributor Checklist

Jira ticket: [PROJ-IDENT]

@jandro996 jandro996 added type: enhancement inst: jax-ws JAX-WS instrumentation comp: asm waf Application Security Management (WAF) labels Jun 20, 2025
@jandro996 jandro996 force-pushed the alejandro.gonzalez/api-sec-jersey-response-schema branch from 3c78ad2 to 2aeb457 Compare June 20, 2025 07:14
@pr-commenter
Copy link

pr-commenter bot commented Jun 20, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/api-sec-jersey-response-schema
git_commit_date 1750407702 1750416401
git_commit_sha 6db7d82 db385e8
release_version 1.50.0-SNAPSHOT~6db7d82c6e 1.50.0-SNAPSHOT~db385e8686
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1750418094 1750418094
ci_job_id 991023741 991023741
ci_pipeline_id 68297860 68297860
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-emldojjo-project-304-concurrent-0-gdqu3gcv 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-emldojjo-project-304-concurrent-0-gdqu3gcv 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 1 performance regressions! Performance is the same for 41 metrics, 11 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:startup:petclinic:profiling:AppSec worse
[+2.245ms; +3.477ms] or [+3.633%; +5.625%]		 64.664ms 61.803ms
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.50.0-SNAPSHOT~db385e8686, baseline=1.50.0-SNAPSHOT~6db7d82c6e

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.027 s) : 0, 1027117
Total [baseline] (8.569 s) : 0, 8569163
Agent [candidate] (1.028 s) : 0, 1028051
Total [candidate] (8.537 s) : 0, 8537472
section iast
Agent [baseline] (1.154 s) : 0, 1154020
Total [baseline] (9.215 s) : 0, 9215124
Agent [candidate] (1.157 s) : 0, 1156924
Total [candidate] (9.247 s) : 0, 9246735
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.027 s -
Agent iast 1.154 s 126.903 ms (12.4%)
Total tracing 8.569 s -
Total iast 9.215 s 645.961 ms (7.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.028 s -
Agent iast 1.157 s 128.873 ms (12.5%)
Total tracing 8.537 s -
Total iast 9.247 s 709.263 ms (8.3%) 
gantt
    title insecure-bank - break down per module: candidate=1.50.0-SNAPSHOT~db385e8686, baseline=1.50.0-SNAPSHOT~6db7d82c6e

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (687.179 ms) : 0, 687179
BytebuddyAgent [candidate] (684.578 ms) : 0, 684578
GlobalTracer [baseline] (241.508 ms) : 0, 241508
GlobalTracer [candidate] (241.175 ms) : 0, 241175
AppSec [baseline] (57.874 ms) : 0, 57874
AppSec [candidate] (58.595 ms) : 0, 58595
Debugger [baseline] (7.906 ms) : 0, 7906
Debugger [candidate] (6.97 ms) : 0, 6970
Remote Config [baseline] (668.004 µs) : 0, 668
Remote Config [candidate] (673.231 µs) : 0, 673
Telemetry [baseline] (11.121 ms) : 0, 11121
Telemetry [candidate] (12.621 ms) : 0, 12621
section iast
BytebuddyAgent [baseline] (806.986 ms) : 0, 806986
BytebuddyAgent [candidate] (805.408 ms) : 0, 805408
GlobalTracer [baseline] (232.094 ms) : 0, 232094
GlobalTracer [candidate] (231.778 ms) : 0, 231778
AppSec [baseline] (50.748 ms) : 0, 50748
AppSec [candidate] (53.951 ms) : 0, 53951
Debugger [baseline] (5.977 ms) : 0, 5977
Debugger [candidate] (5.968 ms) : 0, 5968
Remote Config [baseline] (601.382 µs) : 0, 601
Remote Config [candidate] (582.435 µs) : 0, 582
Telemetry [baseline] (8.277 ms) : 0, 8277
Telemetry [candidate] (7.877 ms) : 0, 7877
IAST [baseline] (28.551 ms) : 0, 28551
IAST [candidate] (27.893 ms) : 0, 27893
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.50.0-SNAPSHOT~db385e8686, baseline=1.50.0-SNAPSHOT~6db7d82c6e

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.026 s) : 0, 1026183
Total [baseline] (10.7 s) : 0, 10699585
Agent [candidate] (1.038 s) : 0, 1037576
Total [candidate] (10.652 s) : 0, 10651639
section appsec
Agent [baseline] (1.2 s) : 0, 1200358
Total [baseline] (10.831 s) : 0, 10831380
Agent [candidate] (1.183 s) : 0, 1182511
Total [candidate] (10.715 s) : 0, 10714984
section iast
Agent [baseline] (1.163 s) : 0, 1162562
Total [baseline] (10.839 s) : 0, 10838545
Agent [candidate] (1.166 s) : 0, 1166335
Total [candidate] (10.925 s) : 0, 10924561
section profiling
Agent [baseline] (1.27 s) : 0, 1270462
Total [baseline] (11.02 s) : 0, 11020423
Agent [candidate] (1.272 s) : 0, 1272447
Total [candidate] (10.893 s) : 0, 10892941
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.026 s -
Agent appsec 1.2 s 174.176 ms (17.0%)
Agent iast 1.163 s 136.38 ms (13.3%)
Agent profiling 1.27 s 244.28 ms (23.8%)
Total tracing 10.7 s -
Total appsec 10.831 s 131.795 ms (1.2%)
Total iast 10.839 s 138.96 ms (1.3%)
Total profiling 11.02 s 320.838 ms (3.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.038 s -
Agent appsec 1.183 s 144.935 ms (14.0%)
Agent iast 1.166 s 128.759 ms (12.4%)
Agent profiling 1.272 s 234.871 ms (22.6%)
Total tracing 10.652 s -
Total appsec 10.715 s 63.345 ms (0.6%)
Total iast 10.925 s 272.922 ms (2.6%)
Total profiling 10.893 s 241.303 ms (2.3%) 
gantt
    title petclinic - break down per module: candidate=1.50.0-SNAPSHOT~db385e8686, baseline=1.50.0-SNAPSHOT~6db7d82c6e

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (686.95 ms) : 0, 686950
BytebuddyAgent [candidate] (691.631 ms) : 0, 691631
GlobalTracer [baseline] (242.125 ms) : 0, 242125
GlobalTracer [candidate] (242.996 ms) : 0, 242996
AppSec [baseline] (59.381 ms) : 0, 59381
AppSec [candidate] (61.977 ms) : 0, 61977
Debugger [baseline] (7.114 ms) : 0, 7114
Debugger [candidate] (6.252 ms) : 0, 6252
Remote Config [baseline] (668.832 µs) : 0, 669
Remote Config [candidate] (680.3 µs) : 0, 680
Telemetry [baseline] (8.999 ms) : 0, 8999
Telemetry [candidate] (10.398 ms) : 0, 10398
section appsec
BytebuddyAgent [baseline] (725.393 ms) : 0, 725393
BytebuddyAgent [candidate] (708.163 ms) : 0, 708163
GlobalTracer [baseline] (240.171 ms) : 0, 240171
GlobalTracer [candidate] (235.59 ms) : 0, 235590
AppSec [baseline] (177.219 ms) : 0, 177219
AppSec [candidate] (179.727 ms) : 0, 179727
Debugger [baseline] (5.984 ms) : 0, 5984
Debugger [candidate] (5.847 ms) : 0, 5847
Remote Config [baseline] (639.468 µs) : 0, 639
Remote Config [candidate] (647.02 µs) : 0, 647
Telemetry [baseline] (7.264 ms) : 0, 7264
Telemetry [candidate] (7.273 ms) : 0, 7273
IAST [baseline] (22.532 ms) : 0, 22532
IAST [candidate] (21.772 ms) : 0, 21772
section iast
BytebuddyAgent [baseline] (813.344 ms) : 0, 813344
BytebuddyAgent [candidate] (811.824 ms) : 0, 811824
GlobalTracer [baseline] (233.815 ms) : 0, 233815
GlobalTracer [candidate] (233.118 ms) : 0, 233118
AppSec [baseline] (53.443 ms) : 0, 53443
AppSec [candidate] (55.833 ms) : 0, 55833
Debugger [baseline] (6.014 ms) : 0, 6014
Debugger [candidate] (6.035 ms) : 0, 6035
Remote Config [baseline] (619.088 µs) : 0, 619
Remote Config [candidate] (618.646 µs) : 0, 619
Telemetry [baseline] (8.102 ms) : 0, 8102
Telemetry [candidate] (7.985 ms) : 0, 7985
IAST [baseline] (26.252 ms) : 0, 26252
IAST [candidate] (27.354 ms) : 0, 27354
section profiling
ProfilingAgent [baseline] (105.041 ms) : 0, 105041
ProfilingAgent [candidate] (107.493 ms) : 0, 107493
BytebuddyAgent [baseline] (678.391 ms) : 0, 678391
BytebuddyAgent [candidate] (675.112 ms) : 0, 675112
GlobalTracer [baseline] (361.587 ms) : 0, 361587
GlobalTracer [candidate] (359.288 ms) : 0, 359288
AppSec [baseline] (61.803 ms) : 0, 61803
AppSec [candidate] (64.664 ms) : 0, 64664
Debugger [baseline] (6.136 ms) : 0, 6136
Debugger [candidate] (6.257 ms) : 0, 6257
Remote Config [baseline] (701.369 µs) : 0, 701
Remote Config [candidate] (674.806 µs) : 0, 675
Telemetry [baseline] (8.229 ms) : 0, 8229
Telemetry [candidate] (8.245 ms) : 0, 8245
Profiling [baseline] (105.066 ms) : 0, 105066
Profiling [candidate] (107.519 ms) : 0, 107519
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2025-06-20T10:55:06 2025-06-20T11:02:09
git_branch master alejandro.gonzalez/api-sec-jersey-response-schema
git_commit_date 1750407702 1750416401
git_commit_sha 6db7d82 db385e8
release_version 1.50.0-SNAPSHOT~6db7d82c6e 1.50.0-SNAPSHOT~db385e8686
start_time 2025-06-20T10:54:52 2025-06-20T11:01:55
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1750417961 1750417961
ci_job_id 991023742 991023742
ci_pipeline_id 68297860 68297860
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-emldojjo-project-304-concurrent-1-raxakna3 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-emldojjo-project-304-concurrent-1-raxakna3 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
thresholds_or_results results results
variant iast iast

Summary

Found 2 performance improvements and 3 performance regressions! Performance is the same for 3 metrics, 8 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:petclinic:code_origins worse
[+6.997ms; +7.565ms] or [+22.300%; +24.110%]		 unstable
[-44.382op/s; -3.733op/s] or [-30.335%; -2.551%]		 38.657ms 122.250op/s 31.376ms 146.308op/s
scenario:load:petclinic:iast worse
[+20.997ms; +21.471ms] or [+199.434%; +203.933%]		 worse
[-342.676op/s; -296.976op/s] or [-72.957%; -63.227%]		 31.762ms 149.870op/s 10.528ms 469.695op/s
scenario:load:petclinic:no_agent better
[-1.879ms; -1.810ms] or [-19.586%; -18.873%]		 better
[+93.582op/s; +144.001op/s] or [+18.132%; +27.900%]		 7.748ms 634.921op/s 9.592ms 516.129op/s

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/api-sec-jersey-response-schema
git_commit_date 1750407702 1750416401
git_commit_sha 6db7d82 db385e8
release_version 1.50.0-SNAPSHOT~6db7d82c6e 1.50.0-SNAPSHOT~db385e8686
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1750418407 1750418407
ci_job_id 991023743 991023743
ci_pipeline_id 68297860 68297860
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-ryqa4trd-project-304-concurrent-0-dk0wtihk 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-ryqa4trd-project-304-concurrent-0-dk0wtihk 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~db385e8686, baseline=1.50.0-SNAPSHOT~6db7d82c6e
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.475 ms) : 1464, 1487
.   : milestone, 1475,
appsec (2.406 ms) : 2358, 2455
.   : milestone, 2406,
iast (2.181 ms) : 2120, 2242
.   : milestone, 2181,
iast_GLOBAL (2.233 ms) : 2172, 2295
.   : milestone, 2233,
profiling (2.04 ms) : 1990, 2090
.   : milestone, 2040,
tracing (2.005 ms) : 1958, 2053
.   : milestone, 2005,
section candidate
no_agent (1.476 ms) : 1464, 1488
.   : milestone, 1476,
appsec (2.406 ms) : 2357, 2455
.   : milestone, 2406,
iast (2.2 ms) : 2138, 2262
.   : milestone, 2200,
iast_GLOBAL (2.229 ms) : 2167, 2291
.   : milestone, 2229,
profiling (2.043 ms) : 1993, 2093
.   : milestone, 2043,
tracing (2.008 ms) : 1960, 2056
.   : milestone, 2008,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.475 ms [1.464 ms, 1.487 ms] -
appsec 2.406 ms [2.358 ms, 2.455 ms] 931.246 µs (63.1%)
iast 2.181 ms [2.12 ms, 2.242 ms] 705.856 µs (47.8%)
iast_GLOBAL 2.233 ms [2.172 ms, 2.295 ms] 758.185 µs (51.4%)
profiling 2.04 ms [1.99 ms, 2.09 ms] 564.975 µs (38.3%)
tracing 2.005 ms [1.958 ms, 2.053 ms] 530.242 µs (35.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.476 ms [1.464 ms, 1.488 ms] -
appsec 2.406 ms [2.357 ms, 2.455 ms] 929.86 µs (63.0%)
iast 2.2 ms [2.138 ms, 2.262 ms] 723.899 µs (49.0%)
iast_GLOBAL 2.229 ms [2.167 ms, 2.291 ms] 752.618 µs (51.0%)
profiling 2.043 ms [1.993 ms, 2.093 ms] 567.25 µs (38.4%)
tracing 2.008 ms [1.96 ms, 2.056 ms] 531.844 µs (36.0%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~db385e8686, baseline=1.50.0-SNAPSHOT~6db7d82c6e
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.618 s) : 15618000, 15618000
.   : milestone, 15618000,
appsec (14.839 s) : 14839000, 14839000
.   : milestone, 14839000,
iast (18.268 s) : 18268000, 18268000
.   : milestone, 18268000,
iast_GLOBAL (18.053 s) : 18053000, 18053000
.   : milestone, 18053000,
profiling (15.913 s) : 15913000, 15913000
.   : milestone, 15913000,
tracing (14.788 s) : 14788000, 14788000
.   : milestone, 14788000,
section candidate
no_agent (14.987 s) : 14987000, 14987000
.   : milestone, 14987000,
appsec (15.009 s) : 15009000, 15009000
.   : milestone, 15009000,
iast (18.921 s) : 18921000, 18921000
.   : milestone, 18921000,
iast_GLOBAL (18.228 s) : 18228000, 18228000
.   : milestone, 18228000,
profiling (15.332 s) : 15332000, 15332000
.   : milestone, 15332000,
tracing (14.85 s) : 14850000, 14850000
.   : milestone, 14850000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.618 s [15.618 s, 15.618 s] -
appsec 14.839 s [14.839 s, 14.839 s] -779.0 ms (-5.0%)
iast 18.268 s [18.268 s, 18.268 s] 2.65 s (17.0%)
iast_GLOBAL 18.053 s [18.053 s, 18.053 s] 2.435 s (15.6%)
profiling 15.913 s [15.913 s, 15.913 s] 295.0 ms (1.9%)
tracing 14.788 s [14.788 s, 14.788 s] -830.0 ms (-5.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.987 s [14.987 s, 14.987 s] -
appsec 15.009 s [15.009 s, 15.009 s] 22.0 ms (0.1%)
iast 18.921 s [18.921 s, 18.921 s] 3.934 s (26.2%)
iast_GLOBAL 18.228 s [18.228 s, 18.228 s] 3.241 s (21.6%)
profiling 15.332 s [15.332 s, 15.332 s] 345.0 ms (2.3%)
tracing 14.85 s [14.85 s, 14.85 s] -137.0 ms (-0.9%)

@jandro996 jandro996 changed the title Extract Jersdey json body response schemas Extract Jersey json body response schemas Jun 20, 2025
@jandro996 jandro996 mentioned this pull request Jun 20, 2025
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manuel-alvarez-alvarez manuel-alvarez-alvarez Awaiting requested review from manuel-alvarez-alvarez

Assignees
No one assigned
Labels
comp: asm waf Application Security Management (WAF) inst: jax-ws JAX-WS instrumentation type: enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jandro996