Skip to content

Extract RestEasy json body response schemas #9015

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jul 3, 2025
Merged

Extract RestEasy json body response schemas #9015

merged 6 commits into from
Jul 3, 2025

Conversation

jandro996
Copy link
Member

@jandro996 jandro996 commented Jun 20, 2025
edited by jira bot
Loading

What Does This Do

Adds smoke test to probe that response body extraction for RestEasy JSON endpoints to enable automatic API schema discovery and protection by the Web Application Firewall (WAF) was covered with the instrumentation done in #9014

Motivation

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-57916

@jandro996 jandro996 added type: enhancement Enhancements and improvements comp: asm waf Application Security Management (WAF) labels Jun 20, 2025
@pr-commenter
Copy link

pr-commenter bot commented Jun 20, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/api-sec-resteasy-response-schema
git_commit_date 1751520809 1751522600
git_commit_sha 036f8f1 a511ca0
release_version 1.51.0-SNAPSHOT~036f8f195d 1.51.0-SNAPSHOT~a511ca037f
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1751524397 1751524397
ci_job_id 1011451487 1011451487
ci_pipeline_id 69521238 69521238
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-k8tnt9h8 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-k8tnt9h8 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 45 metrics, 8 unstable metrics.

Startup time reports for insecure-bank
Loading 
gantt
    title insecure-bank - global startup overhead: candidate=1.51.0-SNAPSHOT~a511ca037f, baseline=1.51.0-SNAPSHOT~036f8f195d

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.005 s) : 0, 1004506
Total [baseline] (8.578 s) : 0, 8577897
Agent [candidate] (997.698 ms) : 0, 997698
Total [candidate] (8.581 s) : 0, 8581424
section iast
Agent [baseline] (1.131 s) : 0, 1130614
Total [baseline] (9.278 s) : 0, 9277733
Agent [candidate] (1.134 s) : 0, 1133805
Total [candidate] (9.284 s) : 0, 9284403
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.005 s -
Agent iast 1.131 s 126.107 ms (12.6%)
Total tracing 8.578 s -
Total iast 9.278 s 699.836 ms (8.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 997.698 ms -
Agent iast 1.134 s 136.107 ms (13.6%)
Total tracing 8.581 s -
Total iast 9.284 s 702.979 ms (8.2%)
Loading 
gantt
    title insecure-bank - break down per module: candidate=1.51.0-SNAPSHOT~a511ca037f, baseline=1.51.0-SNAPSHOT~036f8f195d

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (694.099 ms) : 0, 694099
BytebuddyAgent [candidate] (689.14 ms) : 0, 689140
GlobalTracer [baseline] (243.796 ms) : 0, 243796
GlobalTracer [candidate] (242.507 ms) : 0, 242507
AppSec [baseline] (30.638 ms) : 0, 30638
AppSec [candidate] (30.325 ms) : 0, 30325
Debugger [baseline] (6.079 ms) : 0, 6079
Debugger [candidate] (6.039 ms) : 0, 6039
Remote Config [baseline] (677.953 µs) : 0, 678
Remote Config [candidate] (678.717 µs) : 0, 679
Telemetry [baseline] (8.257 ms) : 0, 8257
Telemetry [candidate] (8.211 ms) : 0, 8211
section iast
BytebuddyAgent [baseline] (807.418 ms) : 0, 807418
BytebuddyAgent [candidate] (809.551 ms) : 0, 809551
GlobalTracer [baseline] (233.729 ms) : 0, 233729
GlobalTracer [candidate] (233.276 ms) : 0, 233276
IAST [baseline] (27.776 ms) : 0, 27776
IAST [candidate] (27.166 ms) : 0, 27166
AppSec [baseline] (26.611 ms) : 0, 26611
AppSec [candidate] (28.544 ms) : 0, 28544
Debugger [baseline] (5.803 ms) : 0, 5803
Debugger [candidate] (5.836 ms) : 0, 5836
Remote Config [baseline] (596.566 µs) : 0, 597
Remote Config [candidate] (586.741 µs) : 0, 587
Telemetry [baseline] (7.893 ms) : 0, 7893
Telemetry [candidate] (8.041 ms) : 0, 8041
Startup time reports for petclinic
Loading 
gantt
    title petclinic - global startup overhead: candidate=1.51.0-SNAPSHOT~a511ca037f, baseline=1.51.0-SNAPSHOT~036f8f195d

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (997.677 ms) : 0, 997677
Total [baseline] (10.644 s) : 0, 10644451
Agent [candidate] (997.331 ms) : 0, 997331
Total [candidate] (10.633 s) : 0, 10632975
section appsec
Agent [baseline] (1.186 s) : 0, 1185699
Total [baseline] (10.747 s) : 0, 10746909
Agent [candidate] (1.177 s) : 0, 1176800
Total [candidate] (10.759 s) : 0, 10759241
section iast
Agent [baseline] (1.134 s) : 0, 1134005
Total [baseline] (10.86 s) : 0, 10859740
Agent [candidate] (1.142 s) : 0, 1141689
Total [candidate] (10.875 s) : 0, 10875278
section profiling
Agent [baseline] (1.247 s) : 0, 1246792
Total [baseline] (11.013 s) : 0, 11013414
Agent [candidate] (1.253 s) : 0, 1252623
Total [candidate] (11.08 s) : 0, 11079832
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 997.677 ms -
Agent appsec 1.186 s 188.022 ms (18.8%)
Agent iast 1.134 s 136.328 ms (13.7%)
Agent profiling 1.247 s 249.115 ms (25.0%)
Total tracing 10.644 s -
Total appsec 10.747 s 102.458 ms (1.0%)
Total iast 10.86 s 215.289 ms (2.0%)
Total profiling 11.013 s 368.963 ms (3.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 997.331 ms -
Agent appsec 1.177 s 179.468 ms (18.0%)
Agent iast 1.142 s 144.358 ms (14.5%)
Agent profiling 1.253 s 255.291 ms (25.6%)
Total tracing 10.633 s -
Total appsec 10.759 s 126.266 ms (1.2%)
Total iast 10.875 s 242.303 ms (2.3%)
Total profiling 11.08 s 446.857 ms (4.2%)
Loading 
gantt
    title petclinic - break down per module: candidate=1.51.0-SNAPSHOT~a511ca037f, baseline=1.51.0-SNAPSHOT~036f8f195d

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (689.068 ms) : 0, 689068
BytebuddyAgent [candidate] (688.698 ms) : 0, 688698
GlobalTracer [baseline] (242.737 ms) : 0, 242737
GlobalTracer [candidate] (242.398 ms) : 0, 242398
AppSec [baseline] (30.147 ms) : 0, 30147
AppSec [candidate] (30.392 ms) : 0, 30392
Debugger [baseline] (6.011 ms) : 0, 6011
Debugger [candidate] (6.047 ms) : 0, 6047
Remote Config [baseline] (674.453 µs) : 0, 674
Remote Config [candidate] (678.117 µs) : 0, 678
Telemetry [baseline] (8.196 ms) : 0, 8196
Telemetry [candidate] (8.303 ms) : 0, 8303
section appsec
BytebuddyAgent [baseline] (718.202 ms) : 0, 718202
BytebuddyAgent [candidate] (711.667 ms) : 0, 711667
GlobalTracer [baseline] (237.826 ms) : 0, 237826
GlobalTracer [candidate] (236.174 ms) : 0, 236174
IAST [baseline] (22.443 ms) : 0, 22443
IAST [candidate] (22.084 ms) : 0, 22084
AppSec [baseline] (171.672 ms) : 0, 171672
AppSec [candidate] (171.427 ms) : 0, 171427
Debugger [baseline] (5.778 ms) : 0, 5778
Debugger [candidate] (5.798 ms) : 0, 5798
Remote Config [baseline] (626.743 µs) : 0, 627
Remote Config [candidate] (603.785 µs) : 0, 604
Telemetry [baseline] (8.113 ms) : 0, 8113
Telemetry [candidate] (8.18 ms) : 0, 8180
section iast
BytebuddyAgent [baseline] (809.293 ms) : 0, 809293
BytebuddyAgent [candidate] (815.432 ms) : 0, 815432
GlobalTracer [baseline] (233.939 ms) : 0, 233939
GlobalTracer [candidate] (235.017 ms) : 0, 235017
IAST [baseline] (27.136 ms) : 0, 27136
IAST [candidate] (29.896 ms) : 0, 29896
AppSec [baseline] (28.461 ms) : 0, 28461
AppSec [candidate] (26.08 ms) : 0, 26080
Debugger [baseline] (5.801 ms) : 0, 5801
Debugger [candidate] (5.864 ms) : 0, 5864
Remote Config [baseline] (578.801 µs) : 0, 579
Remote Config [candidate] (585.687 µs) : 0, 586
Telemetry [baseline] (7.958 ms) : 0, 7958
Telemetry [candidate] (8.01 ms) : 0, 8010
section profiling
BytebuddyAgent [baseline] (679.2 ms) : 0, 679200
BytebuddyAgent [candidate] (683.218 ms) : 0, 683218
GlobalTracer [baseline] (362.694 ms) : 0, 362694
GlobalTracer [candidate] (362.836 ms) : 0, 362836
AppSec [baseline] (31.045 ms) : 0, 31045
AppSec [candidate] (32.629 ms) : 0, 32629
Debugger [baseline] (12.685 ms) : 0, 12685
Debugger [candidate] (11.19 ms) : 0, 11190
Remote Config [baseline] (665.265 µs) : 0, 665
Remote Config [candidate] (667.332 µs) : 0, 667
Telemetry [baseline] (8.755 ms) : 0, 8755
Telemetry [candidate] (8.728 ms) : 0, 8728
ProfilingAgent [baseline] (103.124 ms) : 0, 103124
ProfilingAgent [candidate] (104.39 ms) : 0, 104390
Profiling [baseline] (103.148 ms) : 0, 103148
Profiling [candidate] (104.413 ms) : 0, 104413

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/api-sec-resteasy-response-schema
git_commit_date 1751520809 1751522600
git_commit_sha 036f8f1 a511ca0
release_version 1.51.0-SNAPSHOT~036f8f195d 1.51.0-SNAPSHOT~a511ca037f
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1751524080 1751524080
ci_job_id 1011451488 1011451488
ci_pipeline_id 69521238 69521238
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-4fuh6qvh 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-4fuh6qvh 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 2 performance regressions! Performance is the same for 9 metrics, 12 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:petclinic:code_origins:high_load worse
[+1.805ms; +2.657ms] or [+4.063%; +5.983%]		 unstable
[-12.153op/s; +2.078op/s] or [-11.538%; +1.973%]		 46.644ms 100.300op/s 44.413ms 105.338op/s
scenario:load:petclinic:appsec:high_load better
[-3.010ms; -2.123ms] or [-6.285%; -4.433%]		 unstable
[-1.622op/s; +12.622op/s] or [-1.660%; +12.921%]		 45.332ms 103.188op/s 47.898ms 97.688op/s
scenario:load:petclinic:iast:high_load worse
[+0.883ms; +1.733ms] or [+2.023%; +3.968%]		 unstable
[-10.500op/s; +4.200op/s] or [-9.797%; +3.919%]		 44.972ms 104.025op/s 43.664ms 107.175op/s
Request duration reports for insecure-bank
Loading 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~a511ca037f, baseline=1.51.0-SNAPSHOT~036f8f195d
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.448 ms) : 4393, 4503
.   : milestone, 4448,
iast (9.431 ms) : 9278, 9584
.   : milestone, 9431,
iast_FULL (13.689 ms) : 13416, 13961
.   : milestone, 13689,
iast_GLOBAL (10.162 ms) : 9984, 10339
.   : milestone, 10162,
profiling (8.807 ms) : 8657, 8957
.   : milestone, 8807,
tracing (7.936 ms) : 7822, 8050
.   : milestone, 7936,
section candidate
no_agent (4.519 ms) : 4470, 4569
.   : milestone, 4519,
iast (9.18 ms) : 9020, 9341
.   : milestone, 9180,
iast_FULL (13.949 ms) : 13670, 14228
.   : milestone, 13949,
iast_GLOBAL (10.491 ms) : 10307, 10675
.   : milestone, 10491,
profiling (8.632 ms) : 8494, 8770
.   : milestone, 8632,
tracing (7.752 ms) : 7636, 7867
.   : milestone, 7752,
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.448 ms [4.393 ms, 4.503 ms] -
iast 9.431 ms [9.278 ms, 9.584 ms] 4.983 ms (112.0%)
iast_FULL 13.689 ms [13.416 ms, 13.961 ms] 9.24 ms (207.7%)
iast_GLOBAL 10.162 ms [9.984 ms, 10.339 ms] 5.713 ms (128.4%)
profiling 8.807 ms [8.657 ms, 8.957 ms] 4.359 ms (98.0%)
tracing 7.936 ms [7.822 ms, 8.05 ms] 3.488 ms (78.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.519 ms [4.47 ms, 4.569 ms] -
iast 9.18 ms [9.02 ms, 9.341 ms] 4.661 ms (103.1%)
iast_FULL 13.949 ms [13.67 ms, 14.228 ms] 9.429 ms (208.6%)
iast_GLOBAL 10.491 ms [10.307 ms, 10.675 ms] 5.971 ms (132.1%)
profiling 8.632 ms [8.494 ms, 8.77 ms] 4.113 ms (91.0%)
tracing 7.752 ms [7.636 ms, 7.867 ms] 3.232 ms (71.5%)
Request duration reports for petclinic
Loading 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~a511ca037f, baseline=1.51.0-SNAPSHOT~036f8f195d
    dateFormat X
    axisFormat %s
section baseline
no_agent (37.41 ms) : 37113, 37707
.   : milestone, 37410,
appsec (47.898 ms) : 47472, 48324
.   : milestone, 47898,
code_origins (44.413 ms) : 44027, 44799
.   : milestone, 44413,
iast (43.664 ms) : 43278, 44049
.   : milestone, 43664,
profiling (50.161 ms) : 49678, 50643
.   : milestone, 50161,
tracing (42.218 ms) : 41868, 42568
.   : milestone, 42218,
section candidate
no_agent (37.833 ms) : 37519, 38146
.   : milestone, 37833,
appsec (45.332 ms) : 44934, 45729
.   : milestone, 45332,
code_origins (46.644 ms) : 46238, 47050
.   : milestone, 46644,
iast (44.972 ms) : 44568, 45375
.   : milestone, 44972,
profiling (50.836 ms) : 50362, 51310
.   : milestone, 50836,
tracing (41.868 ms) : 41523, 42213
.   : milestone, 41868,
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 37.41 ms [37.113 ms, 37.707 ms] -
appsec 47.898 ms [47.472 ms, 48.324 ms] 10.488 ms (28.0%)
code_origins 44.413 ms [44.027 ms, 44.799 ms] 7.003 ms (18.7%)
iast 43.664 ms [43.278 ms, 44.049 ms] 6.254 ms (16.7%)
profiling 50.161 ms [49.678 ms, 50.643 ms] 12.751 ms (34.1%)
tracing 42.218 ms [41.868 ms, 42.568 ms] 4.808 ms (12.9%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 37.833 ms [37.519 ms, 38.146 ms] -
appsec 45.332 ms [44.934 ms, 45.729 ms] 7.499 ms (19.8%)
code_origins 46.644 ms [46.238 ms, 47.05 ms] 8.811 ms (23.3%)
iast 44.972 ms [44.568 ms, 45.375 ms] 7.139 ms (18.9%)
profiling 50.836 ms [50.362 ms, 51.31 ms] 13.003 ms (34.4%)
tracing 41.868 ms [41.523 ms, 42.213 ms] 4.035 ms (10.7%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/api-sec-resteasy-response-schema
git_commit_date 1751520809 1751522600
git_commit_sha 036f8f1 a511ca0
release_version 1.51.0-SNAPSHOT~036f8f195d 1.51.0-SNAPSHOT~a511ca037f
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1751524562 1751524562
ci_job_id 1011451489 1011451489
ci_pipeline_id 69521238 69521238
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-ybvkwwd1 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-ybvkwwd1 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat
Loading 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~a511ca037f, baseline=1.51.0-SNAPSHOT~036f8f195d
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.478 ms) : 1466, 1490
.   : milestone, 1478,
appsec (2.41 ms) : 2360, 2460
.   : milestone, 2410,
iast (2.199 ms) : 2137, 2262
.   : milestone, 2199,
iast_GLOBAL (2.242 ms) : 2179, 2304
.   : milestone, 2242,
profiling (2.049 ms) : 1998, 2101
.   : milestone, 2049,
tracing (2.014 ms) : 1965, 2062
.   : milestone, 2014,
section candidate
no_agent (1.474 ms) : 1463, 1486
.   : milestone, 1474,
appsec (2.405 ms) : 2356, 2455
.   : milestone, 2405,
iast (2.187 ms) : 2125, 2249
.   : milestone, 2187,
iast_GLOBAL (2.241 ms) : 2178, 2304
.   : milestone, 2241,
profiling (2.026 ms) : 1976, 2076
.   : milestone, 2026,
tracing (2.022 ms) : 1974, 2070
.   : milestone, 2022,
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.478 ms [1.466 ms, 1.49 ms] -
appsec 2.41 ms [2.36 ms, 2.46 ms] 931.985 µs (63.1%)
iast 2.199 ms [2.137 ms, 2.262 ms] 721.463 µs (48.8%)
iast_GLOBAL 2.242 ms [2.179 ms, 2.304 ms] 763.599 µs (51.7%)
profiling 2.049 ms [1.998 ms, 2.101 ms] 571.523 µs (38.7%)
tracing 2.014 ms [1.965 ms, 2.062 ms] 535.655 µs (36.2%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.474 ms [1.463 ms, 1.486 ms] -
appsec 2.405 ms [2.356 ms, 2.455 ms] 931.248 µs (63.2%)
iast 2.187 ms [2.125 ms, 2.249 ms] 712.981 µs (48.4%)
iast_GLOBAL 2.241 ms [2.178 ms, 2.304 ms] 766.835 µs (52.0%)
profiling 2.026 ms [1.976 ms, 2.076 ms] 552.071 µs (37.5%)
tracing 2.022 ms [1.974 ms, 2.07 ms] 547.832 µs (37.2%)
Execution time for biojava
Loading 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~a511ca037f, baseline=1.51.0-SNAPSHOT~036f8f195d
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.916 s) : 14916000, 14916000
.   : milestone, 14916000,
appsec (14.709 s) : 14709000, 14709000
.   : milestone, 14709000,
iast (18.287 s) : 18287000, 18287000
.   : milestone, 18287000,
iast_GLOBAL (17.815 s) : 17815000, 17815000
.   : milestone, 17815000,
profiling (15.083 s) : 15083000, 15083000
.   : milestone, 15083000,
tracing (14.873 s) : 14873000, 14873000
.   : milestone, 14873000,
section candidate
no_agent (14.73 s) : 14730000, 14730000
.   : milestone, 14730000,
appsec (14.757 s) : 14757000, 14757000
.   : milestone, 14757000,
iast (18.603 s) : 18603000, 18603000
.   : milestone, 18603000,
iast_GLOBAL (17.927 s) : 17927000, 17927000
.   : milestone, 17927000,
profiling (15.138 s) : 15138000, 15138000
.   : milestone, 15138000,
tracing (14.721 s) : 14721000, 14721000
.   : milestone, 14721000,
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.916 s [14.916 s, 14.916 s] -
appsec 14.709 s [14.709 s, 14.709 s] -207.0 ms (-1.4%)
iast 18.287 s [18.287 s, 18.287 s] 3.371 s (22.6%)
iast_GLOBAL 17.815 s [17.815 s, 17.815 s] 2.899 s (19.4%)
profiling 15.083 s [15.083 s, 15.083 s] 167.0 ms (1.1%)
tracing 14.873 s [14.873 s, 14.873 s] -43.0 ms (-0.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.73 s [14.73 s, 14.73 s] -
appsec 14.757 s [14.757 s, 14.757 s] 27.0 ms (0.2%)
iast 18.603 s [18.603 s, 18.603 s] 3.873 s (26.3%)
iast_GLOBAL 17.927 s [17.927 s, 17.927 s] 3.197 s (21.7%)
profiling 15.138 s [15.138 s, 15.138 s] 408.0 ms (2.8%)
tracing 14.721 s [14.721 s, 14.721 s] -9.0 ms (-0.1%)

AlexeyKuznetsov-DD
AlexeyKuznetsov-DD requested changes Jun 20, 2025
View reviewed changes
@jandro996 jandro996 force-pushed the alejandro.gonzalez/api-sec-jersey-response-schema branch from 8e2219c to db61f58 Compare June 26, 2025 06:30
@jandro996 jandro996 force-pushed the alejandro.gonzalez/api-sec-resteasy-response-schema branch from f88d1cf to c1695f4 Compare June 27, 2025 05:45
Base automatically changed from alejandro.gonzalez/api-sec-jersey-response-schema to master June 27, 2025 17:55
@jandro996 jandro996 force-pushed the alejandro.gonzalez/api-sec-resteasy-response-schema branch from 83454dc to 84a6aa5 Compare June 27, 2025 18:04
@jandro996 jandro996 marked this pull request as ready for review June 27, 2025 18:09
@jandro996 jandro996 requested a review from a team as a code owner June 27, 2025 18:09
manuel-alvarez-alvarez
manuel-alvarez-alvarez approved these changes Jul 2, 2025
View reviewed changes
Copy link
Member

@manuel-alvarez-alvarez manuel-alvarez-alvarez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

AlexeyKuznetsov-DD
AlexeyKuznetsov-DD requested changes Jul 2, 2025
View reviewed changes
AlexeyKuznetsov-DD
AlexeyKuznetsov-DD approved these changes Jul 2, 2025
View reviewed changes
Copy link
Contributor

@AlexeyKuznetsov-DD AlexeyKuznetsov-DD left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jandro996 jandro996 merged commit 5353d51 into master Jul 3, 2025
508 checks passed
@jandro996 jandro996 deleted the alejandro.gonzalez/api-sec-resteasy-response-schema branch July 3, 2025 06:52
@github-actions github-actions bot added this to the 1.51.0 milestone Jul 3, 2025
svc-squareup-copybara pushed a commit to cashapp/misk that referenced this pull request Jul 10, 2025
@github-cash-renovate-jvm-2 @svc-squareup-copybara
This PR contains the following updates:
48e635d 
| Package | Type | Package file | Manager | Update | Change |
|---|---|---|---|---|---|
|
[com.google.errorprone:error_prone_annotations](https://errorprone.info)
([source](https://github.com/google/error-prone)) | dependencies |
misk/gradle/libs.versions.toml | gradle | minor | `2.39.0` -> `2.40.0` |
|
[org.apache.commons:commons-lang3](https://commons.apache.org/proper/commons-lang/)
([source](https://gitbox.apache.org/repos/asf/commons-lang.git)) |
dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`3.17.0` -> `3.18.0` |
|
[org.jetbrains.kotlinx.binary-compatibility-validator](https://github.com/Kotlin/binary-compatibility-validator)
| plugin | misk/gradle/libs.versions.toml | gradle | patch | `0.18.0` ->
`0.18.1` |
| [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`1.50.1` -> `1.51.0` |
| [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
|
[software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava)
| dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |

---

### Release Notes

<details>
<summary>google/error-prone
(com.google.errorprone:error_prone_annotations)</summary>

###
[`v2.40.0`](https://github.com/google/error-prone/releases/tag/v2.40.0):
Error Prone 2.40.0

Changes:

- Bug fixes and improvements
- Releases (including snapshots) have migrated from [OSSRH to the
Central Publisher
Portal](https://central.sonatype.org/pages/ossrh-eol/#process-to-migrate)

Full changelog:
google/error-prone@v2.39.0...v2.40.0

</details>

<details>
<summary>Kotlin/binary-compatibility-validator
(org.jetbrains.kotlinx.binary-compatibility-validator)</summary>

###
[`v0.18.1`](https://github.com/Kotlin/binary-compatibility-validator/releases/tag/0.18.1)

[Compare
Source](Kotlin/binary-compatibility-validator@0.18.0...0.18.1)

#### What's Changed

- Fixed a bug preventing use of cross-compilation support during KLIB
dump validation
\[[#&#8203;304](https://github.com/Kotlin/binary-compatibility-validator/issues/304)]\[[#&#8203;306](https://github.com/Kotlin/binary-compatibility-validator/issues/306)]

</details>

<details>
<summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary>

###
[`v1.51.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.51.0):
1.51.0

### Components

#### Application Security Management (IAST)

- 🐛 Fix verify error when ctor params are used after a call site
([#&#8203;9083](DataDog/dd-trace-java#9083) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- 🐛 Limit the maximum size of the location path in IAST
vulnerabilities
([#&#8203;9028](DataDog/dd-trace-java#9028) -
[@&#8203;jandro996](https://github.com/jandro996))
- 🐛 Fix IAST gRPC handler with null superclass
([#&#8203;8984](DataDog/dd-trace-java#8984) -
[@&#8203;smola](https://github.com/smola))
- ✨ Optimize IAST Vulnerability Detection
([#&#8203;8885](DataDog/dd-trace-java#8885) -
[@&#8203;jandro996](https://github.com/jandro996))

#### Application Security Management (WAF)

- ✨ Upgrade libddwaf-java to 15.0.0
([#&#8203;9022](DataDog/dd-trace-java#9022) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))
- ✨ Extract RestEasy json body response schemas
([#&#8203;9015](DataDog/dd-trace-java#9015) -
[@&#8203;jandro996](https://github.com/jandro996))
- ✨ Extract Jersey json body response schemas
([#&#8203;9014](DataDog/dd-trace-java#9014) -
[@&#8203;jandro996](https://github.com/jandro996))
- ✨ Extract Ratpack json body response schemas
([#&#8203;9013](DataDog/dd-trace-java#9013) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Enable API Security by default and make it lazy loading
([#&#8203;9009](DataDog/dd-trace-java#9009) -
[@&#8203;smola](https://github.com/smola))
- ✨ Extract Vert.x json body response schemas
([#&#8203;9001](DataDog/dd-trace-java#9001) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Extract Play json body response schemas
([#&#8203;8995](DataDog/dd-trace-java#8995) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- 🐛 Fix Jackson nodes introspection for request/response schema
extraction
([#&#8203;8980](DataDog/dd-trace-java#8980) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Extract Spring json body response schemas
([#&#8203;8938](DataDog/dd-trace-java#8938) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))
- ✨ Default obfuscation regexp update
([#&#8203;8937](DataDog/dd-trace-java#8937) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

#### Build & Tooling

- ✨ Cancel GitLab running pipeline on new PR push
([#&#8203;9023](DataDog/dd-trace-java#9023) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer))
- ✨ Migrate publishing to Maven Central Portal
([#&#8203;8807](DataDog/dd-trace-java#8807) -
[@&#8203;sarahchen6](https://github.com/sarahchen6))

#### Continuous Integration Visibility

- 🐛 Fix Test Optimization to work with JDK 24
([#&#8203;9114](DataDog/dd-trace-java#9114) -
[@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog))
- ✨ Add repo root as safe directory on git client creation
([#&#8203;9033](DataDog/dd-trace-java#9033) -
[@&#8203;daniel-mohedano](https://github.com/daniel-mohedano))
- ✨ Add PR number tag and improve PR information building
([#&#8203;8990](DataDog/dd-trace-java#8990) -
[@&#8203;daniel-mohedano](https://github.com/daniel-mohedano))
- ✨ Update impacted tests logic
([#&#8203;8923](DataDog/dd-trace-java#8923) -
[@&#8203;daniel-mohedano](https://github.com/daniel-mohedano))

#### Data Streams Monitoring

- 🧹 Clean up DSM context injection
([#&#8203;8776](DataDog/dd-trace-java#8776) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer))

#### Database Monitoring

- 🐛 Set trace\_injected in try block
([#&#8203;9025](DataDog/dd-trace-java#9025) -
[@&#8203;natashadada](https://github.com/natashadada))

#### Dynamic Instrumentation

- 🐛 Add source file tracking enable option
([#&#8203;9115](DataDog/dd-trace-java#9115) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ Add java.util.Date support
([#&#8203;9111](DataDog/dd-trace-java#9111) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ Update file probe format
([#&#8203;9047](DataDog/dd-trace-java#9047) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ add safe local var hoisting
([#&#8203;9034](DataDog/dd-trace-java#9034) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- 🧹 Add new config for debugger upload interval
([#&#8203;8959](DataDog/dd-trace-java#8959) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ Enable Code Origin with Dynamic instrumentation
([#&#8203;8940](DataDog/dd-trace-java#8940) -
[@&#8203;jpbempel](https://github.com/jpbempel))

#### ML Observability (LLMObs)

- 💡 LLM Observability SDK
([#&#8203;8781](DataDog/dd-trace-java#8781) -
[@&#8203;gary-huang](https://github.com/gary-huang),
[@&#8203;nayeem-kamal](https://github.com/nayeem-kamal))

#### Metrics

- 🐛 Ensure client stat reporter is started when the agent is not
available at bootstrap
([#&#8203;9082](DataDog/dd-trace-java#9082) -
[@&#8203;amarziali](https://github.com/amarziali))
- ✨ Create metric: appsec.waf.config\_errors
([#&#8203;8394](DataDog/dd-trace-java#8394) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

#### Platform components

- ✨ Introduce environment component
([#&#8203;9071](DataDog/dd-trace-java#9071) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer))

#### Profiling

- 🐛 Remove annoying warning for smap event parsing
([#&#8203;9119](DataDog/dd-trace-java#9119) -
[@&#8203;jbachorik](https://github.com/jbachorik))
- 🐛 Fix ByteCountingInputStream when reading past EOF
([#&#8203;8988](DataDog/dd-trace-java#8988) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### Realtime User Monitoring

- ✨ Add RUM SDK injection for servlet based web servers
([#&#8203;9110](DataDog/dd-trace-java#9110) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer)
[@&#8203;amarziali](https://github.com/amarziali))

#### Telemetry

- ✨ Update the config origin metric to match what it's mapping
([#&#8203;9045](DataDog/dd-trace-java#9045) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

#### Testing

- ✨ Add testing for latest stable version (JDK 24)
([#&#8203;8875](DataDog/dd-trace-java#8875) -
[@&#8203;sarahchen6](https://github.com/sarahchen6))

#### Trace context propagation

- 🐛 Fix bug with dropping baggage when
`TracePropagationBehaviorExtract=IGNORE`
([#&#8203;9037](DataDog/dd-trace-java#9037) -
[@&#8203;mhlidd](https://github.com/mhlidd))
- 🐛 Fix ArrayIndexOutOfBoundsException in PercentEscaper
([#&#8203;9032](DataDog/dd-trace-java#9032) -
[@&#8203;mhlidd](https://github.com/mhlidd))

#### Tracer core

- 🐛 Fix `Error` handling for trace interceptors
([#&#8203;9097](DataDog/dd-trace-java#9097) -
[@&#8203;AlexeyKuznetsov-DD](https://github.com/AlexeyKuznetsov-DD))
- 💡 Add wildcard feature for `DD_TRACE_HEADER_TAGS` and enabling
for Http Response headers
([#&#8203;9067](DataDog/dd-trace-java#9067) -
[@&#8203;mhlidd](https://github.com/mhlidd))

#### Tracer public API

- 💡 Add LLM Observability SDK
([#&#8203;8781](DataDog/dd-trace-java#8781) -
[@&#8203;gary-huang](https://github.com/gary-huang))

### Instrumentations

#### Akka instrumentation

- 🐛 Fix NPE in akka-http and pekko-http integrations
([#&#8203;9019](DataDog/dd-trace-java#9019) -
[@&#8203;mcculls](https://github.com/mcculls))

#### Eclipse Vert.x instrumentation

- ✨ Extract Vert.x json body response schemas
([#&#8203;9001](DataDog/dd-trace-java#9001) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Write http.route tag as soon as possible in vert.x
([#&#8203;8952](DataDog/dd-trace-java#8952) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### JAX-WS instrumentation

- 💡⚠️ Enable jax-ws integration by default
([#&#8203;9030](DataDog/dd-trace-java#9030) -
[@&#8203;bm1549](https://github.com/bm1549))
- ✨ Extract Jersey json body response schemas
([#&#8203;9014](DataDog/dd-trace-java#9014) -
[@&#8203;jandro996](https://github.com/jandro996))

#### Mule instrumentation

- 🐛 Propagate grizzly http span in filters if nothing is active
([#&#8203;9016](DataDog/dd-trace-java#9016) -
[@&#8203;amarziali](https://github.com/amarziali))

#### Play Framework instrumentation

- ✨ Extract Play json body response schemas
([#&#8203;8995](DataDog/dd-trace-java#8995) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### Ratpack instrumentation

- ✨ Extract Ratpack json body response schemas
([#&#8203;9013](DataDog/dd-trace-java#9013) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### Spring instrumentation

- ✨ Extract Spring json body response schemas
([#&#8203;8938](DataDog/dd-trace-java#8938) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am
every weekday" in timezone Australia/Melbourne, Automerge - At any time
(no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://github.com/renovatebot/renovate).

GitOrigin-RevId: 649b690d4c9d7dcb572c457f0802b42b8e3e682e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manuel-alvarez-alvarez manuel-alvarez-alvarez

@AlexeyKuznetsov-DD AlexeyKuznetsov-DD

Assignees
No one assigned
Labels
comp: asm waf Application Security Management (WAF) type: enhancement Enhancements and improvements
Projects
None yet
Milestone
1.51.0
Development

Successfully merging this pull request may close these issues.
3 participants
@jandro996 @manuel-alvarez-alvarez @AlexeyKuznetsov-DD