Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Map JSP stack traces to file names #7005

Draft
wants to merge 7 commits into
base: master
Choose a base branch
from
Draft

Map JSP stack traces to file names #7005

wants to merge 7 commits into from

Conversation

jandro996
Copy link
Member

@jandro996 jandro996 commented May 8, 2024
edited by jira bot

What Does This Do

Add StratumManger to deal with SMAP Syntax from Jakarta Debugging Support for Other Languages

Replace the StackTraceElement used to create the vulnerability location with the original file and line info

Motivation

If we want to show proper filename for vulnerabilities in JSP, we’ll need to map JSP stack traces to file names.

Additional Notes

Jira ticket: APPSEC-4703

@pr-commenter
Copy link

pr-commenter bot commented May 8, 2024
edited

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/xss_jsp_filename
git_commit_date 1715205616 1715236846
git_commit_sha d878b0f 4b6a319
release_version 1.35.0-SNAPSHOT~d878b0f879 1.35.0-SNAPSHOT~4b6a319695
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1715239598 1715239598
ci_job_id 507840399 507840399
ci_pipeline_id 33937183 33937183
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 49 metrics, 14 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.08 s) : 0, 1080361
Total [baseline] (8.556 s) : 0, 8555828
Agent [candidate] (1.079 s) : 0, 1079354
Total [candidate] (8.581 s) : 0, 8581056
section iast
Agent [baseline] (1.199 s) : 0, 1198952
Total [baseline] (8.999 s) : 0, 8999086
Agent [candidate] (1.206 s) : 0, 1205884
Total [candidate] (9.02 s) : 0, 9019746
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.206 s) : 0, 1206234
Total [baseline] (8.991 s) : 0, 8991478
Agent [candidate] (1.211 s) : 0, 1210772
Total [candidate] (8.97 s) : 0, 8970040
section iast_TELEMETRY_OFF
Agent [baseline] (1.208 s) : 0, 1208246
Total [baseline] (9.001 s) : 0, 9000818
Agent [candidate] (1.213 s) : 0, 1212569
Total [candidate] (9.066 s) : 0, 9065552
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.08 s -
Agent iast 1.199 s 118.591 ms (11.0%)
Agent iast_HARDCODED_SECRET_DISABLED 1.206 s 125.873 ms (11.7%)
Agent iast_TELEMETRY_OFF 1.208 s 127.885 ms (11.8%)
Total tracing 8.556 s -
Total iast 8.999 s 443.258 ms (5.2%)
Total iast_HARDCODED_SECRET_DISABLED 8.991 s 435.65 ms (5.1%)
Total iast_TELEMETRY_OFF 9.001 s 444.989 ms (5.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.079 s -
Agent iast 1.206 s 126.531 ms (11.7%)
Agent iast_HARDCODED_SECRET_DISABLED 1.211 s 131.418 ms (12.2%)
Agent iast_TELEMETRY_OFF 1.213 s 133.215 ms (12.3%)
Total tracing 8.581 s -
Total iast 9.02 s 438.69 ms (5.1%)
Total iast_HARDCODED_SECRET_DISABLED 8.97 s 388.984 ms (4.5%)
Total iast_TELEMETRY_OFF 9.066 s 484.495 ms (5.6%) 
gantt
    title insecure-bank - break down per module: candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (674.943 ms) : 0, 674943
BytebuddyAgent [candidate] (674.585 ms) : 0, 674585
GlobalTracer [baseline] (312.683 ms) : 0, 312683
GlobalTracer [candidate] (312.361 ms) : 0, 312361
AppSec [baseline] (49.789 ms) : 0, 49789
AppSec [candidate] (49.619 ms) : 0, 49619
Remote Config [baseline] (670.248 µs) : 0, 670
Remote Config [candidate] (678.382 µs) : 0, 678
Telemetry [baseline] (7.695 ms) : 0, 7695
Telemetry [candidate] (7.669 ms) : 0, 7669
section iast
BytebuddyAgent [baseline] (792.67 ms) : 0, 792670
BytebuddyAgent [candidate] (798.347 ms) : 0, 798347
GlobalTracer [baseline] (290.366 ms) : 0, 290366
GlobalTracer [candidate] (290.326 ms) : 0, 290326
AppSec [baseline] (50.991 ms) : 0, 50991
AppSec [candidate] (49.009 ms) : 0, 49009
IAST [baseline] (22.686 ms) : 0, 22686
IAST [candidate] (26.628 ms) : 0, 26628
Remote Config [baseline] (1.299 ms) : 0, 1299
Remote Config [candidate] (595.651 µs) : 0, 596
Telemetry [baseline] (6.604 ms) : 0, 6604
Telemetry [candidate] (6.614 ms) : 0, 6614
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (798.051 ms) : 0, 798051
BytebuddyAgent [candidate] (801.865 ms) : 0, 801865
GlobalTracer [baseline] (291.545 ms) : 0, 291545
GlobalTracer [candidate] (291.354 ms) : 0, 291354
AppSec [baseline] (51.065 ms) : 0, 51065
AppSec [candidate] (49.736 ms) : 0, 49736
IAST [baseline] (22.885 ms) : 0, 22885
IAST [candidate] (26.035 ms) : 0, 26035
Remote Config [baseline] (1.383 ms) : 0, 1383
Remote Config [candidate] (606.119 µs) : 0, 606
Telemetry [baseline] (6.727 ms) : 0, 6727
Telemetry [candidate] (6.613 ms) : 0, 6613
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (800.717 ms) : 0, 800717
BytebuddyAgent [candidate] (802.731 ms) : 0, 802731
GlobalTracer [baseline] (292.618 ms) : 0, 292618
GlobalTracer [candidate] (292.511 ms) : 0, 292511
AppSec [baseline] (49.753 ms) : 0, 49753
AppSec [candidate] (50.369 ms) : 0, 50369
IAST [baseline] (23.179 ms) : 0, 23179
IAST [candidate] (24.247 ms) : 0, 24247
Remote Config [baseline] (599.753 µs) : 0, 600
Remote Config [candidate] (646.332 µs) : 0, 646
Telemetry [baseline] (6.595 ms) : 0, 6595
Telemetry [candidate] (7.351 ms) : 0, 7351
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.081 s) : 0, 1081112
Total [baseline] (10.362 s) : 0, 10361507
Agent [candidate] (1.084 s) : 0, 1083995
Total [candidate] (10.462 s) : 0, 10462069
section appsec
Agent [baseline] (1.208 s) : 0, 1207580
Total [baseline] (10.471 s) : 0, 10470948
Agent [candidate] (1.197 s) : 0, 1196968
Total [candidate] (10.426 s) : 0, 10426434
section iast
Agent [baseline] (1.203 s) : 0, 1202911
Total [baseline] (10.729 s) : 0, 10728605
Agent [candidate] (1.207 s) : 0, 1206740
Total [candidate] (10.765 s) : 0, 10765029
section profiling
Agent [baseline] (1.268 s) : 0, 1267829
Total [baseline] (10.56 s) : 0, 10559615
Agent [candidate] (1.269 s) : 0, 1269306
Total [candidate] (10.612 s) : 0, 10612015
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.081 s -
Agent appsec 1.208 s 126.468 ms (11.7%)
Agent iast 1.203 s 121.799 ms (11.3%)
Agent profiling 1.268 s 186.717 ms (17.3%)
Total tracing 10.362 s -
Total appsec 10.471 s 109.441 ms (1.1%)
Total iast 10.729 s 367.098 ms (3.5%)
Total profiling 10.56 s 198.108 ms (1.9%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.084 s -
Agent appsec 1.197 s 112.973 ms (10.4%)
Agent iast 1.207 s 122.745 ms (11.3%)
Agent profiling 1.269 s 185.311 ms (17.1%)
Total tracing 10.462 s -
Total appsec 10.426 s -35.635 ms (-0.3%)
Total iast 10.765 s 302.96 ms (2.9%)
Total profiling 10.612 s 149.946 ms (1.4%) 
gantt
    title petclinic - break down per module: candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (676.756 ms) : 0, 676756
BytebuddyAgent [candidate] (678.212 ms) : 0, 678212
GlobalTracer [baseline] (312.069 ms) : 0, 312069
GlobalTracer [candidate] (313.1 ms) : 0, 313100
AppSec [baseline] (49.485 ms) : 0, 49485
AppSec [candidate] (49.729 ms) : 0, 49729
Remote Config [baseline] (661.433 µs) : 0, 661
Remote Config [candidate] (672.863 µs) : 0, 673
Telemetry [baseline] (7.572 ms) : 0, 7572
Telemetry [candidate] (7.696 ms) : 0, 7696
section appsec
BytebuddyAgent [baseline] (705.973 ms) : 0, 705973
BytebuddyAgent [candidate] (699.771 ms) : 0, 699771
GlobalTracer [baseline] (296.786 ms) : 0, 296786
GlobalTracer [candidate] (294.053 ms) : 0, 294053
AppSec [baseline] (149.814 ms) : 0, 149814
AppSec [candidate] (149.475 ms) : 0, 149475
IAST [baseline] (19.349 ms) : 0, 19349
IAST [candidate] (19.304 ms) : 0, 19304
Remote Config [baseline] (626.239 µs) : 0, 626
Remote Config [candidate] (621.65 µs) : 0, 622
Telemetry [baseline] (9.882 ms) : 0, 9882
Telemetry [candidate] (8.841 ms) : 0, 8841
section iast
BytebuddyAgent [baseline] (794.906 ms) : 0, 794906
BytebuddyAgent [candidate] (799.069 ms) : 0, 799069
GlobalTracer [baseline] (291.188 ms) : 0, 291188
GlobalTracer [candidate] (290.611 ms) : 0, 290611
AppSec [baseline] (49.78 ms) : 0, 49780
AppSec [candidate] (51.76 ms) : 0, 51760
IAST [baseline] (23.344 ms) : 0, 23344
IAST [candidate] (23.621 ms) : 0, 23621
Remote Config [baseline] (580.664 µs) : 0, 581
Remote Config [candidate] (597.49 µs) : 0, 597
Telemetry [baseline] (8.78 ms) : 0, 8780
Telemetry [candidate] (6.724 ms) : 0, 6724
section profiling
BytebuddyAgent [baseline] (677.112 ms) : 0, 677112
BytebuddyAgent [candidate] (677.703 ms) : 0, 677703
GlobalTracer [baseline] (380.409 ms) : 0, 380409
GlobalTracer [candidate] (381.416 ms) : 0, 381416
AppSec [baseline] (50.14 ms) : 0, 50140
AppSec [candidate] (50.079 ms) : 0, 50079
Remote Config [baseline] (710.413 µs) : 0, 710
Remote Config [candidate] (701.96 µs) : 0, 702
Telemetry [baseline] (7.48 ms) : 0, 7480
Telemetry [candidate] (7.466 ms) : 0, 7466
ProfilingAgent [baseline] (95.614 ms) : 0, 95614
ProfilingAgent [candidate] (95.377 ms) : 0, 95377
Profiling [baseline] (95.642 ms) : 0, 95642
Profiling [candidate] (95.402 ms) : 0, 95402

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-05-09T06:57:28 2024-05-09T07:04:16
git_branch master alejandro.gonzalez/xss_jsp_filename
git_commit_date 1715205616 1715236846
git_commit_sha d878b0f 4b6a319
release_version 1.35.0-SNAPSHOT~d878b0f879 1.35.0-SNAPSHOT~4b6a319695
start_time 2024-05-09T06:57:14 2024-05-09T07:04:03
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1715238603 1715238603
ci_job_id 507840400 507840400
ci_pipeline_id 33937183 33937183
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 13 metrics, 15 unstable metrics.

Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879
    dateFormat X
    axisFormat %s
section baseline
no_agent (372.886 µs) : 352, 394
.   : milestone, 373,
iast (480.082 µs) : 459, 501
.   : milestone, 480,
iast_FULL (544.45 µs) : 523, 565
.   : milestone, 544,
iast_GLOBAL (492.378 µs) : 472, 513
.   : milestone, 492,
iast_HARDCODED_SECRET_DISABLED (472.045 µs) : 451, 493
.   : milestone, 472,
iast_INACTIVE (452.596 µs) : 431, 474
.   : milestone, 453,
iast_TELEMETRY_OFF (472.842 µs) : 451, 495
.   : milestone, 473,
tracing (451.41 µs) : 431, 472
.   : milestone, 451,
section candidate
no_agent (367.627 µs) : 348, 388
.   : milestone, 368,
iast (486.725 µs) : 466, 508
.   : milestone, 487,
iast_FULL (556.551 µs) : 535, 578
.   : milestone, 557,
iast_GLOBAL (504.906 µs) : 484, 526
.   : milestone, 505,
iast_HARDCODED_SECRET_DISABLED (490.838 µs) : 469, 512
.   : milestone, 491,
iast_INACTIVE (454.223 µs) : 434, 475
.   : milestone, 454,
iast_TELEMETRY_OFF (474.847 µs) : 453, 496
.   : milestone, 475,
tracing (454.671 µs) : 434, 475
.   : milestone, 455,
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 372.886 µs [351.887 µs, 393.886 µs] -
iast 480.082 µs [459.197 µs, 500.966 µs] 107.195 µs (28.7%)
iast_FULL 544.45 µs [523.414 µs, 565.487 µs] 171.564 µs (46.0%)
iast_GLOBAL 492.378 µs [471.963 µs, 512.794 µs] 119.492 µs (32.0%)
iast_HARDCODED_SECRET_DISABLED 472.045 µs [451.49 µs, 492.6 µs] 99.159 µs (26.6%)
iast_INACTIVE 452.596 µs [431.325 µs, 473.867 µs] 79.709 µs (21.4%)
iast_TELEMETRY_OFF 472.842 µs [450.808 µs, 494.876 µs] 99.956 µs (26.8%)
tracing 451.41 µs [430.858 µs, 471.963 µs] 78.524 µs (21.1%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 367.627 µs [347.749 µs, 387.505 µs] -
iast 486.725 µs [465.609 µs, 507.841 µs] 119.098 µs (32.4%)
iast_FULL 556.551 µs [535.231 µs, 577.871 µs] 188.923 µs (51.4%)
iast_GLOBAL 504.906 µs [483.975 µs, 525.837 µs] 137.279 µs (37.3%)
iast_HARDCODED_SECRET_DISABLED 490.838 µs [469.249 µs, 512.428 µs] 123.211 µs (33.5%)
iast_INACTIVE 454.223 µs [433.534 µs, 474.911 µs] 86.596 µs (23.6%)
iast_TELEMETRY_OFF 474.847 µs [453.41 µs, 496.285 µs] 107.22 µs (29.2%)
tracing 454.671 µs [434.169 µs, 475.172 µs] 87.043 µs (23.7%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.352 ms) : 1333, 1371
.   : milestone, 1352,
appsec (1.734 ms) : 1710, 1757
.   : milestone, 1734,
appsec_no_iast (1.71 ms) : 1687, 1734
.   : milestone, 1710,
iast (1.49 ms) : 1467, 1513
.   : milestone, 1490,
profiling (1.501 ms) : 1476, 1526
.   : milestone, 1501,
tracing (1.474 ms) : 1449, 1499
.   : milestone, 1474,
section candidate
no_agent (1.352 ms) : 1333, 1371
.   : milestone, 1352,
appsec (1.727 ms) : 1702, 1752
.   : milestone, 1727,
appsec_no_iast (1.702 ms) : 1677, 1726
.   : milestone, 1702,
iast (1.485 ms) : 1463, 1508
.   : milestone, 1485,
profiling (1.53 ms) : 1504, 1556
.   : milestone, 1530,
tracing (1.496 ms) : 1472, 1520
.   : milestone, 1496,
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.352 ms [1.333 ms, 1.371 ms] -
appsec 1.734 ms [1.71 ms, 1.757 ms] 381.448 µs (28.2%)
appsec_no_iast 1.71 ms [1.687 ms, 1.734 ms] 358.281 µs (26.5%)
iast 1.49 ms [1.467 ms, 1.513 ms] 137.73 µs (10.2%)
profiling 1.501 ms [1.476 ms, 1.526 ms] 148.889 µs (11.0%)
tracing 1.474 ms [1.449 ms, 1.499 ms] 122.178 µs (9.0%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.352 ms [1.333 ms, 1.371 ms] -
appsec 1.727 ms [1.702 ms, 1.752 ms] 375.101 µs (27.7%)
appsec_no_iast 1.702 ms [1.677 ms, 1.726 ms] 349.63 µs (25.9%)
iast 1.485 ms [1.463 ms, 1.508 ms] 133.458 µs (9.9%)
profiling 1.53 ms [1.504 ms, 1.556 ms] 177.916 µs (13.2%)
tracing 1.496 ms [1.472 ms, 1.52 ms] 143.921 µs (10.6%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/xss_jsp_filename
git_commit_date 1715205616 1715236846
git_commit_sha d878b0f 4b6a319
release_version 1.35.0-SNAPSHOT~d878b0f879 1.35.0-SNAPSHOT~4b6a319695
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1715239142 1715239142
ci_job_id 507840401 507840401
ci_pipeline_id 33937183 33937183
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 2 performance regressions! Performance is the same for 10 metrics, 0 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:dacapo:tomcat:iast worse
[+42.630µs; +126.596µs] or [+2.244%; +6.665%]		 1.984ms 1.900ms
scenario:dacapo:tomcat:iast_GLOBAL worse
[+38.758µs; +122.515µs] or [+2.002%; +6.330%]		 2.016ms 1.936ms
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.466 ms) : 1455, 1478
.   : milestone, 1466,
appsec (2.231 ms) : 2196, 2266
.   : milestone, 2231,
iast (1.9 ms) : 1864, 1936
.   : milestone, 1900,
iast_GLOBAL (1.936 ms) : 1900, 1971
.   : milestone, 1936,
profiling (1.861 ms) : 1829, 1894
.   : milestone, 1861,
tracing (1.844 ms) : 1812, 1876
.   : milestone, 1844,
section candidate
no_agent (1.469 ms) : 1458, 1481
.   : milestone, 1469,
appsec (2.217 ms) : 2184, 2251
.   : milestone, 2217,
iast (1.984 ms) : 1942, 2026
.   : milestone, 1984,
iast_GLOBAL (2.016 ms) : 1975, 2058
.   : milestone, 2016,
profiling (1.852 ms) : 1818, 1885
.   : milestone, 1852,
tracing (1.842 ms) : 1810, 1874
.   : milestone, 1842,
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.466 ms [1.455 ms, 1.478 ms] -
appsec 2.231 ms [2.196 ms, 2.266 ms] 764.429 µs (52.1%)
iast 1.9 ms [1.864 ms, 1.936 ms] 433.169 µs (29.5%)
iast_GLOBAL 1.936 ms [1.9 ms, 1.971 ms] 469.239 µs (32.0%)
profiling 1.861 ms [1.829 ms, 1.894 ms] 395.03 µs (26.9%)
tracing 1.844 ms [1.812 ms, 1.876 ms] 377.767 µs (25.8%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.469 ms [1.458 ms, 1.481 ms] -
appsec 2.217 ms [2.184 ms, 2.251 ms] 748.001 µs (50.9%)
iast 1.984 ms [1.942 ms, 2.026 ms] 514.8 µs (35.0%)
iast_GLOBAL 2.016 ms [1.975 ms, 2.058 ms] 546.893 µs (37.2%)
profiling 1.852 ms [1.818 ms, 1.885 ms] 382.207 µs (26.0%)
tracing 1.842 ms [1.81 ms, 1.874 ms] 372.397 µs (25.3%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.274 s) : 15274000, 15274000
.   : milestone, 15274000,
appsec (14.928 s) : 14928000, 14928000
.   : milestone, 14928000,
iast (18.975 s) : 18975000, 18975000
.   : milestone, 18975000,
iast_GLOBAL (17.916 s) : 17916000, 17916000
.   : milestone, 17916000,
profiling (15.798 s) : 15798000, 15798000
.   : milestone, 15798000,
tracing (14.89 s) : 14890000, 14890000
.   : milestone, 14890000,
section candidate
no_agent (15.164 s) : 15164000, 15164000
.   : milestone, 15164000,
appsec (15.299 s) : 15299000, 15299000
.   : milestone, 15299000,
iast (18.798 s) : 18798000, 18798000
.   : milestone, 18798000,
iast_GLOBAL (17.812 s) : 17812000, 17812000
.   : milestone, 17812000,
profiling (15.337 s) : 15337000, 15337000
.   : milestone, 15337000,
tracing (14.891 s) : 14891000, 14891000
.   : milestone, 14891000,
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.274 s [15.274 s, 15.274 s] -
appsec 14.928 s [14.928 s, 14.928 s] -346.0 ms (-2.3%)
iast 18.975 s [18.975 s, 18.975 s] 3.701 s (24.2%)
iast_GLOBAL 17.916 s [17.916 s, 17.916 s] 2.642 s (17.3%)
profiling 15.798 s [15.798 s, 15.798 s] 524.0 ms (3.4%)
tracing 14.89 s [14.89 s, 14.89 s] -384.0 ms (-2.5%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.164 s [15.164 s, 15.164 s] -
appsec 15.299 s [15.299 s, 15.299 s] 135.0 ms (0.9%)
iast 18.798 s [18.798 s, 18.798 s] 3.634 s (24.0%)
iast_GLOBAL 17.812 s [17.812 s, 17.812 s] 2.648 s (17.5%)
profiling 15.337 s [15.337 s, 15.337 s] 173.0 ms (1.1%)
tracing 14.891 s [14.891 s, 14.891 s] -273.0 ms (-1.8%)

@jandro996 jandro996 force-pushed the alejandro.gonzalez/xss_jsp branch from 183a51c to ae313e3 Compare May 8, 2024 11:57
@jandro996 jandro996 force-pushed the alejandro.gonzalez/xss_jsp_filename branch from eab21bd to 13aa99b Compare May 8, 2024 15:46
@smola smola added the comp: asm iast Application Security Management (IAST) label May 13, 2024
Base automatically changed from alejandro.gonzalez/xss_jsp to master May 13, 2024 11:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
comp: asm iast Application Security Management (IAST)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jandro996 @smola