-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Map JSP stack traces to file names #7005
Draft
jandro996
wants to merge
7
commits into
master
Choose a base branch
from
alejandro.gonzalez/xss_jsp_filename
base: master
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 49 metrics, 14 unstable metrics. Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.08 s) : 0, 1080361
Total [baseline] (8.556 s) : 0, 8555828
Agent [candidate] (1.079 s) : 0, 1079354
Total [candidate] (8.581 s) : 0, 8581056
section iast
Agent [baseline] (1.199 s) : 0, 1198952
Total [baseline] (8.999 s) : 0, 8999086
Agent [candidate] (1.206 s) : 0, 1205884
Total [candidate] (9.02 s) : 0, 9019746
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.206 s) : 0, 1206234
Total [baseline] (8.991 s) : 0, 8991478
Agent [candidate] (1.211 s) : 0, 1210772
Total [candidate] (8.97 s) : 0, 8970040
section iast_TELEMETRY_OFF
Agent [baseline] (1.208 s) : 0, 1208246
Total [baseline] (9.001 s) : 0, 9000818
Agent [candidate] (1.213 s) : 0, 1212569
Total [candidate] (9.066 s) : 0, 9065552
gantt
title insecure-bank - break down per module: candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (674.943 ms) : 0, 674943
BytebuddyAgent [candidate] (674.585 ms) : 0, 674585
GlobalTracer [baseline] (312.683 ms) : 0, 312683
GlobalTracer [candidate] (312.361 ms) : 0, 312361
AppSec [baseline] (49.789 ms) : 0, 49789
AppSec [candidate] (49.619 ms) : 0, 49619
Remote Config [baseline] (670.248 µs) : 0, 670
Remote Config [candidate] (678.382 µs) : 0, 678
Telemetry [baseline] (7.695 ms) : 0, 7695
Telemetry [candidate] (7.669 ms) : 0, 7669
section iast
BytebuddyAgent [baseline] (792.67 ms) : 0, 792670
BytebuddyAgent [candidate] (798.347 ms) : 0, 798347
GlobalTracer [baseline] (290.366 ms) : 0, 290366
GlobalTracer [candidate] (290.326 ms) : 0, 290326
AppSec [baseline] (50.991 ms) : 0, 50991
AppSec [candidate] (49.009 ms) : 0, 49009
IAST [baseline] (22.686 ms) : 0, 22686
IAST [candidate] (26.628 ms) : 0, 26628
Remote Config [baseline] (1.299 ms) : 0, 1299
Remote Config [candidate] (595.651 µs) : 0, 596
Telemetry [baseline] (6.604 ms) : 0, 6604
Telemetry [candidate] (6.614 ms) : 0, 6614
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (798.051 ms) : 0, 798051
BytebuddyAgent [candidate] (801.865 ms) : 0, 801865
GlobalTracer [baseline] (291.545 ms) : 0, 291545
GlobalTracer [candidate] (291.354 ms) : 0, 291354
AppSec [baseline] (51.065 ms) : 0, 51065
AppSec [candidate] (49.736 ms) : 0, 49736
IAST [baseline] (22.885 ms) : 0, 22885
IAST [candidate] (26.035 ms) : 0, 26035
Remote Config [baseline] (1.383 ms) : 0, 1383
Remote Config [candidate] (606.119 µs) : 0, 606
Telemetry [baseline] (6.727 ms) : 0, 6727
Telemetry [candidate] (6.613 ms) : 0, 6613
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (800.717 ms) : 0, 800717
BytebuddyAgent [candidate] (802.731 ms) : 0, 802731
GlobalTracer [baseline] (292.618 ms) : 0, 292618
GlobalTracer [candidate] (292.511 ms) : 0, 292511
AppSec [baseline] (49.753 ms) : 0, 49753
AppSec [candidate] (50.369 ms) : 0, 50369
IAST [baseline] (23.179 ms) : 0, 23179
IAST [candidate] (24.247 ms) : 0, 24247
Remote Config [baseline] (599.753 µs) : 0, 600
Remote Config [candidate] (646.332 µs) : 0, 646
Telemetry [baseline] (6.595 ms) : 0, 6595
Telemetry [candidate] (7.351 ms) : 0, 7351
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.081 s) : 0, 1081112
Total [baseline] (10.362 s) : 0, 10361507
Agent [candidate] (1.084 s) : 0, 1083995
Total [candidate] (10.462 s) : 0, 10462069
section appsec
Agent [baseline] (1.208 s) : 0, 1207580
Total [baseline] (10.471 s) : 0, 10470948
Agent [candidate] (1.197 s) : 0, 1196968
Total [candidate] (10.426 s) : 0, 10426434
section iast
Agent [baseline] (1.203 s) : 0, 1202911
Total [baseline] (10.729 s) : 0, 10728605
Agent [candidate] (1.207 s) : 0, 1206740
Total [candidate] (10.765 s) : 0, 10765029
section profiling
Agent [baseline] (1.268 s) : 0, 1267829
Total [baseline] (10.56 s) : 0, 10559615
Agent [candidate] (1.269 s) : 0, 1269306
Total [candidate] (10.612 s) : 0, 10612015
gantt
title petclinic - break down per module: candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (676.756 ms) : 0, 676756
BytebuddyAgent [candidate] (678.212 ms) : 0, 678212
GlobalTracer [baseline] (312.069 ms) : 0, 312069
GlobalTracer [candidate] (313.1 ms) : 0, 313100
AppSec [baseline] (49.485 ms) : 0, 49485
AppSec [candidate] (49.729 ms) : 0, 49729
Remote Config [baseline] (661.433 µs) : 0, 661
Remote Config [candidate] (672.863 µs) : 0, 673
Telemetry [baseline] (7.572 ms) : 0, 7572
Telemetry [candidate] (7.696 ms) : 0, 7696
section appsec
BytebuddyAgent [baseline] (705.973 ms) : 0, 705973
BytebuddyAgent [candidate] (699.771 ms) : 0, 699771
GlobalTracer [baseline] (296.786 ms) : 0, 296786
GlobalTracer [candidate] (294.053 ms) : 0, 294053
AppSec [baseline] (149.814 ms) : 0, 149814
AppSec [candidate] (149.475 ms) : 0, 149475
IAST [baseline] (19.349 ms) : 0, 19349
IAST [candidate] (19.304 ms) : 0, 19304
Remote Config [baseline] (626.239 µs) : 0, 626
Remote Config [candidate] (621.65 µs) : 0, 622
Telemetry [baseline] (9.882 ms) : 0, 9882
Telemetry [candidate] (8.841 ms) : 0, 8841
section iast
BytebuddyAgent [baseline] (794.906 ms) : 0, 794906
BytebuddyAgent [candidate] (799.069 ms) : 0, 799069
GlobalTracer [baseline] (291.188 ms) : 0, 291188
GlobalTracer [candidate] (290.611 ms) : 0, 290611
AppSec [baseline] (49.78 ms) : 0, 49780
AppSec [candidate] (51.76 ms) : 0, 51760
IAST [baseline] (23.344 ms) : 0, 23344
IAST [candidate] (23.621 ms) : 0, 23621
Remote Config [baseline] (580.664 µs) : 0, 581
Remote Config [candidate] (597.49 µs) : 0, 597
Telemetry [baseline] (8.78 ms) : 0, 8780
Telemetry [candidate] (6.724 ms) : 0, 6724
section profiling
BytebuddyAgent [baseline] (677.112 ms) : 0, 677112
BytebuddyAgent [candidate] (677.703 ms) : 0, 677703
GlobalTracer [baseline] (380.409 ms) : 0, 380409
GlobalTracer [candidate] (381.416 ms) : 0, 381416
AppSec [baseline] (50.14 ms) : 0, 50140
AppSec [candidate] (50.079 ms) : 0, 50079
Remote Config [baseline] (710.413 µs) : 0, 710
Remote Config [candidate] (701.96 µs) : 0, 702
Telemetry [baseline] (7.48 ms) : 0, 7480
Telemetry [candidate] (7.466 ms) : 0, 7466
ProfilingAgent [baseline] (95.614 ms) : 0, 95614
ProfilingAgent [candidate] (95.377 ms) : 0, 95377
Profiling [baseline] (95.642 ms) : 0, 95642
Profiling [candidate] (95.402 ms) : 0, 95402
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 13 metrics, 15 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879
dateFormat X
axisFormat %s
section baseline
no_agent (372.886 µs) : 352, 394
. : milestone, 373,
iast (480.082 µs) : 459, 501
. : milestone, 480,
iast_FULL (544.45 µs) : 523, 565
. : milestone, 544,
iast_GLOBAL (492.378 µs) : 472, 513
. : milestone, 492,
iast_HARDCODED_SECRET_DISABLED (472.045 µs) : 451, 493
. : milestone, 472,
iast_INACTIVE (452.596 µs) : 431, 474
. : milestone, 453,
iast_TELEMETRY_OFF (472.842 µs) : 451, 495
. : milestone, 473,
tracing (451.41 µs) : 431, 472
. : milestone, 451,
section candidate
no_agent (367.627 µs) : 348, 388
. : milestone, 368,
iast (486.725 µs) : 466, 508
. : milestone, 487,
iast_FULL (556.551 µs) : 535, 578
. : milestone, 557,
iast_GLOBAL (504.906 µs) : 484, 526
. : milestone, 505,
iast_HARDCODED_SECRET_DISABLED (490.838 µs) : 469, 512
. : milestone, 491,
iast_INACTIVE (454.223 µs) : 434, 475
. : milestone, 454,
iast_TELEMETRY_OFF (474.847 µs) : 453, 496
. : milestone, 475,
tracing (454.671 µs) : 434, 475
. : milestone, 455,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879
dateFormat X
axisFormat %s
section baseline
no_agent (1.352 ms) : 1333, 1371
. : milestone, 1352,
appsec (1.734 ms) : 1710, 1757
. : milestone, 1734,
appsec_no_iast (1.71 ms) : 1687, 1734
. : milestone, 1710,
iast (1.49 ms) : 1467, 1513
. : milestone, 1490,
profiling (1.501 ms) : 1476, 1526
. : milestone, 1501,
tracing (1.474 ms) : 1449, 1499
. : milestone, 1474,
section candidate
no_agent (1.352 ms) : 1333, 1371
. : milestone, 1352,
appsec (1.727 ms) : 1702, 1752
. : milestone, 1727,
appsec_no_iast (1.702 ms) : 1677, 1726
. : milestone, 1702,
iast (1.485 ms) : 1463, 1508
. : milestone, 1485,
profiling (1.53 ms) : 1504, 1556
. : milestone, 1530,
tracing (1.496 ms) : 1472, 1520
. : milestone, 1496,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 2 performance regressions! Performance is the same for 10 metrics, 0 unstable metrics.
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879
dateFormat X
axisFormat %s
section baseline
no_agent (1.466 ms) : 1455, 1478
. : milestone, 1466,
appsec (2.231 ms) : 2196, 2266
. : milestone, 2231,
iast (1.9 ms) : 1864, 1936
. : milestone, 1900,
iast_GLOBAL (1.936 ms) : 1900, 1971
. : milestone, 1936,
profiling (1.861 ms) : 1829, 1894
. : milestone, 1861,
tracing (1.844 ms) : 1812, 1876
. : milestone, 1844,
section candidate
no_agent (1.469 ms) : 1458, 1481
. : milestone, 1469,
appsec (2.217 ms) : 2184, 2251
. : milestone, 2217,
iast (1.984 ms) : 1942, 2026
. : milestone, 1984,
iast_GLOBAL (2.016 ms) : 1975, 2058
. : milestone, 2016,
profiling (1.852 ms) : 1818, 1885
. : milestone, 1852,
tracing (1.842 ms) : 1810, 1874
. : milestone, 1842,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.35.0-SNAPSHOT~4b6a319695, baseline=1.35.0-SNAPSHOT~d878b0f879
dateFormat X
axisFormat %s
section baseline
no_agent (15.274 s) : 15274000, 15274000
. : milestone, 15274000,
appsec (14.928 s) : 14928000, 14928000
. : milestone, 14928000,
iast (18.975 s) : 18975000, 18975000
. : milestone, 18975000,
iast_GLOBAL (17.916 s) : 17916000, 17916000
. : milestone, 17916000,
profiling (15.798 s) : 15798000, 15798000
. : milestone, 15798000,
tracing (14.89 s) : 14890000, 14890000
. : milestone, 14890000,
section candidate
no_agent (15.164 s) : 15164000, 15164000
. : milestone, 15164000,
appsec (15.299 s) : 15299000, 15299000
. : milestone, 15299000,
iast (18.798 s) : 18798000, 18798000
. : milestone, 18798000,
iast_GLOBAL (17.812 s) : 17812000, 17812000
. : milestone, 17812000,
profiling (15.337 s) : 15337000, 15337000
. : milestone, 15337000,
tracing (14.891 s) : 14891000, 14891000
. : milestone, 14891000,
|
jandro996
force-pushed
the
alejandro.gonzalez/xss_jsp
branch
from
May 8, 2024 11:57
183a51c
to
ae313e3
Compare
jandro996
force-pushed
the
alejandro.gonzalez/xss_jsp_filename
branch
from
May 8, 2024 15:46
eab21bd
to
13aa99b
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Add StratumManger to deal with SMAP Syntax from Jakarta Debugging Support for Other Languages
Replace the StackTraceElement used to create the vulnerability location with the original file and line info
Motivation
If we want to show proper filename for vulnerabilities in JSP, we’ll need to map JSP stack traces to file names.
Additional Notes
Jira ticket: APPSEC-4703