Skip to content

Extended appsec request body collection #8748

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
May 26, 2025
Merged

Extended appsec request body collection #8748

merged 5 commits into from
May 26, 2025

Conversation

jandro996
Copy link
Member

@jandro996 jandro996 commented Apr 29, 2025
edited
Loading

What Does This Do

Adds the APPSEC_RASP_COLLECT_REQUEST_BODY flag, which enables collection of request body. This feature is disabled by default.

if APPSEC_RASP_COLLECT_REQUEST_BODY is enabled and there is a RASP event put the same parsed request body that is sent to the WAF via meta_struct with http.request.body key

Add listener to ObjectInstrospection#convert to add boolean tag _dd.appsec.rasp.request_body_size.exceeded if a limit is surpassed

Motivation

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-57268

@jandro996 jandro996 added type: enhancement comp: asm waf Application Security Management (WAF) labels Apr 29, 2025
@pr-commenter
Copy link

pr-commenter bot commented Apr 29, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/WaPo-request-body
git_commit_date 1746789389 1748257028
git_commit_sha ad6d5fe 2a3b7b7
release_version 1.50.0-SNAPSHOT~ad6d5fef42 1.50.0-SNAPSHOT~2a3b7b72ce
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1748259323 1748259323
ci_job_id 953905717 953905717
ci_pipeline_id 66098780 66098780
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zghvxubd-project-304-concurrent-0-4hcxt6d5 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zghvxubd-project-304-concurrent-0-4hcxt6d5 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None
variant iast iast

Summary

Found 1 performance improvements and 1 performance regressions! Performance is the same for 58 metrics, 11 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:startup:petclinic:profiling:GlobalTracer better
[-22.639ms; -14.402ms] or [-5.965%; -3.795%]		 361.001ms 379.522ms
scenario:startup:petclinic:profiling:AppSec worse
[+5.866ms; +8.943ms] or [+10.743%; +16.379%]		 62.005ms 54.601ms
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.50.0-SNAPSHOT~2a3b7b72ce, baseline=1.50.0-SNAPSHOT~ad6d5fef42

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.02 s) : 0, 1020077
Total [baseline] (8.654 s) : 0, 8654146
Agent [candidate] (1.025 s) : 0, 1024998
Total [candidate] (8.674 s) : 0, 8674255
section iast
Agent [baseline] (1.149 s) : 0, 1148747
Total [baseline] (9.272 s) : 0, 9271819
Agent [candidate] (1.154 s) : 0, 1153737
Total [candidate] (9.218 s) : 0, 9217562
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.149 s) : 0, 1149411
Total [baseline] (9.21 s) : 0, 9209961
Agent [candidate] (1.147 s) : 0, 1147424
Total [candidate] (9.179 s) : 0, 9178887
section iast_TELEMETRY_OFF
Agent [baseline] (1.151 s) : 0, 1151286
Total [baseline] (9.249 s) : 0, 9249124
Agent [candidate] (1.149 s) : 0, 1148516
Total [candidate] (9.228 s) : 0, 9227597
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.02 s -
Agent iast 1.149 s 128.67 ms (12.6%)
Agent iast_HARDCODED_SECRET_DISABLED 1.149 s 129.334 ms (12.7%)
Agent iast_TELEMETRY_OFF 1.151 s 131.208 ms (12.9%)
Total tracing 8.654 s -
Total iast 9.272 s 617.673 ms (7.1%)
Total iast_HARDCODED_SECRET_DISABLED 9.21 s 555.815 ms (6.4%)
Total iast_TELEMETRY_OFF 9.249 s 594.978 ms (6.9%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.025 s -
Agent iast 1.154 s 128.738 ms (12.6%)
Agent iast_HARDCODED_SECRET_DISABLED 1.147 s 122.426 ms (11.9%)
Agent iast_TELEMETRY_OFF 1.149 s 123.518 ms (12.1%)
Total tracing 8.674 s -
Total iast 9.218 s 543.308 ms (6.3%)
Total iast_HARDCODED_SECRET_DISABLED 9.179 s 504.632 ms (5.8%)
Total iast_TELEMETRY_OFF 9.228 s 553.342 ms (6.4%) 
gantt
    title insecure-bank - break down per module: candidate=1.50.0-SNAPSHOT~2a3b7b72ce, baseline=1.50.0-SNAPSHOT~ad6d5fef42

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (681.451 ms) : 0, 681451
BytebuddyAgent [candidate] (683.588 ms) : 0, 683588
GlobalTracer [baseline] (239.823 ms) : 0, 239823
GlobalTracer [candidate] (241.15 ms) : 0, 241150
AppSec [baseline] (54.439 ms) : 0, 54439
AppSec [candidate] (55.451 ms) : 0, 55451
Debugger [baseline] (8.939 ms) : 0, 8939
Debugger [candidate] (9.143 ms) : 0, 9143
Remote Config [baseline] (681.654 µs) : 0, 682
Remote Config [candidate] (708.618 µs) : 0, 709
Telemetry [baseline] (11.128 ms) : 0, 11128
Telemetry [candidate] (11.374 ms) : 0, 11374
section iast
BytebuddyAgent [baseline] (801.934 ms) : 0, 801934
BytebuddyAgent [candidate] (804.399 ms) : 0, 804399
GlobalTracer [baseline] (230.302 ms) : 0, 230302
GlobalTracer [candidate] (231.916 ms) : 0, 231916
IAST [baseline] (28.273 ms) : 0, 28273
IAST [candidate] (28.638 ms) : 0, 28638
AppSec [baseline] (50.266 ms) : 0, 50266
AppSec [candidate] (50.602 ms) : 0, 50602
Debugger [baseline] (5.922 ms) : 0, 5922
Debugger [candidate] (5.994 ms) : 0, 5994
Remote Config [baseline] (596.958 µs) : 0, 597
Remote Config [candidate] (596.691 µs) : 0, 597
Telemetry [baseline] (7.927 ms) : 0, 7927
Telemetry [candidate] (7.964 ms) : 0, 7964
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (802.437 ms) : 0, 802437
BytebuddyAgent [candidate] (800.743 ms) : 0, 800743
GlobalTracer [baseline] (230.423 ms) : 0, 230423
GlobalTracer [candidate] (230.421 ms) : 0, 230421
IAST [baseline] (27.457 ms) : 0, 27457
IAST [candidate] (28.843 ms) : 0, 28843
AppSec [baseline] (51.099 ms) : 0, 51099
AppSec [candidate] (49.457 ms) : 0, 49457
Debugger [baseline] (5.932 ms) : 0, 5932
Debugger [candidate] (5.91 ms) : 0, 5910
Remote Config [baseline] (589.156 µs) : 0, 589
Remote Config [candidate] (604.684 µs) : 0, 605
Telemetry [baseline] (7.879 ms) : 0, 7879
Telemetry [candidate] (7.906 ms) : 0, 7906
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (803.876 ms) : 0, 803876
BytebuddyAgent [candidate] (802.505 ms) : 0, 802505
GlobalTracer [baseline] (231.193 ms) : 0, 231193
GlobalTracer [candidate] (230.667 ms) : 0, 230667
IAST [baseline] (23.261 ms) : 0, 23261
IAST [candidate] (23.755 ms) : 0, 23755
AppSec [baseline] (54.923 ms) : 0, 54923
AppSec [candidate] (53.893 ms) : 0, 53893
Debugger [baseline] (5.97 ms) : 0, 5970
Debugger [candidate] (5.831 ms) : 0, 5831
Remote Config [baseline] (605.698 µs) : 0, 606
Remote Config [candidate] (585.326 µs) : 0, 585
Telemetry [baseline] (7.837 ms) : 0, 7837
Telemetry [candidate] (7.724 ms) : 0, 7724
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.50.0-SNAPSHOT~2a3b7b72ce, baseline=1.50.0-SNAPSHOT~ad6d5fef42

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.021 s) : 0, 1021434
Total [baseline] (10.452 s) : 0, 10451713
Agent [candidate] (1.024 s) : 0, 1024084
Total [candidate] (10.435 s) : 0, 10434916
section appsec
Agent [baseline] (1.167 s) : 0, 1167086
Total [baseline] (10.713 s) : 0, 10712853
Agent [candidate] (1.168 s) : 0, 1168288
Total [candidate] (10.674 s) : 0, 10674433
section iast
Agent [baseline] (1.156 s) : 0, 1155696
Total [baseline] (10.938 s) : 0, 10937947
Agent [candidate] (1.152 s) : 0, 1151737
Total [candidate] (10.953 s) : 0, 10953439
section profiling
Agent [baseline] (1.287 s) : 0, 1287435
Total [baseline] (10.813 s) : 0, 10813332
Agent [candidate] (1.27 s) : 0, 1270359
Total [candidate] (10.812 s) : 0, 10812354
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.021 s -
Agent appsec 1.167 s 145.652 ms (14.3%)
Agent iast 1.156 s 134.262 ms (13.1%)
Agent profiling 1.287 s 266.001 ms (26.0%)
Total tracing 10.452 s -
Total appsec 10.713 s 261.141 ms (2.5%)
Total iast 10.938 s 486.235 ms (4.7%)
Total profiling 10.813 s 361.62 ms (3.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.024 s -
Agent appsec 1.168 s 144.204 ms (14.1%)
Agent iast 1.152 s 127.652 ms (12.5%)
Agent profiling 1.27 s 246.275 ms (24.0%)
Total tracing 10.435 s -
Total appsec 10.674 s 239.517 ms (2.3%)
Total iast 10.953 s 518.523 ms (5.0%)
Total profiling 10.812 s 377.439 ms (3.6%) 
gantt
    title petclinic - break down per module: candidate=1.50.0-SNAPSHOT~2a3b7b72ce, baseline=1.50.0-SNAPSHOT~ad6d5fef42

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (683.238 ms) : 0, 683238
BytebuddyAgent [candidate] (685.915 ms) : 0, 685915
GlobalTracer [baseline] (240.116 ms) : 0, 240116
GlobalTracer [candidate] (241.741 ms) : 0, 241741
AppSec [baseline] (55.823 ms) : 0, 55823
AppSec [candidate] (55.278 ms) : 0, 55278
Debugger [baseline] (8.961 ms) : 0, 8961
Debugger [candidate] (7.634 ms) : 0, 7634
Remote Config [baseline] (683.598 µs) : 0, 684
Remote Config [candidate] (715.271 µs) : 0, 715
Telemetry [baseline] (8.96 ms) : 0, 8960
Telemetry [candidate] (9.062 ms) : 0, 9062
section appsec
BytebuddyAgent [baseline] (705.023 ms) : 0, 705023
BytebuddyAgent [candidate] (706.33 ms) : 0, 706330
GlobalTracer [baseline] (237.74 ms) : 0, 237740
GlobalTracer [candidate] (237.367 ms) : 0, 237367
AppSec [baseline] (175.895 ms) : 0, 175895
AppSec [candidate] (175.957 ms) : 0, 175957
Debugger [baseline] (5.923 ms) : 0, 5923
Debugger [candidate] (5.999 ms) : 0, 5999
Remote Config [baseline] (630.128 µs) : 0, 630
Remote Config [candidate] (634.433 µs) : 0, 634
Telemetry [baseline] (7.371 ms) : 0, 7371
Telemetry [candidate] (7.408 ms) : 0, 7408
IAST [baseline] (21.79 ms) : 0, 21790
IAST [candidate] (21.833 ms) : 0, 21833
section iast
BytebuddyAgent [baseline] (807.14 ms) : 0, 807140
BytebuddyAgent [candidate] (803.997 ms) : 0, 803997
GlobalTracer [baseline] (231.454 ms) : 0, 231454
GlobalTracer [candidate] (231.205 ms) : 0, 231205
AppSec [baseline] (51.386 ms) : 0, 51386
AppSec [candidate] (48.769 ms) : 0, 48769
Debugger [baseline] (5.933 ms) : 0, 5933
Debugger [candidate] (5.925 ms) : 0, 5925
Remote Config [baseline] (600.588 µs) : 0, 601
Remote Config [candidate] (601.244 µs) : 0, 601
Telemetry [baseline] (7.995 ms) : 0, 7995
Telemetry [candidate] (7.922 ms) : 0, 7922
IAST [baseline] (26.7 ms) : 0, 26700
IAST [candidate] (29.764 ms) : 0, 29764
section profiling
ProfilingAgent [baseline] (109.759 ms) : 0, 109759
ProfilingAgent [candidate] (105.342 ms) : 0, 105342
BytebuddyAgent [baseline] (677.64 ms) : 0, 677640
BytebuddyAgent [candidate] (675.63 ms) : 0, 675630
GlobalTracer [baseline] (379.522 ms) : 0, 379522
GlobalTracer [candidate] (361.001 ms) : 0, 361001
AppSec [baseline] (54.601 ms) : 0, 54601
AppSec [candidate] (62.005 ms) : 0, 62005
Debugger [baseline] (6.156 ms) : 0, 6156
Debugger [candidate] (6.317 ms) : 0, 6317
Remote Config [baseline] (652.956 µs) : 0, 653
Remote Config [candidate] (655.439 µs) : 0, 655
Telemetry [baseline] (8.184 ms) : 0, 8184
Telemetry [candidate] (8.261 ms) : 0, 8261
Profiling [baseline] (109.784 ms) : 0, 109784
Profiling [candidate] (105.366 ms) : 0, 105366
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2025-05-26T11:05:45 2025-05-26T11:13:32
git_branch master alejandro.gonzalez/WaPo-request-body
git_commit_date 1746789389 1748257028
git_commit_sha ad6d5fe 2a3b7b7
release_version 1.50.0-SNAPSHOT~ad6d5fef42 1.50.0-SNAPSHOT~2a3b7b72ce
start_time 2025-05-26T11:05:31 2025-05-26T11:13:18
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1748258412 1748258412
ci_job_id 953905718 953905718
ci_pipeline_id 66098780 66098780
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zghvxubd-project-304-concurrent-1-f5j7pwx0 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zghvxubd-project-304-concurrent-1-f5j7pwx0 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 18 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.50.0-SNAPSHOT~2a3b7b72ce, baseline=1.50.0-SNAPSHOT~ad6d5fef42
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.38 ms) : 1360, 1400
.   : milestone, 1380,
appsec (1.746 ms) : 1723, 1770
.   : milestone, 1746,
appsec_no_iast (1.723 ms) : 1700, 1747
.   : milestone, 1723,
code_origins (1.675 ms) : 1648, 1702
.   : milestone, 1675,
iast (1.518 ms) : 1495, 1542
.   : milestone, 1518,
profiling (1.524 ms) : 1501, 1548
.   : milestone, 1524,
tracing (1.506 ms) : 1481, 1531
.   : milestone, 1506,
section candidate
no_agent (1.371 ms) : 1351, 1390
.   : milestone, 1371,
appsec (1.751 ms) : 1727, 1775
.   : milestone, 1751,
appsec_no_iast (1.732 ms) : 1709, 1755
.   : milestone, 1732,
code_origins (1.669 ms) : 1642, 1696
.   : milestone, 1669,
iast (1.522 ms) : 1498, 1546
.   : milestone, 1522,
profiling (1.548 ms) : 1523, 1573
.   : milestone, 1548,
tracing (1.502 ms) : 1478, 1525
.   : milestone, 1502,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.38 ms [1.36 ms, 1.4 ms] -
appsec 1.746 ms [1.723 ms, 1.77 ms] 366.316 µs (26.5%)
appsec_no_iast 1.723 ms [1.7 ms, 1.747 ms] 343.281 µs (24.9%)
code_origins 1.675 ms [1.648 ms, 1.702 ms] 294.914 µs (21.4%)
iast 1.518 ms [1.495 ms, 1.542 ms] 138.21 µs (10.0%)
profiling 1.524 ms [1.501 ms, 1.548 ms] 144.254 µs (10.5%)
tracing 1.506 ms [1.481 ms, 1.531 ms] 126.31 µs (9.2%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.371 ms [1.351 ms, 1.39 ms] -
appsec 1.751 ms [1.727 ms, 1.775 ms] 380.468 µs (27.8%)
appsec_no_iast 1.732 ms [1.709 ms, 1.755 ms] 361.402 µs (26.4%)
code_origins 1.669 ms [1.642 ms, 1.696 ms] 298.774 µs (21.8%)
iast 1.522 ms [1.498 ms, 1.546 ms] 151.472 µs (11.1%)
profiling 1.548 ms [1.523 ms, 1.573 ms] 177.499 µs (13.0%)
tracing 1.502 ms [1.478 ms, 1.525 ms] 131.183 µs (9.6%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.50.0-SNAPSHOT~2a3b7b72ce, baseline=1.50.0-SNAPSHOT~ad6d5fef42
    dateFormat X
    axisFormat %s
section baseline
no_agent (387.935 µs) : 367, 409
.   : milestone, 388,
iast (526.218 µs) : 505, 548
.   : milestone, 526,
iast_FULL (744.035 µs) : 722, 766
.   : milestone, 744,
iast_GLOBAL (564.593 µs) : 543, 586
.   : milestone, 565,
iast_HARDCODED_SECRET_DISABLED (521.674 µs) : 500, 543
.   : milestone, 522,
iast_INACTIVE (465.995 µs) : 443, 489
.   : milestone, 466,
iast_TELEMETRY_OFF (519.73 µs) : 496, 543
.   : milestone, 520,
tracing (462.694 µs) : 441, 484
.   : milestone, 463,
section candidate
no_agent (389.406 µs) : 369, 410
.   : milestone, 389,
iast (520.933 µs) : 499, 543
.   : milestone, 521,
iast_FULL (736.113 µs) : 714, 758
.   : milestone, 736,
iast_GLOBAL (576.654 µs) : 555, 599
.   : milestone, 577,
iast_HARDCODED_SECRET_DISABLED (519.678 µs) : 498, 542
.   : milestone, 520,
iast_INACTIVE (467.578 µs) : 445, 490
.   : milestone, 468,
iast_TELEMETRY_OFF (511.957 µs) : 488, 536
.   : milestone, 512,
tracing (466.068 µs) : 444, 488
.   : milestone, 466,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 387.935 µs [367.344 µs, 408.525 µs] -
iast 526.218 µs [504.544 µs, 547.892 µs] 138.284 µs (35.6%)
iast_FULL 744.035 µs [721.986 µs, 766.085 µs] 356.101 µs (91.8%)
iast_GLOBAL 564.593 µs [542.755 µs, 586.432 µs] 176.659 µs (45.5%)
iast_HARDCODED_SECRET_DISABLED 521.674 µs [500.047 µs, 543.3 µs] 133.739 µs (34.5%)
iast_INACTIVE 465.995 µs [443.396 µs, 488.594 µs] 78.06 µs (20.1%)
iast_TELEMETRY_OFF 519.73 µs [496.308 µs, 543.153 µs] 131.796 µs (34.0%)
tracing 462.694 µs [441.146 µs, 484.242 µs] 74.759 µs (19.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 389.406 µs [368.82 µs, 409.992 µs] -
iast 520.933 µs [499.341 µs, 542.525 µs] 131.527 µs (33.8%)
iast_FULL 736.113 µs [714.233 µs, 757.994 µs] 346.707 µs (89.0%)
iast_GLOBAL 576.654 µs [554.718 µs, 598.589 µs] 187.248 µs (48.1%)
iast_HARDCODED_SECRET_DISABLED 519.678 µs [497.824 µs, 541.531 µs] 130.272 µs (33.5%)
iast_INACTIVE 467.578 µs [445.273 µs, 489.883 µs] 78.173 µs (20.1%)
iast_TELEMETRY_OFF 511.957 µs [488.226 µs, 535.688 µs] 122.551 µs (31.5%)
tracing 466.068 µs [444.054 µs, 488.082 µs] 76.662 µs (19.7%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/WaPo-request-body
git_commit_date 1746789389 1748257028
git_commit_sha ad6d5fe 2a3b7b7
release_version 1.50.0-SNAPSHOT~ad6d5fef42 1.50.0-SNAPSHOT~2a3b7b72ce
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1748259044 1748259044
ci_job_id 953905719 953905719
ci_pipeline_id 66098780 66098780
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-6b4twteb-project-304-concurrent-0-9v0jer70 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-6b4twteb-project-304-concurrent-0-9v0jer70 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~2a3b7b72ce, baseline=1.50.0-SNAPSHOT~ad6d5fef42
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.54 s) : 15540000, 15540000
.   : milestone, 15540000,
appsec (15.005 s) : 15005000, 15005000
.   : milestone, 15005000,
iast (18.858 s) : 18858000, 18858000
.   : milestone, 18858000,
iast_GLOBAL (18.094 s) : 18094000, 18094000
.   : milestone, 18094000,
profiling (14.942 s) : 14942000, 14942000
.   : milestone, 14942000,
tracing (14.961 s) : 14961000, 14961000
.   : milestone, 14961000,
section candidate
no_agent (15.191 s) : 15191000, 15191000
.   : milestone, 15191000,
appsec (14.667 s) : 14667000, 14667000
.   : milestone, 14667000,
iast (19.118 s) : 19118000, 19118000
.   : milestone, 19118000,
iast_GLOBAL (18.345 s) : 18345000, 18345000
.   : milestone, 18345000,
profiling (15.059 s) : 15059000, 15059000
.   : milestone, 15059000,
tracing (14.905 s) : 14905000, 14905000
.   : milestone, 14905000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.54 s [15.54 s, 15.54 s] -
appsec 15.005 s [15.005 s, 15.005 s] -535.0 ms (-3.4%)
iast 18.858 s [18.858 s, 18.858 s] 3.318 s (21.4%)
iast_GLOBAL 18.094 s [18.094 s, 18.094 s] 2.554 s (16.4%)
profiling 14.942 s [14.942 s, 14.942 s] -598.0 ms (-3.8%)
tracing 14.961 s [14.961 s, 14.961 s] -579.0 ms (-3.7%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.191 s [15.191 s, 15.191 s] -
appsec 14.667 s [14.667 s, 14.667 s] -524.0 ms (-3.4%)
iast 19.118 s [19.118 s, 19.118 s] 3.927 s (25.9%)
iast_GLOBAL 18.345 s [18.345 s, 18.345 s] 3.154 s (20.8%)
profiling 15.059 s [15.059 s, 15.059 s] -132.0 ms (-0.9%)
tracing 14.905 s [14.905 s, 14.905 s] -286.0 ms (-1.9%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~2a3b7b72ce, baseline=1.50.0-SNAPSHOT~ad6d5fef42
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.479 ms) : 1467, 1490
.   : milestone, 1479,
appsec (2.409 ms) : 2360, 2457
.   : milestone, 2409,
iast (2.169 ms) : 2109, 2229
.   : milestone, 2169,
iast_GLOBAL (2.224 ms) : 2163, 2284
.   : milestone, 2224,
profiling (2.044 ms) : 1994, 2094
.   : milestone, 2044,
tracing (2.015 ms) : 1968, 2062
.   : milestone, 2015,
section candidate
no_agent (1.478 ms) : 1466, 1489
.   : milestone, 1478,
appsec (2.401 ms) : 2352, 2449
.   : milestone, 2401,
iast (2.187 ms) : 2127, 2248
.   : milestone, 2187,
iast_GLOBAL (2.226 ms) : 2165, 2288
.   : milestone, 2226,
profiling (2.041 ms) : 1992, 2091
.   : milestone, 2041,
tracing (2.017 ms) : 1969, 2065
.   : milestone, 2017,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.479 ms [1.467 ms, 1.49 ms] -
appsec 2.409 ms [2.36 ms, 2.457 ms] 929.674 µs (62.9%)
iast 2.169 ms [2.109 ms, 2.229 ms] 690.144 µs (46.7%)
iast_GLOBAL 2.224 ms [2.163 ms, 2.284 ms] 744.665 µs (50.4%)
profiling 2.044 ms [1.994 ms, 2.094 ms] 564.908 µs (38.2%)
tracing 2.015 ms [1.968 ms, 2.062 ms] 536.154 µs (36.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.478 ms [1.466 ms, 1.489 ms] -
appsec 2.401 ms [2.352 ms, 2.449 ms] 922.889 µs (62.5%)
iast 2.187 ms [2.127 ms, 2.248 ms] 709.315 µs (48.0%)
iast_GLOBAL 2.226 ms [2.165 ms, 2.288 ms] 748.67 µs (50.7%)
profiling 2.041 ms [1.992 ms, 2.091 ms] 563.764 µs (38.2%)
tracing 2.017 ms [1.969 ms, 2.065 ms] 539.266 µs (36.5%)

@jandro996 jandro996 force-pushed the alejandro.gonzalez/WaPo-headers branch from dc48fa1 to 761eade Compare April 30, 2025 11:32
@jandro996 jandro996 force-pushed the alejandro.gonzalez/WaPo-request-body branch from bdc855c to 5dcd1cf Compare May 8, 2025 07:07
@jandro996 jandro996 mentioned this pull request May 13, 2025
Merged
jandro996 added a commit that referenced this pull request May 13, 2025
@jandro996
Add appsec.waf.input_truncated metric
933cb97 
This PR adds support for a new telemetry metric: appsec.waf.input_truncated. This is a count metric that tracks the number of times a WAF input was truncated, which may happen multiple times per request. The metric includes a truncation_reason tag, represented as a bitfield, with the following values:

1: string too long
2: list or map too large
4: object too deep

Additional Notes
For every call to WAF, if truncation occurred during serialization, we should emit the metric. This will increment the count for each run where truncation was detected, and each metric will include the bitfield indicating the types of truncation that occurred.

This metric should also be triggered when ObjectInstrospector truncates the object send to the WAF. This corner case affects parsed request body and grpc. This should be fixed after #8748
@jandro996 jandro996 force-pushed the alejandro.gonzalez/WaPo-headers branch from c117ce0 to 09b77c3 Compare May 19, 2025 07:07
Base automatically changed from alejandro.gonzalez/WaPo-headers to master May 21, 2025 10:18
@jandro996
Collect parsed request body if RASP event
502cf6a 
improve truncation

wip

wip - not working

wip - fix
@jandro996 jandro996 force-pushed the alejandro.gonzalez/WaPo-request-body branch from fad042b to 502cf6a Compare May 21, 2025 10:30
@jandro996 jandro996 marked this pull request as ready for review May 22, 2025 06:12
@jandro996 jandro996 requested review from a team as code owners May 22, 2025 06:12
@jandro996 jandro996 removed the comp: asm waf Application Security Management (WAF) label May 26, 2025
@github-actions GitHub Actions
Copy link
Contributor

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

@jandro996 jandro996 added the comp: asm waf Application Security Management (WAF) label May 26, 2025
@jandro996 jandro996 merged commit 37a783c into master May 26, 2025
523 of 524 checks passed
@jandro996 jandro996 deleted the alejandro.gonzalez/WaPo-request-body branch May 26, 2025 12:31
@github-actions github-actions bot added this to the 1.50.0 milestone May 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smola smola smola approved these changes

@robertpi robertpi Awaiting requested review from robertpi robertpi is a code owner automatically assigned from DataDog/asm-java

@sezen-datadog sezen-datadog Awaiting requested review from sezen-datadog sezen-datadog is a code owner automatically assigned from DataDog/asm-java

@ygree ygree Awaiting requested review from ygree ygree is a code owner automatically assigned from DataDog/apm-java

Assignees
No one assigned
Labels
comp: asm waf Application Security Management (WAF) type: enhancement
Projects
None yet
Milestone
1.50.0
Development

Successfully merging this pull request may close these issues.
2 participants
@jandro996 @smola