Skip to content

Fix ObjectIntrospection exposing JDK internal toString() to the WAF#10820

Draft
jandro996 wants to merge 3 commits intomasterfrom
alejandro.gonzalez/APPSEC-61693
Draft

Fix ObjectIntrospection exposing JDK internal toString() to the WAF#10820
jandro996 wants to merge 3 commits intomasterfrom
alejandro.gonzalez/APPSEC-61693

Conversation

@jandro996
Copy link
Member

@jandro996 jandro996 commented Mar 12, 2026
edited
Loading

What Does This Do

When setAccessible() failed for a field due to Java 9+ module encapsulation, ObjectIntrospection returned obj.toString() for the entire object.

This caused JDK internal string representations such as "class java.lang.Object" to reach the WAF engine, where they could match phrase_match rules (e.g., crs-944-130 java_code_injection) and generate false positive security events on every request, leading to a CPU spike.

This change replaces the early return with a continue, so that inaccessible fields are skipped while accessible fields on the same object are still reported to the WAF.

Motivation

Avoid false positive security events and unnecessary CPU spikes caused by internal JDK string representations being analyzed by the WAF.
https://datadoghq.atlassian.net/browse/SCRS-2006

Additional Notes

  • Affects behavior when setAccessible() fails under Java 9+ module encapsulation.
  • Ensures ObjectIntrospection continues processing remaining accessible fields instead of falling back to obj.toString().

Contributor Checklist

Jira ticket: APPSEC-61693

Note: Once your PR is ready to merge, add it to the merge queue by commenting /merge. /merge -c cancels the queue request. /merge -f --reason "reason" skips all merge queue checks; please use this judiciously, as some checks do not run at the PR-level. For more information, see this doc.

@jandro996 jandro996 added type: bug Bug report and fix comp: asm waf Application Security Management (WAF) labels Mar 12, 2026
@pr-commenter
Copy link

pr-commenter bot commented Mar 12, 2026

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/APPSEC-61693
git_commit_date 1773312120 1773328324
git_commit_sha 93c3816 c818028
release_version 1.61.0-SNAPSHOT~93c3816062 1.61.0-SNAPSHOT~c81802884f
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1773330064 1773330064
ci_job_id 1500809550 1500809550
ci_pipeline_id 102158706 102158706
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-uj4kf9f7 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-uj4kf9f7 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 64 metrics, 7 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.61.0-SNAPSHOT~c81802884f, baseline=1.61.0-SNAPSHOT~93c3816062

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.057 s) : 0, 1057379
Total [baseline] (8.832 s) : 0, 8831864
Agent [candidate] (1.065 s) : 0, 1064827
Total [candidate] (8.867 s) : 0, 8866571
section iast
Agent [baseline] (1.226 s) : 0, 1225728
Total [baseline] (9.563 s) : 0, 9562808
Agent [candidate] (1.236 s) : 0, 1236370
Total [candidate] (9.573 s) : 0, 9572969
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.057 s -
Agent iast 1.226 s 168.349 ms (15.9%)
Total tracing 8.832 s -
Total iast 9.563 s 730.944 ms (8.3%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.065 s -
Agent iast 1.236 s 171.543 ms (16.1%)
Total tracing 8.867 s -
Total iast 9.573 s 706.398 ms (8.0%) 
gantt
    title insecure-bank - break down per module: candidate=1.61.0-SNAPSHOT~c81802884f, baseline=1.61.0-SNAPSHOT~93c3816062

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.195 ms) : 0, 1195
crashtracking [candidate] (1.215 ms) : 0, 1215
BytebuddyAgent [baseline] (627.782 ms) : 0, 627782
BytebuddyAgent [candidate] (629.98 ms) : 0, 629980
AgentMeter [baseline] (29.023 ms) : 0, 29023
AgentMeter [candidate] (29.451 ms) : 0, 29451
GlobalTracer [baseline] (256.975 ms) : 0, 256975
GlobalTracer [candidate] (259.495 ms) : 0, 259495
AppSec [baseline] (31.57 ms) : 0, 31570
AppSec [candidate] (32.026 ms) : 0, 32026
Debugger [baseline] (58.984 ms) : 0, 58984
Debugger [candidate] (59.172 ms) : 0, 59172
Remote Config [baseline] (594.416 µs) : 0, 594
Remote Config [candidate] (594.024 µs) : 0, 594
Telemetry [baseline] (8.694 ms) : 0, 8694
Telemetry [candidate] (8.735 ms) : 0, 8735
Flare Poller [baseline] (6.502 ms) : 0, 6502
Flare Poller [candidate] (8.027 ms) : 0, 8027
section iast
crashtracking [baseline] (1.198 ms) : 0, 1198
crashtracking [candidate] (1.207 ms) : 0, 1207
BytebuddyAgent [baseline] (795.356 ms) : 0, 795356
BytebuddyAgent [candidate] (802.636 ms) : 0, 802636
AgentMeter [baseline] (11.348 ms) : 0, 11348
AgentMeter [candidate] (11.582 ms) : 0, 11582
GlobalTracer [baseline] (247.566 ms) : 0, 247566
GlobalTracer [candidate] (249.561 ms) : 0, 249561
AppSec [baseline] (26.336 ms) : 0, 26336
AppSec [candidate] (26.632 ms) : 0, 26632
Debugger [baseline] (62.626 ms) : 0, 62626
Debugger [candidate] (62.956 ms) : 0, 62956
Remote Config [baseline] (537.278 µs) : 0, 537
Remote Config [candidate] (530.717 µs) : 0, 531
Telemetry [baseline] (14.78 ms) : 0, 14780
Telemetry [candidate] (15.48 ms) : 0, 15480
Flare Poller [baseline] (4.67 ms) : 0, 4670
Flare Poller [candidate] (4.235 ms) : 0, 4235
IAST [baseline] (25.125 ms) : 0, 25125
IAST [candidate] (25.369 ms) : 0, 25369
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.61.0-SNAPSHOT~c81802884f, baseline=1.61.0-SNAPSHOT~93c3816062

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.074 s) : 0, 1073765
Total [baseline] (11.1 s) : 0, 11100434
Agent [candidate] (1.063 s) : 0, 1063376
Total [candidate] (11.098 s) : 0, 11097733
section appsec
Agent [baseline] (1.249 s) : 0, 1249247
Total [baseline] (11.192 s) : 0, 11191791
Agent [candidate] (1.246 s) : 0, 1246020
Total [candidate] (11.139 s) : 0, 11139061
section iast
Agent [baseline] (1.23 s) : 0, 1229895
Total [baseline] (11.327 s) : 0, 11326884
Agent [candidate] (1.229 s) : 0, 1228867
Total [candidate] (11.349 s) : 0, 11348531
section profiling
Agent [baseline] (1.189 s) : 0, 1188948
Total [baseline] (11.226 s) : 0, 11226410
Agent [candidate] (1.181 s) : 0, 1180650
Total [candidate] (11.079 s) : 0, 11078875
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.074 s -
Agent appsec 1.249 s 175.482 ms (16.3%)
Agent iast 1.23 s 156.13 ms (14.5%)
Agent profiling 1.189 s 115.183 ms (10.7%)
Total tracing 11.1 s -
Total appsec 11.192 s 91.358 ms (0.8%)
Total iast 11.327 s 226.45 ms (2.0%)
Total profiling 11.226 s 125.976 ms (1.1%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.063 s -
Agent appsec 1.246 s 182.644 ms (17.2%)
Agent iast 1.229 s 165.491 ms (15.6%)
Agent profiling 1.181 s 117.274 ms (11.0%)
Total tracing 11.098 s -
Total appsec 11.139 s 41.328 ms (0.4%)
Total iast 11.349 s 250.798 ms (2.3%)
Total profiling 11.079 s -18.858 ms (-0.2%) 
gantt
    title petclinic - break down per module: candidate=1.61.0-SNAPSHOT~c81802884f, baseline=1.61.0-SNAPSHOT~93c3816062

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.213 ms) : 0, 1213
crashtracking [candidate] (1.201 ms) : 0, 1201
BytebuddyAgent [baseline] (635.871 ms) : 0, 635871
BytebuddyAgent [candidate] (630.191 ms) : 0, 630191
AgentMeter [baseline] (29.675 ms) : 0, 29675
AgentMeter [candidate] (29.41 ms) : 0, 29410
GlobalTracer [baseline] (260.661 ms) : 0, 260661
GlobalTracer [candidate] (258.942 ms) : 0, 258942
AppSec [baseline] (32.08 ms) : 0, 32080
AppSec [candidate] (31.764 ms) : 0, 31764
Debugger [baseline] (60.398 ms) : 0, 60398
Debugger [candidate] (59.86 ms) : 0, 59860
Remote Config [baseline] (600.462 µs) : 0, 600
Remote Config [candidate] (586.481 µs) : 0, 586
Telemetry [baseline] (8.717 ms) : 0, 8717
Telemetry [candidate] (8.729 ms) : 0, 8729
Flare Poller [baseline] (8.118 ms) : 0, 8118
Flare Poller [candidate] (6.482 ms) : 0, 6482
section appsec
crashtracking [baseline] (1.194 ms) : 0, 1194
crashtracking [candidate] (1.194 ms) : 0, 1194
BytebuddyAgent [baseline] (659.679 ms) : 0, 659679
BytebuddyAgent [candidate] (658.051 ms) : 0, 658051
AgentMeter [baseline] (12.122 ms) : 0, 12122
AgentMeter [candidate] (12.036 ms) : 0, 12036
GlobalTracer [baseline] (258.964 ms) : 0, 258964
GlobalTracer [candidate] (258.598 ms) : 0, 258598
IAST [baseline] (23.972 ms) : 0, 23972
IAST [candidate] (23.918 ms) : 0, 23918
AppSec [baseline] (177.902 ms) : 0, 177902
AppSec [candidate] (177.444 ms) : 0, 177444
Debugger [baseline] (65.814 ms) : 0, 65814
Debugger [candidate] (65.392 ms) : 0, 65392
Remote Config [baseline] (574.048 µs) : 0, 574
Remote Config [candidate] (580.492 µs) : 0, 580
Telemetry [baseline] (9.087 ms) : 0, 9087
Telemetry [candidate] (8.942 ms) : 0, 8942
Flare Poller [baseline] (3.583 ms) : 0, 3583
Flare Poller [candidate] (3.559 ms) : 0, 3559
section iast
crashtracking [baseline] (1.203 ms) : 0, 1203
crashtracking [candidate] (1.188 ms) : 0, 1188
BytebuddyAgent [baseline] (798.214 ms) : 0, 798214
BytebuddyAgent [candidate] (797.227 ms) : 0, 797227
AgentMeter [baseline] (11.386 ms) : 0, 11386
AgentMeter [candidate] (11.361 ms) : 0, 11361
GlobalTracer [baseline] (247.891 ms) : 0, 247891
GlobalTracer [candidate] (248.059 ms) : 0, 248059
IAST [baseline] (25.142 ms) : 0, 25142
IAST [candidate] (25.058 ms) : 0, 25058
AppSec [baseline] (26.4 ms) : 0, 26400
AppSec [candidate] (26.373 ms) : 0, 26373
Debugger [baseline] (65.259 ms) : 0, 65259
Debugger [candidate] (64.612 ms) : 0, 64612
Remote Config [baseline] (558.029 µs) : 0, 558
Remote Config [candidate] (527.827 µs) : 0, 528
Telemetry [baseline] (13.432 ms) : 0, 13432
Telemetry [candidate] (14.16 ms) : 0, 14160
Flare Poller [baseline] (4.216 ms) : 0, 4216
Flare Poller [candidate] (4.263 ms) : 0, 4263
section profiling
crashtracking [baseline] (1.168 ms) : 0, 1168
crashtracking [candidate] (1.171 ms) : 0, 1171
BytebuddyAgent [baseline] (684.453 ms) : 0, 684453
BytebuddyAgent [candidate] (681.882 ms) : 0, 681882
AgentMeter [baseline] (8.77 ms) : 0, 8770
AgentMeter [candidate] (8.64 ms) : 0, 8640
GlobalTracer [baseline] (217.395 ms) : 0, 217395
GlobalTracer [candidate] (215.13 ms) : 0, 215130
AppSec [baseline] (32.406 ms) : 0, 32406
AppSec [candidate] (31.953 ms) : 0, 31953
Debugger [baseline] (64.506 ms) : 0, 64506
Debugger [candidate] (64.452 ms) : 0, 64452
Remote Config [baseline] (598.712 µs) : 0, 599
Remote Config [candidate] (581.55 µs) : 0, 582
Telemetry [baseline] (9.969 ms) : 0, 9969
Telemetry [candidate] (8.923 ms) : 0, 8923
Flare Poller [baseline] (3.529 ms) : 0, 3529
Flare Poller [candidate] (3.449 ms) : 0, 3449
ProfilingAgent [baseline] (95.184 ms) : 0, 95184
ProfilingAgent [candidate] (93.749 ms) : 0, 93749
Profiling [baseline] (95.761 ms) : 0, 95761
Profiling [candidate] (94.308 ms) : 0, 94308
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/APPSEC-61693
git_commit_date 1773312120 1773328324
git_commit_sha 93c3816 c818028
release_version 1.61.0-SNAPSHOT~93c3816062 1.61.0-SNAPSHOT~c81802884f
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1773330537 1773330537
ci_job_id 1500809552 1500809552
ci_pipeline_id 102158706 102158706
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-4-bi25qxps 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-4-bi25qxps 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 1 performance regressions! Performance is the same for 17 metrics, 16 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:profiling:high_load worse
[+52.164µs; +202.630µs] or [+3.166%; +12.300%]		 unstable
[+200.367µs; +1116.420µs] or [+4.148%; +23.113%]		 unstable
[-474.533op/s; +25.283op/s] or [-21.421%; +1.141%]		 1.775ms 5.489ms 1990.688op/s 1.647ms 4.830ms 2215.312op/s
scenario:load:petclinic:appsec:high_load better
[-1.472ms; -0.699ms] or [-7.703%; -3.658%]		 better
[-2.247ms; -0.658ms] or [-7.257%; -2.124%]		 unstable
[-14.285op/s; +40.973op/s] or [-5.946%; +17.054%]		 18.020ms 29.518ms 253.594op/s 19.105ms 30.971ms 240.250op/s
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.61.0-SNAPSHOT~c81802884f, baseline=1.61.0-SNAPSHOT~93c3816062
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.171 ms) : 1160, 1183
.   : milestone, 1171,
iast (3.201 ms) : 3157, 3245
.   : milestone, 3201,
iast_FULL (5.973 ms) : 5912, 6034
.   : milestone, 5973,
iast_GLOBAL (3.617 ms) : 3568, 3667
.   : milestone, 3617,
profiling (2.039 ms) : 2022, 2057
.   : milestone, 2039,
tracing (1.823 ms) : 1808, 1838
.   : milestone, 1823,
section candidate
no_agent (1.196 ms) : 1185, 1208
.   : milestone, 1196,
iast (3.158 ms) : 3116, 3200
.   : milestone, 3158,
iast_FULL (5.852 ms) : 5793, 5911
.   : milestone, 5852,
iast_GLOBAL (3.543 ms) : 3491, 3594
.   : milestone, 3543,
profiling (2.277 ms) : 2256, 2298
.   : milestone, 2277,
tracing (1.773 ms) : 1758, 1788
.   : milestone, 1773,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.171 ms [1.16 ms, 1.183 ms] -
iast 3.201 ms [3.157 ms, 3.245 ms] 2.03 ms (173.3%)
iast_FULL 5.973 ms [5.912 ms, 6.034 ms] 4.802 ms (410.0%)
iast_GLOBAL 3.617 ms [3.568 ms, 3.667 ms] 2.446 ms (208.8%)
profiling 2.039 ms [2.022 ms, 2.057 ms] 868.156 µs (74.1%)
tracing 1.823 ms [1.808 ms, 1.838 ms] 651.375 µs (55.6%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.196 ms [1.185 ms, 1.208 ms] -
iast 3.158 ms [3.116 ms, 3.2 ms] 1.961 ms (163.9%)
iast_FULL 5.852 ms [5.793 ms, 5.911 ms] 4.655 ms (389.1%)
iast_GLOBAL 3.543 ms [3.491 ms, 3.594 ms] 2.346 ms (196.1%)
profiling 2.277 ms [2.256 ms, 2.298 ms] 1.081 ms (90.3%)
tracing 1.773 ms [1.758 ms, 1.788 ms] 576.45 µs (48.2%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.61.0-SNAPSHOT~c81802884f, baseline=1.61.0-SNAPSHOT~93c3816062
    dateFormat X
    axisFormat %s
section baseline
no_agent (17.206 ms) : 17033, 17379
.   : milestone, 17206,
appsec (19.433 ms) : 19232, 19633
.   : milestone, 19433,
code_origins (17.791 ms) : 17613, 17970
.   : milestone, 17791,
iast (18.069 ms) : 17888, 18251
.   : milestone, 18069,
profiling (18.808 ms) : 18616, 19000
.   : milestone, 18808,
tracing (17.646 ms) : 17470, 17823
.   : milestone, 17646,
section candidate
no_agent (17.262 ms) : 17092, 17432
.   : milestone, 17262,
appsec (18.406 ms) : 18222, 18591
.   : milestone, 18406,
code_origins (17.577 ms) : 17401, 17754
.   : milestone, 17577,
iast (17.825 ms) : 17648, 18002
.   : milestone, 17825,
profiling (19.503 ms) : 19310, 19697
.   : milestone, 19503,
tracing (17.426 ms) : 17256, 17596
.   : milestone, 17426,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 17.206 ms [17.033 ms, 17.379 ms] -
appsec 19.433 ms [19.232 ms, 19.633 ms] 2.226 ms (12.9%)
code_origins 17.791 ms [17.613 ms, 17.97 ms] 585.43 µs (3.4%)
iast 18.069 ms [17.888 ms, 18.251 ms] 863.416 µs (5.0%)
profiling 18.808 ms [18.616 ms, 19.0 ms] 1.602 ms (9.3%)
tracing 17.646 ms [17.47 ms, 17.823 ms] 440.159 µs (2.6%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 17.262 ms [17.092 ms, 17.432 ms] -
appsec 18.406 ms [18.222 ms, 18.591 ms] 1.144 ms (6.6%)
code_origins 17.577 ms [17.401 ms, 17.754 ms] 315.502 µs (1.8%)
iast 17.825 ms [17.648 ms, 18.002 ms] 562.912 µs (3.3%)
profiling 19.503 ms [19.31 ms, 19.697 ms] 2.241 ms (13.0%)
tracing 17.426 ms [17.256 ms, 17.596 ms] 164.149 µs (1.0%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/APPSEC-61693
git_commit_date 1773312120 1773328324
git_commit_sha 93c3816 c818028
release_version 1.61.0-SNAPSHOT~93c3816062 1.61.0-SNAPSHOT~c81802884f
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1773330259 1773330259
ci_job_id 1500809556 1500809556
ci_pipeline_id 102158706 102158706
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-x4bexn3m 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-x4bexn3m 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 1 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:dacapo:tomcat:appsec better
[-1.491ms; -1.145ms] or [-38.976%; -29.945%]		 2.507ms 3.825ms
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.61.0-SNAPSHOT~c81802884f, baseline=1.61.0-SNAPSHOT~93c3816062
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.474 ms) : 1462, 1485
.   : milestone, 1474,
appsec (3.825 ms) : 3605, 4046
.   : milestone, 3825,
iast (2.25 ms) : 2181, 2320
.   : milestone, 2250,
iast_GLOBAL (2.293 ms) : 2224, 2363
.   : milestone, 2293,
profiling (2.103 ms) : 2047, 2160
.   : milestone, 2103,
tracing (2.072 ms) : 2018, 2126
.   : milestone, 2072,
section candidate
no_agent (1.47 ms) : 1458, 1481
.   : milestone, 1470,
appsec (2.507 ms) : 2452, 2562
.   : milestone, 2507,
iast (2.256 ms) : 2186, 2325
.   : milestone, 2256,
iast_GLOBAL (2.292 ms) : 2222, 2361
.   : milestone, 2292,
profiling (2.509 ms) : 2345, 2672
.   : milestone, 2509,
tracing (2.071 ms) : 2017, 2125
.   : milestone, 2071,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.474 ms [1.462 ms, 1.485 ms] -
appsec 3.825 ms [3.605 ms, 4.046 ms] 2.352 ms (159.6%)
iast 2.25 ms [2.181 ms, 2.32 ms] 776.429 µs (52.7%)
iast_GLOBAL 2.293 ms [2.224 ms, 2.363 ms] 819.546 µs (55.6%)
profiling 2.103 ms [2.047 ms, 2.16 ms] 629.547 µs (42.7%)
tracing 2.072 ms [2.018 ms, 2.126 ms] 598.063 µs (40.6%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.47 ms [1.458 ms, 1.481 ms] -
appsec 2.507 ms [2.452 ms, 2.562 ms] 1.037 ms (70.6%)
iast 2.256 ms [2.186 ms, 2.325 ms] 785.707 µs (53.5%)
iast_GLOBAL 2.292 ms [2.222 ms, 2.361 ms] 821.902 µs (55.9%)
profiling 2.509 ms [2.345 ms, 2.672 ms] 1.039 ms (70.7%)
tracing 2.071 ms [2.017 ms, 2.125 ms] 601.506 µs (40.9%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.61.0-SNAPSHOT~c81802884f, baseline=1.61.0-SNAPSHOT~93c3816062
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.3 s) : 15300000, 15300000
.   : milestone, 15300000,
appsec (15.01 s) : 15010000, 15010000
.   : milestone, 15010000,
iast (18.322 s) : 18322000, 18322000
.   : milestone, 18322000,
iast_GLOBAL (17.806 s) : 17806000, 17806000
.   : milestone, 17806000,
profiling (14.731 s) : 14731000, 14731000
.   : milestone, 14731000,
tracing (15.147 s) : 15147000, 15147000
.   : milestone, 15147000,
section candidate
no_agent (15.4 s) : 15400000, 15400000
.   : milestone, 15400000,
appsec (15.026 s) : 15026000, 15026000
.   : milestone, 15026000,
iast (18.518 s) : 18518000, 18518000
.   : milestone, 18518000,
iast_GLOBAL (17.588 s) : 17588000, 17588000
.   : milestone, 17588000,
profiling (14.81 s) : 14810000, 14810000
.   : milestone, 14810000,
tracing (15.251 s) : 15251000, 15251000
.   : milestone, 15251000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.3 s [15.3 s, 15.3 s] -
appsec 15.01 s [15.01 s, 15.01 s] -290.0 ms (-1.9%)
iast 18.322 s [18.322 s, 18.322 s] 3.022 s (19.8%)
iast_GLOBAL 17.806 s [17.806 s, 17.806 s] 2.506 s (16.4%)
profiling 14.731 s [14.731 s, 14.731 s] -569.0 ms (-3.7%)
tracing 15.147 s [15.147 s, 15.147 s] -153.0 ms (-1.0%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.4 s [15.4 s, 15.4 s] -
appsec 15.026 s [15.026 s, 15.026 s] -374.0 ms (-2.4%)
iast 18.518 s [18.518 s, 18.518 s] 3.118 s (20.2%)
iast_GLOBAL 17.588 s [17.588 s, 17.588 s] 2.188 s (14.2%)
profiling 14.81 s [14.81 s, 14.81 s] -590.0 ms (-3.8%)
tracing 15.251 s [15.251 s, 15.251 s] -149.0 ms (-1.0%)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

comp: asm waf Application Security Management (WAF) type: bug Bug report and fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jandro996