Skip to content

Add appsec.waf.input_truncated metric #8791

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 13, 2025
Merged

Add appsec.waf.input_truncated metric #8791

merged 1 commit into from
May 13, 2025

Conversation

jandro996
Copy link
Member

@jandro996 jandro996 commented May 9, 2025
edited by jira bot
Loading

What Does This Do

This PR adds support for a new telemetry metric: appsec.waf.input_truncated. This is a count metric that tracks the number of times a WAF input was truncated, which may happen multiple times per request. The metric includes a truncation_reason tag, represented as a bitfield, with the following values:

  • 1: string too long
  • 2: list or map too large
  • 4: object too deep

Motivation

RFC

Additional Notes

For every call to WAF, if truncation occurred during serialization, we should emit the metric. This will increment the count for each run where truncation was detected, and each metric will include the bitfield indicating the types of truncation that occurred.

This metric should also be triggered when ObjectInstrospector truncates the object send to the WAF. This corner case affects parsed request body and grpc. This should be fixed after #8748

Contributor Checklist

Jira ticket: APPSEC-56479

@jandro996 jandro996 added type: enhancement comp: asm waf Application Security Management (WAF) comp: telemetry Telemetry labels May 9, 2025
@jandro996 jandro996 force-pushed the alejandro.gonzalez/appsec.waf.input_truncated branch from 7f96081 to 88bc8d4 Compare May 9, 2025 15:09
@jandro996 jandro996 mentioned this pull request May 9, 2025
Closed
@pr-commenter
Copy link

pr-commenter bot commented May 9, 2025

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/appsec.waf.input_truncated
git_commit_date 1746796370 1746802238
git_commit_sha c94e3ce 7f96081
release_version 1.50.0-SNAPSHOT~c94e3ce8db 1.49.0-SNAPSHOT~7f96081b09
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1746805448 1746805448
ci_job_id 931618845 931618845
ci_pipeline_id 64651075 64651075
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-7pg-kqds-project-304-concurrent-0-8s9fp10w 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-7pg-kqds-project-304-concurrent-0-8s9fp10w 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None
variant iast iast

Summary

Found 4 performance improvements and 2 performance regressions! Performance is the same for 57 metrics, 8 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:startup:insecure-bank:iast_HARDCODED_SECRET_DISABLED:IAST better
[-8.344ms; -7.269ms] or [-27.191%; -23.688%]		 22.879ms 30.685ms
scenario:startup:insecure-bank:iast_HARDCODED_SECRET_DISABLED:AppSec worse
[+8.023ms; +8.940ms] or [+16.761%; +18.678%]		 56.348ms 47.866ms
scenario:startup:petclinic:iast:IAST better
[-8.451ms; -5.479ms] or [-28.402%; -18.414%]		 22.789ms 29.754ms
scenario:startup:petclinic:iast:AppSec worse
[+6.071ms; +10.093ms] or [+12.492%; +20.768%]		 56.681ms 48.599ms
scenario:startup:petclinic:profiling:ProfilingAgent better
[-14.788ms; -7.444ms] or [-13.532%; -6.812%]		 98.163ms 109.279ms
scenario:startup:petclinic:profiling:Profiling better
[-14.790ms; -7.445ms] or [-13.531%; -6.811%]		 98.186ms 109.304ms
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.49.0-SNAPSHOT~7f96081b09, baseline=1.50.0-SNAPSHOT~c94e3ce8db

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.026 s) : 0, 1025864
Total [baseline] (10.475 s) : 0, 10475208
Agent [candidate] (1.008 s) : 0, 1008399
Total [candidate] (10.531 s) : 0, 10531159
section appsec
Agent [baseline] (1.159 s) : 0, 1159187
Total [baseline] (10.684 s) : 0, 10684301
Agent [candidate] (1.153 s) : 0, 1152500
Total [candidate] (10.747 s) : 0, 10746558
section iast
Agent [baseline] (1.146 s) : 0, 1146066
Total [baseline] (10.862 s) : 0, 10862245
Agent [candidate] (1.138 s) : 0, 1137872
Total [candidate] (10.878 s) : 0, 10878105
section profiling
Agent [baseline] (1.281 s) : 0, 1281332
Total [baseline] (10.945 s) : 0, 10944951
Agent [candidate] (1.257 s) : 0, 1257207
Total [candidate] (10.818 s) : 0, 10817696
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.026 s -
Agent appsec 1.159 s 133.323 ms (13.0%)
Agent iast 1.146 s 120.202 ms (11.7%)
Agent profiling 1.281 s 255.468 ms (24.9%)
Total tracing 10.475 s -
Total appsec 10.684 s 209.093 ms (2.0%)
Total iast 10.862 s 387.037 ms (3.7%)
Total profiling 10.945 s 469.743 ms (4.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.008 s -
Agent appsec 1.153 s 144.101 ms (14.3%)
Agent iast 1.138 s 129.473 ms (12.8%)
Agent profiling 1.257 s 248.808 ms (24.7%)
Total tracing 10.531 s -
Total appsec 10.747 s 215.399 ms (2.0%)
Total iast 10.878 s 346.946 ms (3.3%)
Total profiling 10.818 s 286.537 ms (2.7%) 
gantt
    title petclinic - break down per module: candidate=1.49.0-SNAPSHOT~7f96081b09, baseline=1.50.0-SNAPSHOT~c94e3ce8db

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (686.096 ms) : 0, 686096
BytebuddyAgent [candidate] (672.363 ms) : 0, 672363
GlobalTracer [baseline] (241.228 ms) : 0, 241228
GlobalTracer [candidate] (240.359 ms) : 0, 240359
AppSec [baseline] (54.638 ms) : 0, 54638
AppSec [candidate] (54.738 ms) : 0, 54738
Debugger [baseline] (8.319 ms) : 0, 8319
Debugger [candidate] (6.165 ms) : 0, 6165
Remote Config [baseline] (696.6 µs) : 0, 697
Remote Config [candidate] (708.355 µs) : 0, 708
Telemetry [baseline] (11.316 ms) : 0, 11316
Telemetry [candidate] (10.555 ms) : 0, 10555
section appsec
BytebuddyAgent [baseline] (699.11 ms) : 0, 699110
BytebuddyAgent [candidate] (690.482 ms) : 0, 690482
GlobalTracer [baseline] (236.179 ms) : 0, 236179
GlobalTracer [candidate] (236.982 ms) : 0, 236982
IAST [baseline] (21.587 ms) : 0, 21587
IAST [candidate] (21.857 ms) : 0, 21857
AppSec [baseline] (175.347 ms) : 0, 175347
AppSec [candidate] (175.601 ms) : 0, 175601
Debugger [baseline] (5.937 ms) : 0, 5937
Debugger [candidate] (6.285 ms) : 0, 6285
Remote Config [baseline] (627.818 µs) : 0, 628
Remote Config [candidate] (635.428 µs) : 0, 635
Telemetry [baseline] (7.724 ms) : 0, 7724
Telemetry [candidate] (8.189 ms) : 0, 8189
section iast
BytebuddyAgent [baseline] (800.09 ms) : 0, 800090
BytebuddyAgent [candidate] (790.425 ms) : 0, 790425
GlobalTracer [baseline] (229.895 ms) : 0, 229895
GlobalTracer [candidate] (230.101 ms) : 0, 230101
IAST [baseline] (29.754 ms) : 0, 29754
IAST [candidate] (22.789 ms) : 0, 22789
AppSec [baseline] (48.599 ms) : 0, 48599
AppSec [candidate] (56.681 ms) : 0, 56681
Debugger [baseline] (5.893 ms) : 0, 5893
Debugger [candidate] (5.967 ms) : 0, 5967
Remote Config [baseline] (595.889 µs) : 0, 596
Remote Config [candidate] (593.191 µs) : 0, 593
Telemetry [baseline] (7.807 ms) : 0, 7807
Telemetry [candidate] (7.944 ms) : 0, 7944
section profiling
BytebuddyAgent [baseline] (673.696 ms) : 0, 673696
BytebuddyAgent [candidate] (661.349 ms) : 0, 661349
GlobalTracer [baseline] (378.274 ms) : 0, 378274
GlobalTracer [candidate] (378.358 ms) : 0, 378358
AppSec [baseline] (54.716 ms) : 0, 54716
AppSec [candidate] (54.225 ms) : 0, 54225
Debugger [baseline] (6.111 ms) : 0, 6111
Debugger [candidate] (6.132 ms) : 0, 6132
Remote Config [baseline] (663.145 µs) : 0, 663
Remote Config [candidate] (642.443 µs) : 0, 642
Telemetry [baseline] (8.084 ms) : 0, 8084
Telemetry [candidate] (8.204 ms) : 0, 8204
ProfilingAgent [baseline] (109.279 ms) : 0, 109279
ProfilingAgent [candidate] (98.163 ms) : 0, 98163
Profiling [baseline] (109.304 ms) : 0, 109304
Profiling [candidate] (98.186 ms) : 0, 98186
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.49.0-SNAPSHOT~7f96081b09, baseline=1.50.0-SNAPSHOT~c94e3ce8db

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.034 s) : 0, 1034058
Total [baseline] (8.698 s) : 0, 8697600
Agent [candidate] (1.012 s) : 0, 1012223
Total [candidate] (8.658 s) : 0, 8657852
section iast
Agent [baseline] (1.149 s) : 0, 1149153
Total [baseline] (9.233 s) : 0, 9233297
Agent [candidate] (1.137 s) : 0, 1137038
Total [candidate] (9.19 s) : 0, 9190335
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.152 s) : 0, 1152330
Total [baseline] (9.208 s) : 0, 9208212
Agent [candidate] (1.138 s) : 0, 1137966
Total [candidate] (9.173 s) : 0, 9173154
section iast_TELEMETRY_OFF
Agent [baseline] (1.153 s) : 0, 1153273
Total [baseline] (9.219 s) : 0, 9219435
Agent [candidate] (1.131 s) : 0, 1131196
Total [candidate] (9.182 s) : 0, 9181601
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.034 s -
Agent iast 1.149 s 115.095 ms (11.1%)
Agent iast_HARDCODED_SECRET_DISABLED 1.152 s 118.272 ms (11.4%)
Agent iast_TELEMETRY_OFF 1.153 s 119.215 ms (11.5%)
Total tracing 8.698 s -
Total iast 9.233 s 535.697 ms (6.2%)
Total iast_HARDCODED_SECRET_DISABLED 9.208 s 510.612 ms (5.9%)
Total iast_TELEMETRY_OFF 9.219 s 521.835 ms (6.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.012 s -
Agent iast 1.137 s 124.815 ms (12.3%)
Agent iast_HARDCODED_SECRET_DISABLED 1.138 s 125.743 ms (12.4%)
Agent iast_TELEMETRY_OFF 1.131 s 118.973 ms (11.8%)
Total tracing 8.658 s -
Total iast 9.19 s 532.483 ms (6.2%)
Total iast_HARDCODED_SECRET_DISABLED 9.173 s 515.302 ms (6.0%)
Total iast_TELEMETRY_OFF 9.182 s 523.75 ms (6.0%) 
gantt
    title insecure-bank - break down per module: candidate=1.49.0-SNAPSHOT~7f96081b09, baseline=1.50.0-SNAPSHOT~c94e3ce8db

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (691.261 ms) : 0, 691261
BytebuddyAgent [candidate] (674.691 ms) : 0, 674691
GlobalTracer [baseline] (243.667 ms) : 0, 243667
GlobalTracer [candidate] (240.884 ms) : 0, 240884
AppSec [baseline] (56.264 ms) : 0, 56264
AppSec [candidate] (54.831 ms) : 0, 54831
Debugger [baseline] (9.326 ms) : 0, 9326
Debugger [candidate] (6.15 ms) : 0, 6150
Remote Config [baseline] (700.76 µs) : 0, 701
Remote Config [candidate] (719.868 µs) : 0, 720
Telemetry [baseline] (9.163 ms) : 0, 9163
Telemetry [candidate] (11.425 ms) : 0, 11425
section iast
BytebuddyAgent [baseline] (801.888 ms) : 0, 801888
BytebuddyAgent [candidate] (789.346 ms) : 0, 789346
GlobalTracer [baseline] (230.793 ms) : 0, 230793
GlobalTracer [candidate] (230.186 ms) : 0, 230186
IAST [baseline] (27.501 ms) : 0, 27501
IAST [candidate] (22.935 ms) : 0, 22935
AppSec [baseline] (51.234 ms) : 0, 51234
AppSec [candidate] (56.77 ms) : 0, 56770
Debugger [baseline] (5.898 ms) : 0, 5898
Debugger [candidate] (5.971 ms) : 0, 5971
Remote Config [baseline] (595.729 µs) : 0, 596
Remote Config [candidate] (598.42 µs) : 0, 598
Telemetry [baseline] (7.822 ms) : 0, 7822
Telemetry [candidate] (7.926 ms) : 0, 7926
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (805.466 ms) : 0, 805466
BytebuddyAgent [candidate] (790.865 ms) : 0, 790865
GlobalTracer [baseline] (230.274 ms) : 0, 230274
GlobalTracer [candidate] (229.998 ms) : 0, 229998
IAST [baseline] (30.685 ms) : 0, 30685
IAST [candidate] (22.879 ms) : 0, 22879
AppSec [baseline] (47.866 ms) : 0, 47866
AppSec [candidate] (56.348 ms) : 0, 56348
Debugger [baseline] (5.928 ms) : 0, 5928
Debugger [candidate] (5.908 ms) : 0, 5908
Remote Config [baseline] (603.68 µs) : 0, 604
Remote Config [candidate] (585.518 µs) : 0, 586
Telemetry [baseline] (7.887 ms) : 0, 7887
Telemetry [candidate] (7.968 ms) : 0, 7968
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (804.129 ms) : 0, 804129
BytebuddyAgent [candidate] (785.644 ms) : 0, 785644
GlobalTracer [baseline] (231.839 ms) : 0, 231839
GlobalTracer [candidate] (229.421 ms) : 0, 229421
IAST [baseline] (22.553 ms) : 0, 22553
IAST [candidate] (22.279 ms) : 0, 22279
AppSec [baseline] (56.604 ms) : 0, 56604
AppSec [candidate] (56.268 ms) : 0, 56268
Debugger [baseline] (6.024 ms) : 0, 6024
Debugger [candidate] (5.93 ms) : 0, 5930
Remote Config [baseline] (612.239 µs) : 0, 612
Remote Config [candidate] (592.637 µs) : 0, 593
Telemetry [baseline] (7.855 ms) : 0, 7855
Telemetry [candidate] (7.715 ms) : 0, 7715
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2025-05-09T15:14:31 2025-05-09T15:22:19
git_branch master alejandro.gonzalez/appsec.waf.input_truncated
git_commit_date 1746796370 1746802238
git_commit_sha c94e3ce 7f96081
release_version 1.50.0-SNAPSHOT~c94e3ce8db 1.49.0-SNAPSHOT~7f96081b09
start_time 2025-05-09T15:14:17 2025-05-09T15:22:04
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1746804538 1746804538
ci_job_id 931618846 931618846
ci_pipeline_id 64651075 64651075
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-axfkkzwb-project-304-concurrent-0-qu8nrllu 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-axfkkzwb-project-304-concurrent-0-qu8nrllu 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 18 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.49.0-SNAPSHOT~7f96081b09, baseline=1.50.0-SNAPSHOT~c94e3ce8db
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.366 ms) : 1346, 1386
.   : milestone, 1366,
appsec (1.742 ms) : 1719, 1766
.   : milestone, 1742,
appsec_no_iast (1.733 ms) : 1710, 1757
.   : milestone, 1733,
code_origins (1.67 ms) : 1643, 1697
.   : milestone, 1670,
iast (1.526 ms) : 1502, 1551
.   : milestone, 1526,
profiling (1.534 ms) : 1511, 1557
.   : milestone, 1534,
tracing (1.511 ms) : 1486, 1536
.   : milestone, 1511,
section candidate
no_agent (1.374 ms) : 1355, 1394
.   : milestone, 1374,
appsec (1.753 ms) : 1730, 1777
.   : milestone, 1753,
appsec_no_iast (1.731 ms) : 1708, 1754
.   : milestone, 1731,
code_origins (1.687 ms) : 1660, 1713
.   : milestone, 1687,
iast (1.523 ms) : 1498, 1547
.   : milestone, 1523,
profiling (1.515 ms) : 1490, 1539
.   : milestone, 1515,
tracing (1.497 ms) : 1472, 1522
.   : milestone, 1497,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.366 ms [1.346 ms, 1.386 ms] -
appsec 1.742 ms [1.719 ms, 1.766 ms] 376.07 µs (27.5%)
appsec_no_iast 1.733 ms [1.71 ms, 1.757 ms] 366.979 µs (26.9%)
code_origins 1.67 ms [1.643 ms, 1.697 ms] 303.952 µs (22.2%)
iast 1.526 ms [1.502 ms, 1.551 ms] 160.183 µs (11.7%)
profiling 1.534 ms [1.511 ms, 1.557 ms] 167.957 µs (12.3%)
tracing 1.511 ms [1.486 ms, 1.536 ms] 144.858 µs (10.6%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.374 ms [1.355 ms, 1.394 ms] -
appsec 1.753 ms [1.73 ms, 1.777 ms] 378.99 µs (27.6%)
appsec_no_iast 1.731 ms [1.708 ms, 1.754 ms] 356.676 µs (26.0%)
code_origins 1.687 ms [1.66 ms, 1.713 ms] 312.171 µs (22.7%)
iast 1.523 ms [1.498 ms, 1.547 ms] 148.505 µs (10.8%)
profiling 1.515 ms [1.49 ms, 1.539 ms] 140.229 µs (10.2%)
tracing 1.497 ms [1.472 ms, 1.522 ms] 122.654 µs (8.9%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.49.0-SNAPSHOT~7f96081b09, baseline=1.50.0-SNAPSHOT~c94e3ce8db
    dateFormat X
    axisFormat %s
section baseline
no_agent (392.904 µs) : 373, 413
.   : milestone, 393,
iast (523.966 µs) : 502, 546
.   : milestone, 524,
iast_FULL (752.628 µs) : 731, 775
.   : milestone, 753,
iast_GLOBAL (582.048 µs) : 560, 604
.   : milestone, 582,
iast_HARDCODED_SECRET_DISABLED (542.913 µs) : 520, 566
.   : milestone, 543,
iast_INACTIVE (479.06 µs) : 456, 502
.   : milestone, 479,
iast_TELEMETRY_OFF (521.031 µs) : 498, 544
.   : milestone, 521,
tracing (472.79 µs) : 451, 495
.   : milestone, 473,
section candidate
no_agent (387.387 µs) : 368, 407
.   : milestone, 387,
iast (524.262 µs) : 501, 548
.   : milestone, 524,
iast_FULL (746.482 µs) : 723, 770
.   : milestone, 746,
iast_GLOBAL (578.383 µs) : 555, 602
.   : milestone, 578,
iast_HARDCODED_SECRET_DISABLED (529.36 µs) : 505, 554
.   : milestone, 529,
iast_INACTIVE (476.835 µs) : 454, 500
.   : milestone, 477,
iast_TELEMETRY_OFF (525.507 µs) : 503, 548
.   : milestone, 526,
tracing (469.876 µs) : 448, 492
.   : milestone, 470,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 392.904 µs [373.273 µs, 412.534 µs] -
iast 523.966 µs [502.04 µs, 545.891 µs] 131.062 µs (33.4%)
iast_FULL 752.628 µs [730.532 µs, 774.724 µs] 359.724 µs (91.6%)
iast_GLOBAL 582.048 µs [559.784 µs, 604.313 µs] 189.145 µs (48.1%)
iast_HARDCODED_SECRET_DISABLED 542.913 µs [519.637 µs, 566.19 µs] 150.01 µs (38.2%)
iast_INACTIVE 479.06 µs [456.314 µs, 501.807 µs] 86.156 µs (21.9%)
iast_TELEMETRY_OFF 521.031 µs [497.856 µs, 544.206 µs] 128.127 µs (32.6%)
tracing 472.79 µs [450.506 µs, 495.073 µs] 79.886 µs (20.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 387.387 µs [367.747 µs, 407.026 µs] -
iast 524.262 µs [500.706 µs, 547.818 µs] 136.875 µs (35.3%)
iast_FULL 746.482 µs [723.126 µs, 769.838 µs] 359.095 µs (92.7%)
iast_GLOBAL 578.383 µs [555.138 µs, 601.629 µs] 190.997 µs (49.3%)
iast_HARDCODED_SECRET_DISABLED 529.36 µs [505.112 µs, 553.608 µs] 141.974 µs (36.6%)
iast_INACTIVE 476.835 µs [454.022 µs, 499.648 µs] 89.448 µs (23.1%)
iast_TELEMETRY_OFF 525.507 µs [502.824 µs, 548.191 µs] 138.121 µs (35.7%)
tracing 469.876 µs [447.666 µs, 492.085 µs] 82.489 µs (21.3%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/appsec.waf.input_truncated
git_commit_date 1746796370 1746802238
git_commit_sha c94e3ce 7f96081
release_version 1.50.0-SNAPSHOT~c94e3ce8db 1.49.0-SNAPSHOT~7f96081b09
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1746805071 1746805071
ci_job_id 931618848 931618848
ci_pipeline_id 64651075 64651075
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-d33xtjb-project-304-concurrent-0-a1z7dsht 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-d33xtjb-project-304-concurrent-0-a1z7dsht 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.49.0-SNAPSHOT~7f96081b09, baseline=1.50.0-SNAPSHOT~c94e3ce8db
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.476 ms) : 1464, 1488
.   : milestone, 1476,
appsec (2.409 ms) : 2360, 2458
.   : milestone, 2409,
iast (2.184 ms) : 2121, 2246
.   : milestone, 2184,
iast_GLOBAL (2.239 ms) : 2176, 2301
.   : milestone, 2239,
profiling (2.045 ms) : 1994, 2095
.   : milestone, 2045,
tracing (2.012 ms) : 1964, 2060
.   : milestone, 2012,
section candidate
no_agent (1.474 ms) : 1463, 1486
.   : milestone, 1474,
appsec (2.405 ms) : 2356, 2455
.   : milestone, 2405,
iast (2.196 ms) : 2134, 2258
.   : milestone, 2196,
iast_GLOBAL (2.238 ms) : 2175, 2300
.   : milestone, 2238,
profiling (2.036 ms) : 1986, 2086
.   : milestone, 2036,
tracing (2.022 ms) : 1974, 2070
.   : milestone, 2022,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.476 ms [1.464 ms, 1.488 ms] -
appsec 2.409 ms [2.36 ms, 2.458 ms] 932.937 µs (63.2%)
iast 2.184 ms [2.121 ms, 2.246 ms] 707.663 µs (47.9%)
iast_GLOBAL 2.239 ms [2.176 ms, 2.301 ms] 762.632 µs (51.7%)
profiling 2.045 ms [1.994 ms, 2.095 ms] 568.614 µs (38.5%)
tracing 2.012 ms [1.964 ms, 2.06 ms] 536.081 µs (36.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.474 ms [1.463 ms, 1.486 ms] -
appsec 2.405 ms [2.356 ms, 2.455 ms] 930.818 µs (63.1%)
iast 2.196 ms [2.134 ms, 2.258 ms] 721.934 µs (49.0%)
iast_GLOBAL 2.238 ms [2.175 ms, 2.3 ms] 763.49 µs (51.8%)
profiling 2.036 ms [1.986 ms, 2.086 ms] 561.823 µs (38.1%)
tracing 2.022 ms [1.974 ms, 2.07 ms] 547.619 µs (37.1%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.49.0-SNAPSHOT~7f96081b09, baseline=1.50.0-SNAPSHOT~c94e3ce8db
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.038 s) : 15038000, 15038000
.   : milestone, 15038000,
appsec (15.171 s) : 15171000, 15171000
.   : milestone, 15171000,
iast (18.756 s) : 18756000, 18756000
.   : milestone, 18756000,
iast_GLOBAL (18.028 s) : 18028000, 18028000
.   : milestone, 18028000,
profiling (15.483 s) : 15483000, 15483000
.   : milestone, 15483000,
tracing (15.074 s) : 15074000, 15074000
.   : milestone, 15074000,
section candidate
no_agent (14.972 s) : 14972000, 14972000
.   : milestone, 14972000,
appsec (15.242 s) : 15242000, 15242000
.   : milestone, 15242000,
iast (18.504 s) : 18504000, 18504000
.   : milestone, 18504000,
iast_GLOBAL (18.243 s) : 18243000, 18243000
.   : milestone, 18243000,
profiling (15.475 s) : 15475000, 15475000
.   : milestone, 15475000,
tracing (15.22 s) : 15220000, 15220000
.   : milestone, 15220000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.038 s [15.038 s, 15.038 s] -
appsec 15.171 s [15.171 s, 15.171 s] 133.0 ms (0.9%)
iast 18.756 s [18.756 s, 18.756 s] 3.718 s (24.7%)
iast_GLOBAL 18.028 s [18.028 s, 18.028 s] 2.99 s (19.9%)
profiling 15.483 s [15.483 s, 15.483 s] 445.0 ms (3.0%)
tracing 15.074 s [15.074 s, 15.074 s] 36.0 ms (0.2%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.972 s [14.972 s, 14.972 s] -
appsec 15.242 s [15.242 s, 15.242 s] 270.0 ms (1.8%)
iast 18.504 s [18.504 s, 18.504 s] 3.532 s (23.6%)
iast_GLOBAL 18.243 s [18.243 s, 18.243 s] 3.271 s (21.8%)
profiling 15.475 s [15.475 s, 15.475 s] 503.0 ms (3.4%)
tracing 15.22 s [15.22 s, 15.22 s] 248.0 ms (1.7%)

@jandro996 jandro996 marked this pull request as ready for review May 13, 2025 09:14
@jandro996 jandro996 requested a review from a team as a code owner May 13, 2025 09:14
@datadog-datadog-prod-us1
Copy link
Contributor

Datadog Summary

✅ Code Quality    ✅ Code Security    ✅ Dependencies

Was this helpful? Give us feedback!

@jandro996 jandro996 merged commit 933cb97 into master May 13, 2025
278 of 280 checks passed
@jandro996 jandro996 deleted the alejandro.gonzalez/appsec.waf.input_truncated branch May 13, 2025 10:48
@github-actions github-actions bot added this to the 1.50.0 milestone May 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smola smola smola approved these changes

@manuel-alvarez-alvarez manuel-alvarez-alvarez Awaiting requested review from manuel-alvarez-alvarez manuel-alvarez-alvarez is a code owner automatically assigned from DataDog/asm-java

@sezen-datadog sezen-datadog Awaiting requested review from sezen-datadog sezen-datadog is a code owner automatically assigned from DataDog/asm-java

Assignees
No one assigned
Labels
comp: asm waf Application Security Management (WAF) comp: telemetry Telemetry type: enhancement
Projects
None yet
Milestone
1.50.0
Development

Successfully merging this pull request may close these issues.
2 participants
@jandro996 @smola