Skip to content

Add server.request.body.filenames support for Jetty#10988

Draft
jandro996 wants to merge 1 commit intomasterfrom
alejandro.gonzalez/APPSEC-61873-3
Draft

Add server.request.body.filenames support for Jetty#10988
jandro996 wants to merge 1 commit intomasterfrom
alejandro.gonzalez/APPSEC-61873-3

Conversation

@jandro996
Copy link
Copy Markdown
Member

@jandro996 jandro996 commented Mar 27, 2026

Summary

  • Add GetFilenamesAdvice to all three Jetty AppSec instrumentation modules to collect uploaded file names from multipart requests and fire the requestFilesFilenames() IG callback:
    • jetty-appsec-8.1.3: intercepts getParts() return value; includes Content-Disposition header fallback for Servlet 3.0 (Jetty 9.0) where getSubmittedFileName() is not available
    • jetty-appsec-9.2: intercepts no-arg getParts() for Servlet 3.1+
    • jetty-appsec-9.3: same pattern, applies to Jetty 9.3, 10, 11
  • Enable testBodyFilenames() in Jetty 9.x, 10, and 11 server tests
  • Override testBodyFilenames() = false in JettyAsyncHandlerTest — async re-dispatch changes how Jetty processes multipart parts, the tag is not set in that variant

Test plan

  • jetty-server-9.0 tests pass
  • jetty-server-9.0.4 tests pass
  • jetty-server-9.3 tests pass
  • jetty-server-9.4.21 tests pass
  • jetty-server-10.0 tests pass
  • jetty-server-11.0 tests pass (including JettyAsyncHandlerTest which skips testBodyFilenames)

Related

Depends on #10973 (merged).
Part of APPSEC-61873 — server.request.body.filenames implementation across server frameworks.

tag: no release note
tag: ai generated

@jandro996
Instrument Jetty for server.request.body.filenames
e3d4073 
Add GetFilenamesAdvice to all three Jetty AppSec modules to collect
uploaded file names from multipart requests and fire the
requestFilesFilenames() IG callback:

- jetty-appsec-8.1.3: intercepts getParts() return value; includes
  Content-Disposition header fallback for Servlet 3.0 (Jetty 9.0)
  where getSubmittedFileName() is not available
- jetty-appsec-9.2: intercepts no-arg getParts() for Servlet 3.1+
- jetty-appsec-9.3: same, applies to Jetty 9.3, 10, 11

Enable testBodyFilenames() in Jetty 9.x, 10 and 11 server tests.
@jandro996 jandro996 added comp: asm waf Application Security Management (WAF) type: enhancement Enhancements and improvements labels Mar 27, 2026
@pr-commenter
Copy link
Copy Markdown

pr-commenter bot commented Mar 27, 2026

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/APPSEC-61873-3
git_commit_date 1774619422 1774634390
git_commit_sha 1abe140 e3d4073
release_version 1.61.0-SNAPSHOT~1abe140bde 1.61.0-SNAPSHOT~e3d40737a9
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1774636098 1774636098
ci_job_id 1546693997 1546693997
ci_pipeline_id 104824333 104824333
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-cfex5q6q 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-cfex5q6q 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 60 metrics, 11 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.61.0-SNAPSHOT~e3d40737a9, baseline=1.61.0-SNAPSHOT~1abe140bde

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.07 s) : 0, 1069792
Total [baseline] (11.047 s) : 0, 11047472
Agent [candidate] (1.061 s) : 0, 1060773
Total [candidate] (11.105 s) : 0, 11105105
section appsec
Agent [baseline] (1.265 s) : 0, 1264850
Total [baseline] (11.226 s) : 0, 11225630
Agent [candidate] (1.249 s) : 0, 1248690
Total [candidate] (11.238 s) : 0, 11237886
section iast
Agent [baseline] (1.238 s) : 0, 1238199
Total [baseline] (11.427 s) : 0, 11426865
Agent [candidate] (1.23 s) : 0, 1230492
Total [candidate] (11.441 s) : 0, 11440769
section profiling
Agent [baseline] (1.184 s) : 0, 1183848
Total [baseline] (11.08 s) : 0, 11079657
Agent [candidate] (1.191 s) : 0, 1191183
Total [candidate] (11.121 s) : 0, 11121008
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.07 s -
Agent appsec 1.265 s 195.059 ms (18.2%)
Agent iast 1.238 s 168.407 ms (15.7%)
Agent profiling 1.184 s 114.056 ms (10.7%)
Total tracing 11.047 s -
Total appsec 11.226 s 178.159 ms (1.6%)
Total iast 11.427 s 379.393 ms (3.4%)
Total profiling 11.08 s 32.186 ms (0.3%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.061 s -
Agent appsec 1.249 s 187.917 ms (17.7%)
Agent iast 1.23 s 169.719 ms (16.0%)
Agent profiling 1.191 s 130.41 ms (12.3%)
Total tracing 11.105 s -
Total appsec 11.238 s 132.78 ms (1.2%)
Total iast 11.441 s 335.664 ms (3.0%)
Total profiling 11.121 s 15.903 ms (0.1%) 
gantt
    title petclinic - break down per module: candidate=1.61.0-SNAPSHOT~e3d40737a9, baseline=1.61.0-SNAPSHOT~1abe140bde

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.25 ms) : 0, 1250
crashtracking [candidate] (1.2 ms) : 0, 1200
BytebuddyAgent [baseline] (637.849 ms) : 0, 637849
BytebuddyAgent [candidate] (631.168 ms) : 0, 631168
AgentMeter [baseline] (29.762 ms) : 0, 29762
AgentMeter [candidate] (29.351 ms) : 0, 29351
GlobalTracer [baseline] (259.378 ms) : 0, 259378
GlobalTracer [candidate] (257.274 ms) : 0, 257274
AppSec [baseline] (32.034 ms) : 0, 32034
AppSec [candidate] (31.758 ms) : 0, 31758
Debugger [baseline] (60.935 ms) : 0, 60935
Debugger [candidate] (60.426 ms) : 0, 60426
Remote Config [baseline] (595.088 µs) : 0, 595
Remote Config [candidate] (590.441 µs) : 0, 590
Telemetry [baseline] (8.079 ms) : 0, 8079
Telemetry [candidate] (7.958 ms) : 0, 7958
Flare Poller [baseline] (3.587 ms) : 0, 3587
Flare Poller [candidate] (4.934 ms) : 0, 4934
section appsec
crashtracking [baseline] (1.212 ms) : 0, 1212
crashtracking [candidate] (1.198 ms) : 0, 1198
BytebuddyAgent [baseline] (669.639 ms) : 0, 669639
BytebuddyAgent [candidate] (660.061 ms) : 0, 660061
AgentMeter [baseline] (12.264 ms) : 0, 12264
AgentMeter [candidate] (12.152 ms) : 0, 12152
GlobalTracer [baseline] (261.354 ms) : 0, 261354
GlobalTracer [candidate] (258.347 ms) : 0, 258347
IAST [baseline] (24.602 ms) : 0, 24602
IAST [candidate] (24.148 ms) : 0, 24148
AppSec [baseline] (179.346 ms) : 0, 179346
AppSec [candidate] (177.879 ms) : 0, 177879
Debugger [baseline] (67.059 ms) : 0, 67059
Debugger [candidate] (66.11 ms) : 0, 66110
Remote Config [baseline] (650.654 µs) : 0, 651
Remote Config [candidate] (633.695 µs) : 0, 634
Telemetry [baseline] (8.471 ms) : 0, 8471
Telemetry [candidate] (8.312 ms) : 0, 8312
Flare Poller [baseline] (3.659 ms) : 0, 3659
Flare Poller [candidate] (3.552 ms) : 0, 3552
section iast
crashtracking [baseline] (1.221 ms) : 0, 1221
crashtracking [candidate] (1.192 ms) : 0, 1192
BytebuddyAgent [baseline] (803.491 ms) : 0, 803491
BytebuddyAgent [candidate] (797.621 ms) : 0, 797621
AgentMeter [baseline] (11.55 ms) : 0, 11550
AgentMeter [candidate] (11.463 ms) : 0, 11463
GlobalTracer [baseline] (249.057 ms) : 0, 249057
GlobalTracer [candidate] (248.096 ms) : 0, 248096
IAST [baseline] (25.518 ms) : 0, 25518
IAST [candidate] (25.382 ms) : 0, 25382
AppSec [baseline] (26.766 ms) : 0, 26766
AppSec [candidate] (26.551 ms) : 0, 26551
Debugger [baseline] (70.359 ms) : 0, 70359
Debugger [candidate] (70.925 ms) : 0, 70925
Remote Config [baseline] (538.388 µs) : 0, 538
Remote Config [candidate] (528.546 µs) : 0, 529
Telemetry [baseline] (9.793 ms) : 0, 9793
Telemetry [candidate] (9.15 ms) : 0, 9150
Flare Poller [baseline] (3.593 ms) : 0, 3593
Flare Poller [candidate] (3.375 ms) : 0, 3375
section profiling
crashtracking [baseline] (1.175 ms) : 0, 1175
crashtracking [candidate] (1.175 ms) : 0, 1175
BytebuddyAgent [baseline] (683.522 ms) : 0, 683522
BytebuddyAgent [candidate] (688.61 ms) : 0, 688610
AgentMeter [baseline] (8.949 ms) : 0, 8949
AgentMeter [candidate] (9.042 ms) : 0, 9042
GlobalTracer [baseline] (215.157 ms) : 0, 215157
GlobalTracer [candidate] (216.587 ms) : 0, 216587
AppSec [baseline] (32.236 ms) : 0, 32236
AppSec [candidate] (32.584 ms) : 0, 32584
Debugger [baseline] (65.899 ms) : 0, 65899
Debugger [candidate] (65.161 ms) : 0, 65161
Remote Config [baseline] (576.161 µs) : 0, 576
Remote Config [candidate] (569.598 µs) : 0, 570
Telemetry [baseline] (7.78 ms) : 0, 7780
Telemetry [candidate] (8.499 ms) : 0, 8499
Flare Poller [baseline] (3.503 ms) : 0, 3503
Flare Poller [candidate] (3.539 ms) : 0, 3539
ProfilingAgent [baseline] (94.078 ms) : 0, 94078
ProfilingAgent [candidate] (94.182 ms) : 0, 94182
Profiling [baseline] (94.64 ms) : 0, 94640
Profiling [candidate] (94.736 ms) : 0, 94736
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.61.0-SNAPSHOT~e3d40737a9, baseline=1.61.0-SNAPSHOT~1abe140bde

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.068 s) : 0, 1068003
Total [baseline] (8.867 s) : 0, 8867340
Agent [candidate] (1.066 s) : 0, 1066363
Total [candidate] (8.917 s) : 0, 8916675
section iast
Agent [baseline] (1.247 s) : 0, 1246842
Total [baseline] (9.612 s) : 0, 9612373
Agent [candidate] (1.24 s) : 0, 1239579
Total [candidate] (9.583 s) : 0, 9582937
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.068 s -
Agent iast 1.247 s 178.839 ms (16.7%)
Total tracing 8.867 s -
Total iast 9.612 s 745.033 ms (8.4%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.066 s -
Agent iast 1.24 s 173.216 ms (16.2%)
Total tracing 8.917 s -
Total iast 9.583 s 666.262 ms (7.5%) 
gantt
    title insecure-bank - break down per module: candidate=1.61.0-SNAPSHOT~e3d40737a9, baseline=1.61.0-SNAPSHOT~1abe140bde

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.231 ms) : 0, 1231
crashtracking [candidate] (1.205 ms) : 0, 1205
BytebuddyAgent [baseline] (636.376 ms) : 0, 636376
BytebuddyAgent [candidate] (634.345 ms) : 0, 634345
AgentMeter [baseline] (29.573 ms) : 0, 29573
AgentMeter [candidate] (29.459 ms) : 0, 29459
GlobalTracer [baseline] (258.658 ms) : 0, 258658
GlobalTracer [candidate] (259.151 ms) : 0, 259151
AppSec [baseline] (31.99 ms) : 0, 31990
AppSec [candidate] (32.047 ms) : 0, 32047
Debugger [baseline] (59.993 ms) : 0, 59993
Debugger [candidate] (60.096 ms) : 0, 60096
Remote Config [baseline] (589.632 µs) : 0, 590
Remote Config [candidate] (608.451 µs) : 0, 608
Telemetry [baseline] (8.13 ms) : 0, 8130
Telemetry [candidate] (8.105 ms) : 0, 8105
Flare Poller [baseline] (5.01 ms) : 0, 5010
Flare Poller [candidate] (5.07 ms) : 0, 5070
section iast
crashtracking [baseline] (1.238 ms) : 0, 1238
crashtracking [candidate] (1.215 ms) : 0, 1215
BytebuddyAgent [baseline] (810.46 ms) : 0, 810460
BytebuddyAgent [candidate] (804.83 ms) : 0, 804830
AgentMeter [baseline] (12.013 ms) : 0, 12013
AgentMeter [candidate] (11.683 ms) : 0, 11683
GlobalTracer [baseline] (250.357 ms) : 0, 250357
GlobalTracer [candidate] (249.803 ms) : 0, 249803
IAST [baseline] (25.811 ms) : 0, 25811
IAST [candidate] (25.626 ms) : 0, 25626
AppSec [baseline] (27.959 ms) : 0, 27959
AppSec [candidate] (26.802 ms) : 0, 26802
Debugger [baseline] (68.008 ms) : 0, 68008
Debugger [candidate] (68.83 ms) : 0, 68830
Remote Config [baseline] (532.667 µs) : 0, 533
Remote Config [candidate] (521.366 µs) : 0, 521
Telemetry [baseline] (10.311 ms) : 0, 10311
Telemetry [candidate] (10.389 ms) : 0, 10389
Flare Poller [baseline] (3.745 ms) : 0, 3745
Flare Poller [candidate] (3.572 ms) : 0, 3572
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/APPSEC-61873-3
git_commit_date 1774619422 1774634390
git_commit_sha 1abe140 e3d4073
release_version 1.61.0-SNAPSHOT~1abe140bde 1.61.0-SNAPSHOT~e3d40737a9
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1774636573 1774636573
ci_job_id 1546693999 1546693999
ci_pipeline_id 104824333 104824333
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-sodrufun 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-sodrufun 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 4 performance regressions! Performance is the same for 15 metrics, 16 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:iast_GLOBAL:high_load worse
[+119.747µs; +213.036µs] or [+4.361%; +7.759%]		 unsure
[+142.937µs; +738.425µs] or [+1.834%; +9.477%]		 unstable
[-220.234op/s; +80.921op/s] or [-16.768%; +6.161%]		 2.912ms 8.232ms 1243.781op/s 2.746ms 7.792ms 1313.438op/s
scenario:load:petclinic:profiling:high_load worse
[+0.575ms; +1.777ms] or [+3.134%; +9.679%]		 unsure
[+0.243ms; +2.214ms] or [+0.801%; +7.312%]		 unstable
[-36.279op/s; +11.279op/s] or [-14.586%; +4.535%]		 19.535ms 31.507ms 236.219op/s 18.359ms 30.278ms 248.719op/s
scenario:load:petclinic:code_origins:high_load worse
[+2.210ms; +2.572ms] or [+12.896%; +15.011%]		 worse
[+2.170ms; +3.489ms] or [+7.630%; +12.266%]		 unstable
[-53.319op/s; -5.869op/s] or [-20.104%; -2.213%]		 19.527ms 31.272ms 235.625op/s 17.136ms 28.442ms 265.219op/s
scenario:load:petclinic:tracing:high_load better
[-1397.079µs; -592.775µs] or [-7.484%; -3.175%]		 unsure
[-1547.765µs; -259.746µs] or [-5.150%; -0.864%]		 unstable
[-14.539op/s; +33.539op/s] or [-5.886%; +13.577%]		 17.673ms 29.153ms 256.531op/s 18.668ms 30.057ms 247.031op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.61.0-SNAPSHOT~e3d40737a9, baseline=1.61.0-SNAPSHOT~1abe140bde
    dateFormat X
    axisFormat %s
section baseline
no_agent (19.699 ms) : 19497, 19901
.   : milestone, 19699,
appsec (18.845 ms) : 18651, 19039
.   : milestone, 18845,
code_origins (17.593 ms) : 17419, 17767
.   : milestone, 17593,
iast (17.845 ms) : 17666, 18024
.   : milestone, 17845,
profiling (18.765 ms) : 18573, 18957
.   : milestone, 18765,
tracing (18.9 ms) : 18708, 19091
.   : milestone, 18900,
section candidate
no_agent (19.036 ms) : 18842, 19230
.   : milestone, 19036,
appsec (18.554 ms) : 18369, 18739
.   : milestone, 18554,
code_origins (19.81 ms) : 19611, 20008
.   : milestone, 19810,
iast (17.646 ms) : 17468, 17824
.   : milestone, 17646,
profiling (19.764 ms) : 19559, 19969
.   : milestone, 19764,
tracing (18.189 ms) : 18007, 18371
.   : milestone, 18189,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.699 ms [19.497 ms, 19.901 ms] -
appsec 18.845 ms [18.651 ms, 19.039 ms] -854.012 µs (-4.3%)
code_origins 17.593 ms [17.419 ms, 17.767 ms] -2.106 ms (-10.7%)
iast 17.845 ms [17.666 ms, 18.024 ms] -1.854 ms (-9.4%)
profiling 18.765 ms [18.573 ms, 18.957 ms] -933.973 µs (-4.7%)
tracing 18.9 ms [18.708 ms, 19.091 ms] -799.365 µs (-4.1%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.036 ms [18.842 ms, 19.23 ms] -
appsec 18.554 ms [18.369 ms, 18.739 ms] -482.349 µs (-2.5%)
code_origins 19.81 ms [19.611 ms, 20.008 ms] 773.664 µs (4.1%)
iast 17.646 ms [17.468 ms, 17.824 ms] -1.39 ms (-7.3%)
profiling 19.764 ms [19.559 ms, 19.969 ms] 727.849 µs (3.8%)
tracing 18.189 ms [18.007 ms, 18.371 ms] -846.959 µs (-4.4%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.61.0-SNAPSHOT~e3d40737a9, baseline=1.61.0-SNAPSHOT~1abe140bde
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.21 ms) : 1198, 1222
.   : milestone, 1210,
iast (3.257 ms) : 3212, 3303
.   : milestone, 3257,
iast_FULL (6.048 ms) : 5987, 6110
.   : milestone, 6048,
iast_GLOBAL (3.504 ms) : 3443, 3565
.   : milestone, 3504,
profiling (2.208 ms) : 2186, 2231
.   : milestone, 2208,
tracing (1.824 ms) : 1808, 1840
.   : milestone, 1824,
section candidate
no_agent (1.213 ms) : 1201, 1226
.   : milestone, 1213,
iast (3.167 ms) : 3122, 3211
.   : milestone, 3167,
iast_FULL (5.856 ms) : 5796, 5915
.   : milestone, 5856,
iast_GLOBAL (3.691 ms) : 3628, 3755
.   : milestone, 3691,
profiling (2.334 ms) : 2312, 2356
.   : milestone, 2334,
tracing (1.775 ms) : 1761, 1789
.   : milestone, 1775,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.21 ms [1.198 ms, 1.222 ms] -
iast 3.257 ms [3.212 ms, 3.303 ms] 2.047 ms (169.2%)
iast_FULL 6.048 ms [5.987 ms, 6.11 ms] 4.838 ms (399.8%)
iast_GLOBAL 3.504 ms [3.443 ms, 3.565 ms] 2.294 ms (189.6%)
profiling 2.208 ms [2.186 ms, 2.231 ms] 998.333 µs (82.5%)
tracing 1.824 ms [1.808 ms, 1.84 ms] 613.74 µs (50.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.213 ms [1.201 ms, 1.226 ms] -
iast 3.167 ms [3.122 ms, 3.211 ms] 1.953 ms (161.0%)
iast_FULL 5.856 ms [5.796 ms, 5.915 ms] 4.642 ms (382.6%)
iast_GLOBAL 3.691 ms [3.628 ms, 3.755 ms] 2.478 ms (204.2%)
profiling 2.334 ms [2.312 ms, 2.356 ms] 1.121 ms (92.3%)
tracing 1.775 ms [1.761 ms, 1.789 ms] 561.257 µs (46.3%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/APPSEC-61873-3
git_commit_date 1774619422 1774634390
git_commit_sha 1abe140 e3d4073
release_version 1.61.0-SNAPSHOT~1abe140bde 1.61.0-SNAPSHOT~e3d40737a9
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1774636352 1774636352
ci_job_id 1546694002 1546694002
ci_pipeline_id 104824333 104824333
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-ujpfml1i 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-ujpfml1i 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.61.0-SNAPSHOT~e3d40737a9, baseline=1.61.0-SNAPSHOT~1abe140bde
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.479 ms) : 1468, 1491
.   : milestone, 1479,
appsec (3.836 ms) : 3614, 4059
.   : milestone, 3836,
iast (2.276 ms) : 2207, 2346
.   : milestone, 2276,
iast_GLOBAL (2.324 ms) : 2253, 2395
.   : milestone, 2324,
profiling (2.106 ms) : 2049, 2162
.   : milestone, 2106,
tracing (2.074 ms) : 2020, 2128
.   : milestone, 2074,
section candidate
no_agent (1.479 ms) : 1467, 1491
.   : milestone, 1479,
appsec (3.799 ms) : 3578, 4020
.   : milestone, 3799,
iast (2.271 ms) : 2201, 2340
.   : milestone, 2271,
iast_GLOBAL (2.31 ms) : 2240, 2380
.   : milestone, 2310,
profiling (2.091 ms) : 2036, 2146
.   : milestone, 2091,
tracing (2.068 ms) : 2014, 2121
.   : milestone, 2068,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.479 ms [1.468 ms, 1.491 ms] -
appsec 3.836 ms [3.614 ms, 4.059 ms] 2.357 ms (159.3%)
iast 2.276 ms [2.207 ms, 2.346 ms] 796.849 µs (53.9%)
iast_GLOBAL 2.324 ms [2.253 ms, 2.395 ms] 844.897 µs (57.1%)
profiling 2.106 ms [2.049 ms, 2.162 ms] 626.24 µs (42.3%)
tracing 2.074 ms [2.02 ms, 2.128 ms] 594.552 µs (40.2%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.479 ms [1.467 ms, 1.491 ms] -
appsec 3.799 ms [3.578 ms, 4.02 ms] 2.32 ms (156.9%)
iast 2.271 ms [2.201 ms, 2.34 ms] 791.59 µs (53.5%)
iast_GLOBAL 2.31 ms [2.24 ms, 2.38 ms] 831.31 µs (56.2%)
profiling 2.091 ms [2.036 ms, 2.146 ms] 611.927 µs (41.4%)
tracing 2.068 ms [2.014 ms, 2.121 ms] 588.642 µs (39.8%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.61.0-SNAPSHOT~e3d40737a9, baseline=1.61.0-SNAPSHOT~1abe140bde
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.542 s) : 15542000, 15542000
.   : milestone, 15542000,
appsec (15.32 s) : 15320000, 15320000
.   : milestone, 15320000,
iast (18.356 s) : 18356000, 18356000
.   : milestone, 18356000,
iast_GLOBAL (17.934 s) : 17934000, 17934000
.   : milestone, 17934000,
profiling (15.57 s) : 15570000, 15570000
.   : milestone, 15570000,
tracing (14.748 s) : 14748000, 14748000
.   : milestone, 14748000,
section candidate
no_agent (15.458 s) : 15458000, 15458000
.   : milestone, 15458000,
appsec (14.72 s) : 14720000, 14720000
.   : milestone, 14720000,
iast (18.297 s) : 18297000, 18297000
.   : milestone, 18297000,
iast_GLOBAL (18.026 s) : 18026000, 18026000
.   : milestone, 18026000,
profiling (14.671 s) : 14671000, 14671000
.   : milestone, 14671000,
tracing (14.898 s) : 14898000, 14898000
.   : milestone, 14898000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.542 s [15.542 s, 15.542 s] -
appsec 15.32 s [15.32 s, 15.32 s] -222.0 ms (-1.4%)
iast 18.356 s [18.356 s, 18.356 s] 2.814 s (18.1%)
iast_GLOBAL 17.934 s [17.934 s, 17.934 s] 2.392 s (15.4%)
profiling 15.57 s [15.57 s, 15.57 s] 28.0 ms (0.2%)
tracing 14.748 s [14.748 s, 14.748 s] -794.0 ms (-5.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.458 s [15.458 s, 15.458 s] -
appsec 14.72 s [14.72 s, 14.72 s] -738.0 ms (-4.8%)
iast 18.297 s [18.297 s, 18.297 s] 2.839 s (18.4%)
iast_GLOBAL 18.026 s [18.026 s, 18.026 s] 2.568 s (16.6%)
profiling 14.671 s [14.671 s, 14.671 s] -787.0 ms (-5.1%)
tracing 14.898 s [14.898 s, 14.898 s] -560.0 ms (-3.6%)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

comp: asm waf Application Security Management (WAF) type: enhancement Enhancements and improvements

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jandro996