Skip to content

Add RASP instrumentation for Files.copy(Path,Path) and Files.copy(Path,OutputStream)#11179

Open
jandro996 wants to merge 1 commit intomasterfrom
alejandro.gonzalez/APPSEC-61874-files-copy
Open

Add RASP instrumentation for Files.copy(Path,Path) and Files.copy(Path,OutputStream)#11179
jandro996 wants to merge 1 commit intomasterfrom
alejandro.gonzalez/APPSEC-61874-files-copy

Conversation

@jandro996
Copy link
Copy Markdown
Member

@jandro996 jandro996 commented Apr 22, 2026
edited
Loading

What Does This Do

  • Instruments Files.copy(Path source, Path target, CopyOption[]) in FilesCallSite: fires beforeFileLoaded(source) for LFI detection and beforeFileWritten(target) for write detection
  • Instruments Files.copy(Path source, OutputStream out) in FilesCallSite: fires beforeFileLoaded(source) for LFI detection
  • Adds copyPathToPath and copyToStream helpers in TestFilesSuite and corresponding Spock tests in FilesCallSiteTest

Motivation

FilesCallSite was introduced in #11113 but omitted the Files.copy(Path, Path, CopyOption[]) and Files.copy(Path, OutputStream) overloads. Both are common file-management APIs: the source path is an LFI attack vector and the target path (in the path-to-path variant) is a path-traversal write vector. This PR closes that gap.

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-61874

Note: Once your PR is ready to merge, add it to the merge queue by commenting /merge. /merge -c cancels the queue request. /merge -f --reason "reason" skips all merge queue checks; please use this judiciously, as some checks do not run at the PR-level. For more information, see this doc.

@jandro996
feat(appsec): instrument Files.copy(Path,Path) and Files.copy(Path,Ou…
365fd78 
…tputStream) for RASP

Files.copy(Path source, Path target, CopyOption[]) was missing from FilesCallSite:
- fires beforeFileLoaded(source) for LFI detection on the source path
- fires beforeFileWritten(target) for write detection on the target path

Files.copy(Path source, OutputStream out) was also missing:
- fires beforeFileLoaded(source) for LFI detection on the source path
@jandro996 jandro996 requested review from a team as code owners April 22, 2026 12:10
@jandro996 jandro996 added type: enhancement Enhancements and improvements inst: others All other instrumentations labels Apr 22, 2026
@jandro996 jandro996 requested review from bric3, claponcet and manuel-alvarez-alvarez and removed request for a team April 22, 2026 12:10
@jandro996 jandro996 marked this pull request as draft April 22, 2026 12:31
@jandro996 jandro996 added comp: asm waf Application Security Management (WAF) and removed inst: others All other instrumentations labels Apr 22, 2026
@jandro996 jandro996 changed the title feat(appsec): instrument Files.copy(Path,Path) and Files.copy(Path,OutputStream) for RASP Add RASP instrumentation for Files.copy(Path,Path) and Files.copy(Path,OutputStream) Apr 22, 2026
@jandro996 jandro996 marked this pull request as ready for review April 22, 2026 12:43
@pr-commenter
Copy link
Copy Markdown

pr-commenter Bot commented Apr 22, 2026

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/APPSEC-61874-files-copy
git_commit_date 1776851822 1776859758
git_commit_sha 995f760 365fd78
release_version 1.62.0-SNAPSHOT~995f760c78 1.62.0-SNAPSHOT~365fd78564
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1776861519 1776861519
ci_job_id 1619253673 1619253673
ci_pipeline_id 109016985 109016985
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-zf2r58zg 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-zf2r58zg 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 63 metrics, 8 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.62.0-SNAPSHOT~365fd78564, baseline=1.62.0-SNAPSHOT~995f760c78

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.059 s) : 0, 1058868
Total [baseline] (8.857 s) : 0, 8856915
Agent [candidate] (1.063 s) : 0, 1063473
Total [candidate] (8.898 s) : 0, 8898287
section iast
Agent [baseline] (1.23 s) : 0, 1229957
Total [baseline] (9.608 s) : 0, 9608353
Agent [candidate] (1.23 s) : 0, 1230214
Total [candidate] (9.572 s) : 0, 9571631
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.059 s -
Agent iast 1.23 s 171.088 ms (16.2%)
Total tracing 8.857 s -
Total iast 9.608 s 751.437 ms (8.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.063 s -
Agent iast 1.23 s 166.741 ms (15.7%)
Total tracing 8.898 s -
Total iast 9.572 s 673.344 ms (7.6%) 
gantt
    title insecure-bank - break down per module: candidate=1.62.0-SNAPSHOT~365fd78564, baseline=1.62.0-SNAPSHOT~995f760c78

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.238 ms) : 0, 1238
crashtracking [candidate] (1.238 ms) : 0, 1238
BytebuddyAgent [baseline] (633.966 ms) : 0, 633966
BytebuddyAgent [candidate] (636.673 ms) : 0, 636673
AgentMeter [baseline] (29.64 ms) : 0, 29640
AgentMeter [candidate] (29.84 ms) : 0, 29840
GlobalTracer [baseline] (249.332 ms) : 0, 249332
GlobalTracer [candidate] (250.275 ms) : 0, 250275
AppSec [baseline] (32.372 ms) : 0, 32372
AppSec [candidate] (32.57 ms) : 0, 32570
Debugger [baseline] (59.039 ms) : 0, 59039
Debugger [candidate] (59.542 ms) : 0, 59542
Remote Config [baseline] (591.298 µs) : 0, 591
Remote Config [candidate] (596.922 µs) : 0, 597
Telemetry [baseline] (7.992 ms) : 0, 7992
Telemetry [candidate] (8.12 ms) : 0, 8120
Flare Poller [baseline] (8.324 ms) : 0, 8324
Flare Poller [candidate] (8.354 ms) : 0, 8354
section iast
crashtracking [baseline] (1.247 ms) : 0, 1247
crashtracking [candidate] (1.239 ms) : 0, 1239
BytebuddyAgent [baseline] (808.304 ms) : 0, 808304
BytebuddyAgent [candidate] (808.457 ms) : 0, 808457
AgentMeter [baseline] (11.407 ms) : 0, 11407
AgentMeter [candidate] (11.393 ms) : 0, 11393
GlobalTracer [baseline] (238.851 ms) : 0, 238851
GlobalTracer [candidate] (238.729 ms) : 0, 238729
AppSec [baseline] (27.438 ms) : 0, 27438
AppSec [candidate] (27.475 ms) : 0, 27475
Debugger [baseline] (64.806 ms) : 0, 64806
Debugger [candidate] (64.923 ms) : 0, 64923
Remote Config [baseline] (534.72 µs) : 0, 535
Remote Config [candidate] (522.867 µs) : 0, 523
Telemetry [baseline] (7.728 ms) : 0, 7728
Telemetry [candidate] (7.792 ms) : 0, 7792
Flare Poller [baseline] (3.413 ms) : 0, 3413
Flare Poller [candidate] (3.399 ms) : 0, 3399
IAST [baseline] (30.133 ms) : 0, 30133
IAST [candidate] (30.092 ms) : 0, 30092
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.62.0-SNAPSHOT~365fd78564, baseline=1.62.0-SNAPSHOT~995f760c78

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.068 s) : 0, 1067630
Total [baseline] (11.128 s) : 0, 11128137
Agent [candidate] (1.075 s) : 0, 1074689
Total [candidate] (11.114 s) : 0, 11114159
section appsec
Agent [baseline] (1.259 s) : 0, 1258950
Total [baseline] (10.98 s) : 0, 10979746
Agent [candidate] (1.275 s) : 0, 1274579
Total [candidate] (11.181 s) : 0, 11181320
section iast
Agent [baseline] (1.237 s) : 0, 1236711
Total [baseline] (11.333 s) : 0, 11332683
Agent [candidate] (1.253 s) : 0, 1252929
Total [candidate] (11.399 s) : 0, 11399135
section profiling
Agent [baseline] (1.189 s) : 0, 1189423
Total [baseline] (11.097 s) : 0, 11097324
Agent [candidate] (1.184 s) : 0, 1184108
Total [candidate] (11.068 s) : 0, 11068386
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.068 s -
Agent appsec 1.259 s 191.32 ms (17.9%)
Agent iast 1.237 s 169.081 ms (15.8%)
Agent profiling 1.189 s 121.793 ms (11.4%)
Total tracing 11.128 s -
Total appsec 10.98 s -148.391 ms (-1.3%)
Total iast 11.333 s 204.546 ms (1.8%)
Total profiling 11.097 s -30.813 ms (-0.3%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.075 s -
Agent appsec 1.275 s 199.89 ms (18.6%)
Agent iast 1.253 s 178.24 ms (16.6%)
Agent profiling 1.184 s 109.419 ms (10.2%)
Total tracing 11.114 s -
Total appsec 11.181 s 67.161 ms (0.6%)
Total iast 11.399 s 284.977 ms (2.6%)
Total profiling 11.068 s -45.773 ms (-0.4%) 
gantt
    title petclinic - break down per module: candidate=1.62.0-SNAPSHOT~365fd78564, baseline=1.62.0-SNAPSHOT~995f760c78

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.266 ms) : 0, 1266
crashtracking [candidate] (1.258 ms) : 0, 1258
BytebuddyAgent [baseline] (638.361 ms) : 0, 638361
BytebuddyAgent [candidate] (645.185 ms) : 0, 645185
AgentMeter [baseline] (29.898 ms) : 0, 29898
AgentMeter [candidate] (30.151 ms) : 0, 30151
GlobalTracer [baseline] (251.091 ms) : 0, 251091
GlobalTracer [candidate] (251.518 ms) : 0, 251518
AppSec [baseline] (32.598 ms) : 0, 32598
AppSec [candidate] (32.687 ms) : 0, 32687
Debugger [baseline] (60.3 ms) : 0, 60300
Debugger [candidate] (60.325 ms) : 0, 60325
Remote Config [baseline] (595.141 µs) : 0, 595
Remote Config [candidate] (596.75 µs) : 0, 597
Telemetry [baseline] (8.846 ms) : 0, 8846
Telemetry [candidate] (8.092 ms) : 0, 8092
Flare Poller [baseline] (8.289 ms) : 0, 8289
Flare Poller [candidate] (8.217 ms) : 0, 8217
section appsec
crashtracking [baseline] (1.218 ms) : 0, 1218
crashtracking [candidate] (1.249 ms) : 0, 1249
BytebuddyAgent [baseline] (671.784 ms) : 0, 671784
BytebuddyAgent [candidate] (681.822 ms) : 0, 681822
AgentMeter [baseline] (12.167 ms) : 0, 12167
AgentMeter [candidate] (12.287 ms) : 0, 12287
GlobalTracer [baseline] (248.58 ms) : 0, 248580
GlobalTracer [candidate] (251.715 ms) : 0, 251715
AppSec [baseline] (185.669 ms) : 0, 185669
AppSec [candidate] (187.992 ms) : 0, 187992
Debugger [baseline] (66.868 ms) : 0, 66868
Debugger [candidate] (66.026 ms) : 0, 66026
Remote Config [baseline] (583.649 µs) : 0, 584
Remote Config [candidate] (588.79 µs) : 0, 589
Telemetry [baseline] (7.925 ms) : 0, 7925
Telemetry [candidate] (8.068 ms) : 0, 8068
Flare Poller [baseline] (3.469 ms) : 0, 3469
Flare Poller [candidate] (3.547 ms) : 0, 3547
IAST [baseline] (24.3 ms) : 0, 24300
IAST [candidate] (24.539 ms) : 0, 24539
section iast
crashtracking [baseline] (1.237 ms) : 0, 1237
crashtracking [candidate] (1.248 ms) : 0, 1248
BytebuddyAgent [baseline] (812.317 ms) : 0, 812317
BytebuddyAgent [candidate] (825.867 ms) : 0, 825867
AgentMeter [baseline] (11.615 ms) : 0, 11615
AgentMeter [candidate] (11.756 ms) : 0, 11756
GlobalTracer [baseline] (240.281 ms) : 0, 240281
GlobalTracer [candidate] (241.119 ms) : 0, 241119
AppSec [baseline] (27.528 ms) : 0, 27528
AppSec [candidate] (29.003 ms) : 0, 29003
Debugger [baseline] (63.304 ms) : 0, 63304
Debugger [candidate] (66.235 ms) : 0, 66235
Remote Config [baseline] (536.143 µs) : 0, 536
Remote Config [candidate] (545.106 µs) : 0, 545
Telemetry [baseline] (7.704 ms) : 0, 7704
Telemetry [candidate] (7.909 ms) : 0, 7909
Flare Poller [baseline] (3.359 ms) : 0, 3359
Flare Poller [candidate] (3.462 ms) : 0, 3462
IAST [baseline] (32.648 ms) : 0, 32648
IAST [candidate] (29.305 ms) : 0, 29305
section profiling
ProfilingAgent [baseline] (94.626 ms) : 0, 94626
ProfilingAgent [candidate] (94.457 ms) : 0, 94457
crashtracking [baseline] (1.184 ms) : 0, 1184
crashtracking [candidate] (1.183 ms) : 0, 1183
BytebuddyAgent [baseline] (694.044 ms) : 0, 694044
BytebuddyAgent [candidate] (691.114 ms) : 0, 691114
AgentMeter [baseline] (9.252 ms) : 0, 9252
AgentMeter [candidate] (9.177 ms) : 0, 9177
GlobalTracer [baseline] (207.609 ms) : 0, 207609
GlobalTracer [candidate] (206.704 ms) : 0, 206704
AppSec [baseline] (33.043 ms) : 0, 33043
AppSec [candidate] (32.73 ms) : 0, 32730
Debugger [baseline] (66.133 ms) : 0, 66133
Debugger [candidate] (65.616 ms) : 0, 65616
Remote Config [baseline] (590.542 µs) : 0, 591
Remote Config [candidate] (572.647 µs) : 0, 573
Telemetry [baseline] (7.868 ms) : 0, 7868
Telemetry [candidate] (7.794 ms) : 0, 7794
Flare Poller [baseline] (3.585 ms) : 0, 3585
Flare Poller [candidate] (3.564 ms) : 0, 3564
Profiling [baseline] (95.196 ms) : 0, 95196
Profiling [candidate] (95.012 ms) : 0, 95012
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/APPSEC-61874-files-copy
git_commit_date 1776851822 1776859758
git_commit_sha 995f760 365fd78
release_version 1.62.0-SNAPSHOT~995f760c78 1.62.0-SNAPSHOT~365fd78564
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1776862105 1776862105
ci_job_id 1619253674 1619253674
ci_pipeline_id 109016985 109016985
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-b77yder6 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-b77yder6 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 4 performance regressions! Performance is the same for 16 metrics, 16 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:iast_FULL:high_load worse
[+207.519µs; +466.125µs] or [+3.964%; +8.904%]		 worse
[+315.901µs; +1020.243µs] or [+2.490%; +8.041%]		 unstable
[-121.816op/s; +40.254op/s] or [-15.642%; +5.169%]		 5.572ms 13.356ms 738.000op/s 5.235ms 12.688ms 778.781op/s
scenario:load:petclinic:appsec:high_load worse
[+0.836ms; +1.954ms] or [+4.581%; +10.703%]		 unsure
[+0.506ms; +2.435ms] or [+1.710%; +8.226%]		 unstable
[-41.131op/s; +12.506op/s] or [-16.444%; +5.000%]		 19.649ms 31.076ms 235.812op/s 18.254ms 29.605ms 250.125op/s
scenario:load:petclinic:no_agent:high_load worse
[+0.590ms; +2.237ms] or [+3.339%; +12.652%]		 unstable
[+0.013ms; +3.305ms] or [+0.045%; +11.267%]		 unstable
[-45.169op/s; +12.856op/s] or [-17.505%; +4.983%]		 19.098ms 30.998ms 241.875op/s 17.684ms 29.339ms 258.031op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~365fd78564, baseline=1.62.0-SNAPSHOT~995f760c78
    dateFormat X
    axisFormat %s
section baseline
no_agent (18.082 ms) : 17901, 18264
.   : milestone, 18082,
appsec (18.658 ms) : 18472, 18843
.   : milestone, 18658,
code_origins (17.927 ms) : 17754, 18101
.   : milestone, 17927,
iast (18.471 ms) : 18288, 18654
.   : milestone, 18471,
profiling (18.398 ms) : 18215, 18582
.   : milestone, 18398,
tracing (17.951 ms) : 17776, 18127
.   : milestone, 17951,
section candidate
no_agent (19.299 ms) : 19104, 19494
.   : milestone, 19299,
appsec (19.797 ms) : 19595, 19999
.   : milestone, 19797,
code_origins (18.054 ms) : 17873, 18234
.   : milestone, 18054,
iast (17.98 ms) : 17802, 18157
.   : milestone, 17980,
profiling (18.114 ms) : 17936, 18291
.   : milestone, 18114,
tracing (17.816 ms) : 17638, 17994
.   : milestone, 17816,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.082 ms [17.901 ms, 18.264 ms] -
appsec 18.658 ms [18.472 ms, 18.843 ms] 575.554 µs (3.2%)
code_origins 17.927 ms [17.754 ms, 18.101 ms] -154.829 µs (-0.9%)
iast 18.471 ms [18.288 ms, 18.654 ms] 388.507 µs (2.1%)
profiling 18.398 ms [18.215 ms, 18.582 ms] 316.257 µs (1.7%)
tracing 17.951 ms [17.776 ms, 18.127 ms] -130.683 µs (-0.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.299 ms [19.104 ms, 19.494 ms] -
appsec 19.797 ms [19.595 ms, 19.999 ms] 497.683 µs (2.6%)
code_origins 18.054 ms [17.873 ms, 18.234 ms] -1.245 ms (-6.5%)
iast 17.98 ms [17.802 ms, 18.157 ms] -1.319 ms (-6.8%)
profiling 18.114 ms [17.936 ms, 18.291 ms] -1.185 ms (-6.1%)
tracing 17.816 ms [17.638 ms, 17.994 ms] -1.483 ms (-7.7%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~365fd78564, baseline=1.62.0-SNAPSHOT~995f760c78
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.233 ms) : 1221, 1245
.   : milestone, 1233,
iast (3.305 ms) : 3255, 3355
.   : milestone, 3305,
iast_FULL (5.936 ms) : 5875, 5997
.   : milestone, 5936,
iast_GLOBAL (3.678 ms) : 3624, 3731
.   : milestone, 3678,
profiling (2.162 ms) : 2142, 2182
.   : milestone, 2162,
tracing (1.971 ms) : 1954, 1988
.   : milestone, 1971,
section candidate
no_agent (1.254 ms) : 1242, 1267
.   : milestone, 1254,
iast (3.337 ms) : 3294, 3381
.   : milestone, 3337,
iast_FULL (6.271 ms) : 6207, 6335
.   : milestone, 6271,
iast_GLOBAL (3.785 ms) : 3728, 3841
.   : milestone, 3785,
profiling (2.31 ms) : 2287, 2332
.   : milestone, 2310,
tracing (1.955 ms) : 1936, 1973
.   : milestone, 1955,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.233 ms [1.221 ms, 1.245 ms] -
iast 3.305 ms [3.255 ms, 3.355 ms] 2.073 ms (168.1%)
iast_FULL 5.936 ms [5.875 ms, 5.997 ms] 4.703 ms (381.5%)
iast_GLOBAL 3.678 ms [3.624 ms, 3.731 ms] 2.445 ms (198.3%)
profiling 2.162 ms [2.142 ms, 2.182 ms] 929.31 µs (75.4%)
tracing 1.971 ms [1.954 ms, 1.988 ms] 737.816 µs (59.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.254 ms [1.242 ms, 1.267 ms] -
iast 3.337 ms [3.294 ms, 3.381 ms] 2.083 ms (166.1%)
iast_FULL 6.271 ms [6.207 ms, 6.335 ms] 5.017 ms (400.0%)
iast_GLOBAL 3.785 ms [3.728 ms, 3.841 ms] 2.53 ms (201.8%)
profiling 2.31 ms [2.287 ms, 2.332 ms] 1.055 ms (84.2%)
tracing 1.955 ms [1.936 ms, 1.973 ms] 700.495 µs (55.9%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/APPSEC-61874-files-copy
git_commit_date 1776851822 1776859758
git_commit_sha 995f760 365fd78
release_version 1.62.0-SNAPSHOT~995f760c78 1.62.0-SNAPSHOT~365fd78564
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1776861799 1776861799
ci_job_id 1619253676 1619253676
ci_pipeline_id 109016985 109016985
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-lql6rgfz 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-lql6rgfz 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~365fd78564, baseline=1.62.0-SNAPSHOT~995f760c78
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.496 ms) : 1484, 1508
.   : milestone, 1496,
appsec (2.542 ms) : 2487, 2596
.   : milestone, 2542,
iast (2.291 ms) : 2221, 2361
.   : milestone, 2291,
iast_GLOBAL (2.337 ms) : 2266, 2407
.   : milestone, 2337,
profiling (2.114 ms) : 2058, 2169
.   : milestone, 2114,
tracing (2.108 ms) : 2054, 2162
.   : milestone, 2108,
section candidate
no_agent (1.491 ms) : 1479, 1502
.   : milestone, 1491,
appsec (3.806 ms) : 3584, 4029
.   : milestone, 3806,
iast (2.3 ms) : 2231, 2370
.   : milestone, 2300,
iast_GLOBAL (2.328 ms) : 2258, 2398
.   : milestone, 2328,
profiling (2.112 ms) : 2058, 2167
.   : milestone, 2112,
tracing (2.091 ms) : 2037, 2144
.   : milestone, 2091,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.496 ms [1.484 ms, 1.508 ms] -
appsec 2.542 ms [2.487 ms, 2.596 ms] 1.046 ms (69.9%)
iast 2.291 ms [2.221 ms, 2.361 ms] 795.097 µs (53.2%)
iast_GLOBAL 2.337 ms [2.266 ms, 2.407 ms] 841.011 µs (56.2%)
profiling 2.114 ms [2.058 ms, 2.169 ms] 617.681 µs (41.3%)
tracing 2.108 ms [2.054 ms, 2.162 ms] 612.47 µs (40.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.491 ms [1.479 ms, 1.502 ms] -
appsec 3.806 ms [3.584 ms, 4.029 ms] 2.316 ms (155.3%)
iast 2.3 ms [2.231 ms, 2.37 ms] 809.411 µs (54.3%)
iast_GLOBAL 2.328 ms [2.258 ms, 2.398 ms] 836.897 µs (56.1%)
profiling 2.112 ms [2.058 ms, 2.167 ms] 621.57 µs (41.7%)
tracing 2.091 ms [2.037 ms, 2.144 ms] 599.884 µs (40.2%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~365fd78564, baseline=1.62.0-SNAPSHOT~995f760c78
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.516 s) : 15516000, 15516000
.   : milestone, 15516000,
appsec (14.705 s) : 14705000, 14705000
.   : milestone, 14705000,
iast (18.73 s) : 18730000, 18730000
.   : milestone, 18730000,
iast_GLOBAL (17.794 s) : 17794000, 17794000
.   : milestone, 17794000,
profiling (14.963 s) : 14963000, 14963000
.   : milestone, 14963000,
tracing (14.994 s) : 14994000, 14994000
.   : milestone, 14994000,
section candidate
no_agent (15.574 s) : 15574000, 15574000
.   : milestone, 15574000,
appsec (14.676 s) : 14676000, 14676000
.   : milestone, 14676000,
iast (18.36 s) : 18360000, 18360000
.   : milestone, 18360000,
iast_GLOBAL (18.115 s) : 18115000, 18115000
.   : milestone, 18115000,
profiling (15.387 s) : 15387000, 15387000
.   : milestone, 15387000,
tracing (14.978 s) : 14978000, 14978000
.   : milestone, 14978000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.516 s [15.516 s, 15.516 s] -
appsec 14.705 s [14.705 s, 14.705 s] -811.0 ms (-5.2%)
iast 18.73 s [18.73 s, 18.73 s] 3.214 s (20.7%)
iast_GLOBAL 17.794 s [17.794 s, 17.794 s] 2.278 s (14.7%)
profiling 14.963 s [14.963 s, 14.963 s] -553.0 ms (-3.6%)
tracing 14.994 s [14.994 s, 14.994 s] -522.0 ms (-3.4%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.574 s [15.574 s, 15.574 s] -
appsec 14.676 s [14.676 s, 14.676 s] -898.0 ms (-5.8%)
iast 18.36 s [18.36 s, 18.36 s] 2.786 s (17.9%)
iast_GLOBAL 18.115 s [18.115 s, 18.115 s] 2.541 s (16.3%)
profiling 15.387 s [15.387 s, 15.387 s] -187.0 ms (-1.2%)
tracing 14.978 s [14.978 s, 14.978 s] -596.0 ms (-3.8%)

@jandro996 jandro996 requested a review from smola April 23, 2026 07:24
@jandro996 jandro996 added this pull request to the merge queue Apr 23, 2026
@dd-octo-sts
Copy link
Copy Markdown
Contributor

dd-octo-sts Bot commented Apr 23, 2026

/merge

@gh-worker-devflow-routing-ef8351
Copy link
Copy Markdown

gh-worker-devflow-routing-ef8351 Bot commented Apr 23, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-04-23 10:38:16 UTC ℹ️ Start processing command /merge
Use /merge -c to cancel this operation!

2026-04-23 10:38:21 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in master is approximately 2h (p90).

Use /merge -c to cancel this operation!

⏳ Processing

@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Apr 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claponcet claponcet claponcet approved these changes

@manuel-alvarez-alvarez manuel-alvarez-alvarez Awaiting requested review from manuel-alvarez-alvarez manuel-alvarez-alvarez is a code owner automatically assigned from DataDog/asm-java

@bric3 bric3 Awaiting requested review from bric3 bric3 is a code owner automatically assigned from DataDog/apm-lang-platform-java

@smola smola Awaiting requested review from smola

Assignees

No one assigned

Labels

comp: asm waf Application Security Management (WAF) type: enhancement Enhancements and improvements

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jandro996 @claponcet