Fix org.json iast instrumentation test for latest dependency #8347
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jandro996
force-pushed
the
alejandro.gonzalez/APPSEC-56455
branch
from
aceb1ba to
9b82465
Compare
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 57 metrics, 6 unstable metrics. Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.47.0-SNAPSHOT~4984a98bc1, baseline=1.47.0-SNAPSHOT~40f82243ba
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.048 s) : 0, 1047900
Total [baseline] (10.469 s) : 0, 10469339
Agent [candidate] (1.047 s) : 0, 1046583
Total [candidate] (10.48 s) : 0, 10479762
section appsec
Agent [baseline] (1.189 s) : 0, 1189480
Total [baseline] (10.764 s) : 0, 10763925
Agent [candidate] (1.189 s) : 0, 1189269
Total [candidate] (10.777 s) : 0, 10776573
section iast
Agent [baseline] (1.174 s) : 0, 1173699
Total [baseline] (10.972 s) : 0, 10971759
Agent [candidate] (1.181 s) : 0, 1181370
Total [candidate] (10.983 s) : 0, 10983222
section profiling
Agent [baseline] (1.265 s) : 0, 1265045
Total [baseline] (10.895 s) : 0, 10895200
Agent [candidate] (1.263 s) : 0, 1262734
Total [candidate] (10.929 s) : 0, 10928864
gantt
title petclinic - break down per module: candidate=1.47.0-SNAPSHOT~4984a98bc1, baseline=1.47.0-SNAPSHOT~40f82243ba
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (720.022 ms) : 0, 720022
BytebuddyAgent [candidate] (717.47 ms) : 0, 717470
GlobalTracer [baseline] (244.256 ms) : 0, 244256
GlobalTracer [candidate] (243.733 ms) : 0, 243733
AppSec [baseline] (55.35 ms) : 0, 55350
AppSec [candidate] (54.998 ms) : 0, 54998
Remote Config [baseline] (724.092 µs) : 0, 724
Remote Config [candidate] (710.175 µs) : 0, 710
Telemetry [baseline] (12.251 ms) : 0, 12251
Telemetry [candidate] (14.516 ms) : 0, 14516
section appsec
BytebuddyAgent [baseline] (736.514 ms) : 0, 736514
BytebuddyAgent [candidate] (737.473 ms) : 0, 737473
GlobalTracer [baseline] (240.822 ms) : 0, 240822
GlobalTracer [candidate] (240.546 ms) : 0, 240546
AppSec [baseline] (176.714 ms) : 0, 176714
AppSec [candidate] (176.236 ms) : 0, 176236
Remote Config [baseline] (664.667 µs) : 0, 665
Remote Config [candidate] (660.605 µs) : 0, 661
Telemetry [baseline] (8.647 ms) : 0, 8647
Telemetry [candidate] (8.24 ms) : 0, 8240
IAST [baseline] (21.775 ms) : 0, 21775
IAST [candidate] (21.749 ms) : 0, 21749
section iast
BytebuddyAgent [baseline] (835.777 ms) : 0, 835777
BytebuddyAgent [candidate] (841.727 ms) : 0, 841727
GlobalTracer [baseline] (233.376 ms) : 0, 233376
GlobalTracer [candidate] (234.726 ms) : 0, 234726
AppSec [baseline] (56.998 ms) : 0, 56998
AppSec [candidate] (57.21 ms) : 0, 57210
Remote Config [baseline] (618.681 µs) : 0, 619
Remote Config [candidate] (613.58 µs) : 0, 614
Telemetry [baseline] (8.699 ms) : 0, 8699
Telemetry [candidate] (8.755 ms) : 0, 8755
IAST [baseline] (23.006 ms) : 0, 23006
IAST [candidate] (22.892 ms) : 0, 22892
section profiling
BytebuddyAgent [baseline] (707.195 ms) : 0, 707195
BytebuddyAgent [candidate] (707.737 ms) : 0, 707737
GlobalTracer [baseline] (353.503 ms) : 0, 353503
GlobalTracer [candidate] (352.849 ms) : 0, 352849
AppSec [baseline] (55.176 ms) : 0, 55176
AppSec [candidate] (54.689 ms) : 0, 54689
Remote Config [baseline] (720.759 µs) : 0, 721
Remote Config [candidate] (702.918 µs) : 0, 703
Telemetry [baseline] (9.722 ms) : 0, 9722
Telemetry [candidate] (8.877 ms) : 0, 8877
ProfilingAgent [baseline] (96.562 ms) : 0, 96562
ProfilingAgent [candidate] (95.609 ms) : 0, 95609
Profiling [baseline] (96.586 ms) : 0, 96586
Profiling [candidate] (95.634 ms) : 0, 95634
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.47.0-SNAPSHOT~4984a98bc1, baseline=1.47.0-SNAPSHOT~40f82243ba
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.047 s) : 0, 1047168
Total [baseline] (8.652 s) : 0, 8652416
Agent [candidate] (1.046 s) : 0, 1046274
Total [candidate] (8.646 s) : 0, 8645883
section iast
Agent [baseline] (1.181 s) : 0, 1180760
Total [baseline] (9.205 s) : 0, 9205366
Agent [candidate] (1.181 s) : 0, 1180933
Total [candidate] (9.249 s) : 0, 9249219
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.176 s) : 0, 1175784
Total [baseline] (9.265 s) : 0, 9264983
Agent [candidate] (1.198 s) : 0, 1198331
Total [candidate] (9.276 s) : 0, 9275596
section iast_TELEMETRY_OFF
Agent [baseline] (1.177 s) : 0, 1177375
Total [baseline] (9.229 s) : 0, 9229046
Agent [candidate] (1.186 s) : 0, 1185564
Total [candidate] (9.254 s) : 0, 9254057
gantt
title insecure-bank - break down per module: candidate=1.47.0-SNAPSHOT~4984a98bc1, baseline=1.47.0-SNAPSHOT~40f82243ba
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (718.541 ms) : 0, 718541
BytebuddyAgent [candidate] (718.038 ms) : 0, 718038
GlobalTracer [baseline] (243.312 ms) : 0, 243312
GlobalTracer [candidate] (243.537 ms) : 0, 243537
AppSec [baseline] (54.933 ms) : 0, 54933
AppSec [candidate] (55.267 ms) : 0, 55267
Remote Config [baseline] (714.091 µs) : 0, 714
Remote Config [candidate] (719.059 µs) : 0, 719
Telemetry [baseline] (14.46 ms) : 0, 14460
Telemetry [candidate] (13.543 ms) : 0, 13543
section iast
BytebuddyAgent [baseline] (841.768 ms) : 0, 841768
BytebuddyAgent [candidate] (841.417 ms) : 0, 841417
GlobalTracer [baseline] (234.226 ms) : 0, 234226
GlobalTracer [candidate] (234.556 ms) : 0, 234556
IAST [baseline] (22.975 ms) : 0, 22975
IAST [candidate] (22.922 ms) : 0, 22922
AppSec [baseline] (56.97 ms) : 0, 56970
AppSec [candidate] (57.305 ms) : 0, 57305
Remote Config [baseline] (620.543 µs) : 0, 621
Remote Config [candidate] (611.694 µs) : 0, 612
Telemetry [baseline] (8.783 ms) : 0, 8783
Telemetry [candidate] (8.833 ms) : 0, 8833
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (837.154 ms) : 0, 837154
BytebuddyAgent [candidate] (854.96 ms) : 0, 854960
GlobalTracer [baseline] (233.494 ms) : 0, 233494
GlobalTracer [candidate] (236.997 ms) : 0, 236997
IAST [baseline] (23.008 ms) : 0, 23008
IAST [candidate] (23.636 ms) : 0, 23636
AppSec [baseline] (57.365 ms) : 0, 57365
AppSec [candidate] (57.617 ms) : 0, 57617
Remote Config [baseline] (625.783 µs) : 0, 626
Remote Config [candidate] (623.015 µs) : 0, 623
Telemetry [baseline] (8.855 ms) : 0, 8855
Telemetry [candidate] (8.83 ms) : 0, 8830
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (838.348 ms) : 0, 838348
BytebuddyAgent [candidate] (844.847 ms) : 0, 844847
GlobalTracer [baseline] (234.633 ms) : 0, 234633
GlobalTracer [candidate] (236.264 ms) : 0, 236264
IAST [baseline] (27.416 ms) : 0, 27416
IAST [candidate] (27.348 ms) : 0, 27348
AppSec [baseline] (52.378 ms) : 0, 52378
AppSec [candidate] (52.312 ms) : 0, 52312
Remote Config [baseline] (628.262 µs) : 0, 628
Remote Config [candidate] (623.403 µs) : 0, 623
Telemetry [baseline] (8.678 ms) : 0, 8678
Telemetry [candidate] (8.75 ms) : 0, 8750
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 13 metrics, 15 unstable metrics. Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.47.0-SNAPSHOT~4984a98bc1, baseline=1.47.0-SNAPSHOT~40f82243ba
dateFormat X
axisFormat %s
section baseline
no_agent (1.363 ms) : 1343, 1382
. : milestone, 1363,
appsec (1.793 ms) : 1770, 1816
. : milestone, 1793,
appsec_no_iast (1.784 ms) : 1762, 1807
. : milestone, 1784,
iast (1.531 ms) : 1506, 1556
. : milestone, 1531,
profiling (1.547 ms) : 1522, 1572
. : milestone, 1547,
tracing (1.495 ms) : 1470, 1521
. : milestone, 1495,
section candidate
no_agent (1.367 ms) : 1346, 1388
. : milestone, 1367,
appsec (1.754 ms) : 1730, 1778
. : milestone, 1754,
appsec_no_iast (1.779 ms) : 1755, 1803
. : milestone, 1779,
iast (1.527 ms) : 1502, 1551
. : milestone, 1527,
profiling (1.521 ms) : 1497, 1544
. : milestone, 1521,
tracing (1.507 ms) : 1483, 1531
. : milestone, 1507,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.47.0-SNAPSHOT~4984a98bc1, baseline=1.47.0-SNAPSHOT~40f82243ba
dateFormat X
axisFormat %s
section baseline
no_agent (388.161 µs) : 368, 408
. : milestone, 388,
iast (522.471 µs) : 500, 545
. : milestone, 522,
iast_FULL (750.902 µs) : 729, 773
. : milestone, 751,
iast_GLOBAL (560.347 µs) : 538, 582
. : milestone, 560,
iast_HARDCODED_SECRET_DISABLED (521.082 µs) : 500, 543
. : milestone, 521,
iast_INACTIVE (465.844 µs) : 445, 487
. : milestone, 466,
iast_TELEMETRY_OFF (504.103 µs) : 481, 527
. : milestone, 504,
tracing (468.154 µs) : 447, 490
. : milestone, 468,
section candidate
no_agent (392.084 µs) : 372, 412
. : milestone, 392,
iast (517.306 µs) : 495, 539
. : milestone, 517,
iast_FULL (749.483 µs) : 728, 771
. : milestone, 749,
iast_GLOBAL (558.297 µs) : 536, 581
. : milestone, 558,
iast_HARDCODED_SECRET_DISABLED (519.394 µs) : 498, 541
. : milestone, 519,
iast_INACTIVE (473.82 µs) : 452, 495
. : milestone, 474,
iast_TELEMETRY_OFF (508.613 µs) : 486, 531
. : milestone, 509,
tracing (467.389 µs) : 446, 489
. : milestone, 467,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.47.0-SNAPSHOT~4984a98bc1, baseline=1.47.0-SNAPSHOT~40f82243ba
dateFormat X
axisFormat %s
section baseline
no_agent (14.946 s) : 14946000, 14946000
. : milestone, 14946000,
appsec (14.697 s) : 14697000, 14697000
. : milestone, 14697000,
iast (18.702 s) : 18702000, 18702000
. : milestone, 18702000,
iast_GLOBAL (18.097 s) : 18097000, 18097000
. : milestone, 18097000,
profiling (15.073 s) : 15073000, 15073000
. : milestone, 15073000,
tracing (14.873 s) : 14873000, 14873000
. : milestone, 14873000,
section candidate
no_agent (15.46 s) : 15460000, 15460000
. : milestone, 15460000,
appsec (15.087 s) : 15087000, 15087000
. : milestone, 15087000,
iast (18.953 s) : 18953000, 18953000
. : milestone, 18953000,
iast_GLOBAL (18.512 s) : 18512000, 18512000
. : milestone, 18512000,
profiling (15.444 s) : 15444000, 15444000
. : milestone, 15444000,
tracing (14.819 s) : 14819000, 14819000
. : milestone, 14819000,
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.47.0-SNAPSHOT~4984a98bc1, baseline=1.47.0-SNAPSHOT~40f82243ba
dateFormat X
axisFormat %s
section baseline
no_agent (1.467 ms) : 1456, 1479
. : milestone, 1467,
appsec (2.364 ms) : 2320, 2407
. : milestone, 2364,
iast (2.101 ms) : 2046, 2155
. : milestone, 2101,
iast_GLOBAL (2.147 ms) : 2092, 2202
. : milestone, 2147,
profiling (1.972 ms) : 1928, 2017
. : milestone, 1972,
tracing (1.945 ms) : 1903, 1987
. : milestone, 1945,
section candidate
no_agent (1.466 ms) : 1454, 1477
. : milestone, 1466,
appsec (2.356 ms) : 2313, 2399
. : milestone, 2356,
iast (2.107 ms) : 2052, 2162
. : milestone, 2107,
iast_GLOBAL (2.146 ms) : 2091, 2202
. : milestone, 2146,
profiling (1.956 ms) : 1913, 2000
. : milestone, 1956,
tracing (1.943 ms) : 1901, 1986
. : milestone, 1943,
|
| public class JSONObject20241224Instrumentation extends InstrumenterModule.Iast | ||
| implements Instrumenter.ForSingleType, Instrumenter.HasMethodAdvice { | ||
| public JSONObject20241224Instrumentation() { | ||
| super("org-json"); |
There was a problem hiding this comment.
i don't know if this is a problem, can they be named identically? perhaps it's beneficial to name it differently?
manuel-alvarez-alvarez
approved these changes
Feb 11, 2025
| return "after_20241224"; | ||
| } | ||
|
|
||
| @Override |
There was a problem hiding this comment.
Should this be a muzzle reference rather than a class loader matcher?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Motivation
Fix latest dependency test for org.json (20250107)
Additional Notes
Contributor Checklist
type:and (comp:orinst:) labels in addition to any usefull labelsclose,fixor any linking keywords when referencing an issue.Use
solvesinstead, and assign the PR milestone to the issueJira ticket: APPSEC-56455