Add support for suspicious attacker blocking to appsec

[manuel-alvarez-alvarez]

What Does This Do

Adds the new exclusion_data feature to the WAF, this new property also belongs to the ASM_DATA remote config payload.

Motivation

This PR adds a new feature called suspicious attacker blocking to appsec, which allows the ASM libraries to block specific attackers only when an attack has been detected.

Additional Notes

RFC describing the new feature.

Contributor Checklist

• Format the title according the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any usefull labels
• Squash your commits prior merging or merge using GitHub's Squash and merge
• Don't use close, fix or any linking keywords when referencing an issue.
  Use solves instead, and assign the PR milestone to the issue
• Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-46829

[jandro996]

👍

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/waf-suspicious-request-blocking
git_commit_date	1723191704	1723192485
git_commit_sha	bb44d60	836a8c2
release_version	1.39.0-SNAPSHOT~bb44d60251	1.39.0-SNAPSHOT~836a8c2aac

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1723194734	1723194734
ci_job_id	599834328	599834328
ci_pipeline_id	41308916	41308916
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 47 metrics, 15 unstable metrics.

scenario	Δ mean execution_time	candidate mean execution_time	baseline mean execution_time
scenario:startup:insecure-bank:iast_TELEMETRY_OFF:Remote Config	better [-58.708µs; -23.395µs] or [-9.198%; -3.665%]	597.223µs	638.274µs

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.39.0-SNAPSHOT~836a8c2aac, baseline=1.39.0-SNAPSHOT~bb44d60251

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.047 s) : 0, 1046584
Total [baseline] (10.31 s) : 0, 10310053
Agent [candidate] (1.055 s) : 0, 1054587
Total [candidate] (10.386 s) : 0, 10386133
section appsec
Agent [baseline] (1.165 s) : 0, 1165393
Total [baseline] (10.477 s) : 0, 10477141
Agent [candidate] (1.174 s) : 0, 1173749
Total [candidate] (10.544 s) : 0, 10543583
section iast
Agent [baseline] (1.183 s) : 0, 1182703
Total [baseline] (10.832 s) : 0, 10832085
Agent [candidate] (1.174 s) : 0, 1174285
Total [candidate] (10.779 s) : 0, 10778822
section profiling
Agent [baseline] (1.249 s) : 0, 1248512
Total [baseline] (10.681 s) : 0, 10681161
Agent [candidate] (1.243 s) : 0, 1243068
Total [candidate] (10.585 s) : 0, 10584900

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.047 s	-
Agent	appsec	1.165 s	118.809 ms (11.4%)
Agent	iast	1.183 s	136.119 ms (13.0%)
Agent	profiling	1.249 s	201.928 ms (19.3%)
Total	tracing	10.31 s	-
Total	appsec	10.477 s	167.087 ms (1.6%)
Total	iast	10.832 s	522.032 ms (5.1%)
Total	profiling	10.681 s	371.108 ms (3.6%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.055 s	-
Agent	appsec	1.174 s	119.162 ms (11.3%)
Agent	iast	1.174 s	119.699 ms (11.4%)
Agent	profiling	1.243 s	188.481 ms (17.9%)
Total	tracing	10.386 s	-
Total	appsec	10.544 s	157.449 ms (1.5%)
Total	iast	10.779 s	392.689 ms (3.8%)
Total	profiling	10.585 s	198.766 ms (1.9%)

gantt
    title petclinic - break down per module: candidate=1.39.0-SNAPSHOT~836a8c2aac, baseline=1.39.0-SNAPSHOT~bb44d60251

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (668.013 ms) : 0, 668013
BytebuddyAgent [candidate] (672.724 ms) : 0, 672724
GlobalTracer [baseline] (306.576 ms) : 0, 306576
GlobalTracer [candidate] (309.086 ms) : 0, 309086
AppSec [baseline] (50.466 ms) : 0, 50466
AppSec [candidate] (51.192 ms) : 0, 51192
Remote Config [baseline] (700.951 µs) : 0, 701
Remote Config [candidate] (699.84 µs) : 0, 700
Telemetry [baseline] (7.379 ms) : 0, 7379
Telemetry [candidate] (7.377 ms) : 0, 7377
section appsec
BytebuddyAgent [baseline] (677.312 ms) : 0, 677312
BytebuddyAgent [candidate] (682.34 ms) : 0, 682340
GlobalTracer [baseline] (299.669 ms) : 0, 299669
GlobalTracer [candidate] (302.229 ms) : 0, 302229
AppSec [baseline] (155.435 ms) : 0, 155435
AppSec [candidate] (157.213 ms) : 0, 157213
Remote Config [baseline] (599.907 µs) : 0, 600
Remote Config [candidate] (613.483 µs) : 0, 613
Telemetry [baseline] (7.875 ms) : 0, 7875
Telemetry [candidate] (7.333 ms) : 0, 7333
IAST [baseline] (22.074 ms) : 0, 22074
IAST [candidate] (20.887 ms) : 0, 20887
section iast
BytebuddyAgent [baseline] (787.017 ms) : 0, 787017
BytebuddyAgent [candidate] (780.723 ms) : 0, 780723
GlobalTracer [baseline] (297.914 ms) : 0, 297914
GlobalTracer [candidate] (296.215 ms) : 0, 296215
AppSec [baseline] (51.219 ms) : 0, 51219
AppSec [candidate] (50.503 ms) : 0, 50503
Remote Config [baseline] (646.364 µs) : 0, 646
Remote Config [candidate] (576.24 µs) : 0, 576
Telemetry [baseline] (8.761 ms) : 0, 8761
Telemetry [candidate] (8.639 ms) : 0, 8639
IAST [baseline] (23.6 ms) : 0, 23600
IAST [candidate] (24.165 ms) : 0, 24165
section profiling
BytebuddyAgent [baseline] (664.057 ms) : 0, 664057
BytebuddyAgent [candidate] (661.685 ms) : 0, 661685
GlobalTracer [baseline] (391.97 ms) : 0, 391970
GlobalTracer [candidate] (389.966 ms) : 0, 389966
AppSec [baseline] (51.679 ms) : 0, 51679
AppSec [candidate] (51.468 ms) : 0, 51468
Remote Config [baseline] (677.949 µs) : 0, 678
Remote Config [candidate] (691.224 µs) : 0, 691
Telemetry [baseline] (7.258 ms) : 0, 7258
Telemetry [candidate] (7.201 ms) : 0, 7201
ProfilingAgent [baseline] (95.691 ms) : 0, 95691
ProfilingAgent [candidate] (94.95 ms) : 0, 94950
Profiling [baseline] (95.716 ms) : 0, 95716
Profiling [candidate] (94.975 ms) : 0, 94975

Loading

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.39.0-SNAPSHOT~836a8c2aac, baseline=1.39.0-SNAPSHOT~bb44d60251

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.044 s) : 0, 1044394
Total [baseline] (8.52 s) : 0, 8519777
Agent [candidate] (1.053 s) : 0, 1053042
Total [candidate] (8.533 s) : 0, 8532719
section iast
Agent [baseline] (1.174 s) : 0, 1173903
Total [baseline] (8.992 s) : 0, 8991508
Agent [candidate] (1.173 s) : 0, 1173367
Total [candidate] (9.038 s) : 0, 9038148
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.175 s) : 0, 1175066
Total [baseline] (8.976 s) : 0, 8976318
Agent [candidate] (1.176 s) : 0, 1176142
Total [candidate] (8.985 s) : 0, 8985425
section iast_TELEMETRY_OFF
Agent [baseline] (1.171 s) : 0, 1170858
Total [baseline] (9.026 s) : 0, 9025581
Agent [candidate] (1.179 s) : 0, 1179043
Total [candidate] (9.002 s) : 0, 9001973

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.044 s	-
Agent	iast	1.174 s	129.509 ms (12.4%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.175 s	130.672 ms (12.5%)
Agent	iast_TELEMETRY_OFF	1.171 s	126.464 ms (12.1%)
Total	tracing	8.52 s	-
Total	iast	8.992 s	471.731 ms (5.5%)
Total	iast_HARDCODED_SECRET_DISABLED	8.976 s	456.541 ms (5.4%)
Total	iast_TELEMETRY_OFF	9.026 s	505.804 ms (5.9%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.053 s	-
Agent	iast	1.173 s	120.325 ms (11.4%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.176 s	123.1 ms (11.7%)
Agent	iast_TELEMETRY_OFF	1.179 s	126.001 ms (12.0%)
Total	tracing	8.533 s	-
Total	iast	9.038 s	505.429 ms (5.9%)
Total	iast_HARDCODED_SECRET_DISABLED	8.985 s	452.706 ms (5.3%)
Total	iast_TELEMETRY_OFF	9.002 s	469.254 ms (5.5%)

gantt
    title insecure-bank - break down per module: candidate=1.39.0-SNAPSHOT~836a8c2aac, baseline=1.39.0-SNAPSHOT~bb44d60251

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (666.432 ms) : 0, 666432
BytebuddyAgent [candidate] (671.99 ms) : 0, 671990
GlobalTracer [baseline] (306.327 ms) : 0, 306327
GlobalTracer [candidate] (308.37 ms) : 0, 308370
AppSec [baseline] (50.225 ms) : 0, 50225
AppSec [candidate] (51.12 ms) : 0, 51120
Remote Config [baseline] (691.166 µs) : 0, 691
Remote Config [candidate] (694.671 µs) : 0, 695
Telemetry [baseline] (7.321 ms) : 0, 7321
Telemetry [candidate] (7.395 ms) : 0, 7395
section iast
BytebuddyAgent [baseline] (781.468 ms) : 0, 781468
BytebuddyAgent [candidate] (780.754 ms) : 0, 780754
GlobalTracer [baseline] (295.947 ms) : 0, 295947
GlobalTracer [candidate] (295.717 ms) : 0, 295717
AppSec [baseline] (49.983 ms) : 0, 49983
AppSec [candidate] (52.249 ms) : 0, 52249
IAST [baseline] (23.868 ms) : 0, 23868
IAST [candidate] (22.738 ms) : 0, 22738
Remote Config [baseline] (594.778 µs) : 0, 595
Remote Config [candidate] (600.611 µs) : 0, 601
Telemetry [baseline] (8.579 ms) : 0, 8579
Telemetry [candidate] (7.869 ms) : 0, 7869
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (780.912 ms) : 0, 780912
BytebuddyAgent [candidate] (779.917 ms) : 0, 779917
GlobalTracer [baseline] (296.828 ms) : 0, 296828
GlobalTracer [candidate] (298.632 ms) : 0, 298632
AppSec [baseline] (49.014 ms) : 0, 49014
AppSec [candidate] (50.957 ms) : 0, 50957
IAST [baseline] (25.521 ms) : 0, 25521
IAST [candidate] (25.473 ms) : 0, 25473
Remote Config [baseline] (586.938 µs) : 0, 587
Remote Config [candidate] (585.824 µs) : 0, 586
Telemetry [baseline] (8.672 ms) : 0, 8672
Telemetry [candidate] (7.064 ms) : 0, 7064
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (778.943 ms) : 0, 778943
BytebuddyAgent [candidate] (783.886 ms) : 0, 783886
GlobalTracer [baseline] (296.547 ms) : 0, 296547
GlobalTracer [candidate] (298.504 ms) : 0, 298504
AppSec [baseline] (49.511 ms) : 0, 49511
AppSec [candidate] (50.695 ms) : 0, 50695
IAST [baseline] (24.604 ms) : 0, 24604
IAST [candidate] (24.982 ms) : 0, 24982
Remote Config [baseline] (638.274 µs) : 0, 638
Remote Config [candidate] (597.223 µs) : 0, 597
Telemetry [baseline] (7.109 ms) : 0, 7109
Telemetry [candidate] (6.826 ms) : 0, 6826

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2024-08-09T08:42:53	2024-08-09T08:49:41
git_branch	master	malvarez/waf-suspicious-request-blocking
git_commit_date	1723191704	1723192485
git_commit_sha	bb44d60	836a8c2
release_version	1.39.0-SNAPSHOT~bb44d60251	1.39.0-SNAPSHOT~836a8c2aac
start_time	2024-08-09T08:42:40	2024-08-09T08:49:28

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1723193725	1723193725
ci_job_id	599834329	599834329
ci_pipeline_id	41308916	41308916
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics.

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.39.0-SNAPSHOT~836a8c2aac, baseline=1.39.0-SNAPSHOT~bb44d60251
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.331 ms) : 1313, 1350
.   : milestone, 1331,
appsec (1.7 ms) : 1675, 1724
.   : milestone, 1700,
appsec_no_iast (1.698 ms) : 1673, 1723
.   : milestone, 1698,
iast (1.47 ms) : 1448, 1493
.   : milestone, 1470,
profiling (1.523 ms) : 1497, 1549
.   : milestone, 1523,
tracing (1.47 ms) : 1445, 1494
.   : milestone, 1470,
section candidate
no_agent (1.344 ms) : 1324, 1363
.   : milestone, 1344,
appsec (1.702 ms) : 1678, 1727
.   : milestone, 1702,
appsec_no_iast (1.706 ms) : 1682, 1730
.   : milestone, 1706,
iast (1.494 ms) : 1471, 1516
.   : milestone, 1494,
profiling (1.485 ms) : 1461, 1509
.   : milestone, 1485,
tracing (1.455 ms) : 1430, 1479
.   : milestone, 1455,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.331 ms [1.313 ms, 1.35 ms]	-
appsec	1.7 ms [1.675 ms, 1.724 ms]	368.494 µs (27.7%)
appsec_no_iast	1.698 ms [1.673 ms, 1.723 ms]	366.294 µs (27.5%)
iast	1.47 ms [1.448 ms, 1.493 ms]	139.039 µs (10.4%)
profiling	1.523 ms [1.497 ms, 1.549 ms]	191.837 µs (14.4%)
tracing	1.47 ms [1.445 ms, 1.494 ms]	138.21 µs (10.4%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.344 ms [1.324 ms, 1.363 ms]	-
appsec	1.702 ms [1.678 ms, 1.727 ms]	358.79 µs (26.7%)
appsec_no_iast	1.706 ms [1.682 ms, 1.73 ms]	362.247 µs (27.0%)
iast	1.494 ms [1.471 ms, 1.516 ms]	150.042 µs (11.2%)
profiling	1.485 ms [1.461 ms, 1.509 ms]	141.436 µs (10.5%)
tracing	1.455 ms [1.43 ms, 1.479 ms]	111.343 µs (8.3%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.39.0-SNAPSHOT~836a8c2aac, baseline=1.39.0-SNAPSHOT~bb44d60251
    dateFormat X
    axisFormat %s
section baseline
no_agent (371.514 µs) : 352, 391
.   : milestone, 372,
iast (479.239 µs) : 458, 501
.   : milestone, 479,
iast_FULL (549.965 µs) : 527, 572
.   : milestone, 550,
iast_GLOBAL (504.843 µs) : 483, 527
.   : milestone, 505,
iast_HARDCODED_SECRET_DISABLED (479.271 µs) : 458, 500
.   : milestone, 479,
iast_INACTIVE (453.577 µs) : 431, 476
.   : milestone, 454,
iast_TELEMETRY_OFF (468.782 µs) : 448, 490
.   : milestone, 469,
tracing (442.928 µs) : 423, 463
.   : milestone, 443,
section candidate
no_agent (369.307 µs) : 349, 389
.   : milestone, 369,
iast (487.555 µs) : 466, 509
.   : milestone, 488,
iast_FULL (555.754 µs) : 534, 577
.   : milestone, 556,
iast_GLOBAL (506.169 µs) : 485, 528
.   : milestone, 506,
iast_HARDCODED_SECRET_DISABLED (481.279 µs) : 460, 503
.   : milestone, 481,
iast_INACTIVE (453.862 µs) : 433, 475
.   : milestone, 454,
iast_TELEMETRY_OFF (469.96 µs) : 449, 491
.   : milestone, 470,
tracing (444.851 µs) : 424, 466
.   : milestone, 445,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	371.514 µs [351.831 µs, 391.197 µs]	-
iast	479.239 µs [457.944 µs, 500.535 µs]	107.725 µs (29.0%)
iast_FULL	549.965 µs [527.457 µs, 572.473 µs]	178.451 µs (48.0%)
iast_GLOBAL	504.843 µs [483.105 µs, 526.58 µs]	133.329 µs (35.9%)
iast_HARDCODED_SECRET_DISABLED	479.271 µs [458.29 µs, 500.252 µs]	107.757 µs (29.0%)
iast_INACTIVE	453.577 µs [431.46 µs, 475.694 µs]	82.063 µs (22.1%)
iast_TELEMETRY_OFF	468.782 µs [447.536 µs, 490.027 µs]	97.268 µs (26.2%)
tracing	442.928 µs [422.512 µs, 463.343 µs]	71.414 µs (19.2%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	369.307 µs [349.299 µs, 389.315 µs]	-
iast	487.555 µs [466.271 µs, 508.839 µs]	118.248 µs (32.0%)
iast_FULL	555.754 µs [534.472 µs, 577.036 µs]	186.447 µs (50.5%)
iast_GLOBAL	506.169 µs [484.812 µs, 527.527 µs]	136.863 µs (37.1%)
iast_HARDCODED_SECRET_DISABLED	481.279 µs [459.803 µs, 502.755 µs]	111.972 µs (30.3%)
iast_INACTIVE	453.862 µs [432.753 µs, 474.972 µs]	84.556 µs (22.9%)
iast_TELEMETRY_OFF	469.96 µs [448.875 µs, 491.044 µs]	100.653 µs (27.3%)
tracing	444.851 µs [423.675 µs, 466.027 µs]	75.544 µs (20.5%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/waf-suspicious-request-blocking
git_commit_date	1723191704	1723192485
git_commit_sha	bb44d60	836a8c2
release_version	1.39.0-SNAPSHOT~bb44d60251	1.39.0-SNAPSHOT~836a8c2aac

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1723194258	1723194258
ci_job_id	599834330	599834330
ci_pipeline_id	41308916	41308916
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.39.0-SNAPSHOT~836a8c2aac, baseline=1.39.0-SNAPSHOT~bb44d60251
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.467 ms) : 1455, 1478
.   : milestone, 1467,
appsec (2.253 ms) : 2217, 2289
.   : milestone, 2253,
iast (1.979 ms) : 1937, 2021
.   : milestone, 1979,
iast_GLOBAL (2.03 ms) : 1987, 2073
.   : milestone, 2030,
profiling (1.868 ms) : 1833, 1904
.   : milestone, 1868,
tracing (1.845 ms) : 1812, 1878
.   : milestone, 1845,
section candidate
no_agent (1.47 ms) : 1458, 1481
.   : milestone, 1470,
appsec (2.231 ms) : 2195, 2266
.   : milestone, 2231,
iast (1.98 ms) : 1937, 2023
.   : milestone, 1980,
iast_GLOBAL (2.037 ms) : 1993, 2081
.   : milestone, 2037,
profiling (2.349 ms) : 2163, 2536
.   : milestone, 2349,
tracing (1.851 ms) : 1818, 1883
.   : milestone, 1851,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.467 ms [1.455 ms, 1.478 ms]	-
appsec	2.253 ms [2.217 ms, 2.289 ms]	785.988 µs (53.6%)
iast	1.979 ms [1.937 ms, 2.021 ms]	512.499 µs (34.9%)
iast_GLOBAL	2.03 ms [1.987 ms, 2.073 ms]	563.546 µs (38.4%)
profiling	1.868 ms [1.833 ms, 1.904 ms]	401.522 µs (27.4%)
tracing	1.845 ms [1.812 ms, 1.878 ms]	378.567 µs (25.8%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.47 ms [1.458 ms, 1.481 ms]	-
appsec	2.231 ms [2.195 ms, 2.266 ms]	760.746 µs (51.8%)
iast	1.98 ms [1.937 ms, 2.023 ms]	510.205 µs (34.7%)
iast_GLOBAL	2.037 ms [1.993 ms, 2.081 ms]	567.165 µs (38.6%)
profiling	2.349 ms [2.163 ms, 2.536 ms]	879.457 µs (59.8%)
tracing	1.851 ms [1.818 ms, 1.883 ms]	380.722 µs (25.9%)

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.39.0-SNAPSHOT~836a8c2aac, baseline=1.39.0-SNAPSHOT~bb44d60251
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.86 s) : 14860000, 14860000
.   : milestone, 14860000,
appsec (15.31 s) : 15310000, 15310000
.   : milestone, 15310000,
iast (18.687 s) : 18687000, 18687000
.   : milestone, 18687000,
iast_GLOBAL (18.064 s) : 18064000, 18064000
.   : milestone, 18064000,
profiling (15.444 s) : 15444000, 15444000
.   : milestone, 15444000,
tracing (15.14 s) : 15140000, 15140000
.   : milestone, 15140000,
section candidate
no_agent (15.027 s) : 15027000, 15027000
.   : milestone, 15027000,
appsec (15.179 s) : 15179000, 15179000
.   : milestone, 15179000,
iast (18.968 s) : 18968000, 18968000
.   : milestone, 18968000,
iast_GLOBAL (18.009 s) : 18009000, 18009000
.   : milestone, 18009000,
profiling (15.19 s) : 15190000, 15190000
.   : milestone, 15190000,
tracing (15.045 s) : 15045000, 15045000
.   : milestone, 15045000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.86 s [14.86 s, 14.86 s]	-
appsec	15.31 s [15.31 s, 15.31 s]	450.0 ms (3.0%)
iast	18.687 s [18.687 s, 18.687 s]	3.827 s (25.8%)
iast_GLOBAL	18.064 s [18.064 s, 18.064 s]	3.204 s (21.6%)
profiling	15.444 s [15.444 s, 15.444 s]	584.0 ms (3.9%)
tracing	15.14 s [15.14 s, 15.14 s]	280.0 ms (1.9%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.027 s [15.027 s, 15.027 s]	-
appsec	15.179 s [15.179 s, 15.179 s]	152.0 ms (1.0%)
iast	18.968 s [18.968 s, 18.968 s]	3.941 s (26.2%)
iast_GLOBAL	18.009 s [18.009 s, 18.009 s]	2.982 s (19.8%)
profiling	15.19 s [15.19 s, 15.19 s]	163.0 ms (1.1%)
tracing	15.045 s [15.045 s, 15.045 s]	18.0 ms (0.1%)