Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add fingerprint support to the WAF (and libddwaf 11.0.0) #7436

Merged
merged 4 commits into from
Aug 28, 2024
Merged

Add fingerprint support to the WAF (and libddwaf 11.0.0) #7436

merged 4 commits into from
Aug 28, 2024

Conversation

manuel-alvarez-alvarez
Copy link
Member

@manuel-alvarez-alvarez manuel-alvarez-alvarez commented Aug 14, 2024
edited by smola
Loading

What Does This Do

Adds support for attacker fingerprinting in the WAF according to the spec:

  • Include the new RC capabilities
  • Update to the last libddwaf version with the derivatives field.

Motivation

Attacker fingerprinting will benefit many different use cases both on the detection and protection side.

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-54547 APPSEC-54498

@manuel-alvarez-alvarez manuel-alvarez-alvarez added the comp: asm waf Application Security Management (WAF) label Aug 14, 2024
@pr-commenter
Copy link

pr-commenter bot commented Aug 14, 2024
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/waf-fingerprints-support
git_commit_date 1724838688 1724839017
git_commit_sha 8965c97 611b9e8
release_version 1.39.0-SNAPSHOT~8965c97c25 1.39.0-SNAPSHOT~611b9e80c0
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1724841250 1724841250
ci_job_id 619679306 619679306
ci_pipeline_id 43011035 43011035
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 49 metrics, 14 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.39.0-SNAPSHOT~611b9e80c0, baseline=1.39.0-SNAPSHOT~8965c97c25

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.046 s) : 0, 1045708
Total [baseline] (10.37 s) : 0, 10369637
Agent [candidate] (1.049 s) : 0, 1049096
Total [candidate] (10.408 s) : 0, 10407886
section appsec
Agent [baseline] (1.174 s) : 0, 1173777
Total [baseline] (10.476 s) : 0, 10475877
Agent [candidate] (1.171 s) : 0, 1170502
Total [candidate] (10.441 s) : 0, 10440889
section iast
Agent [baseline] (1.182 s) : 0, 1182047
Total [baseline] (10.816 s) : 0, 10816159
Agent [candidate] (1.172 s) : 0, 1171575
Total [candidate] (10.88 s) : 0, 10880100
section profiling
Agent [baseline] (1.269 s) : 0, 1268970
Total [baseline] (10.634 s) : 0, 10633967
Agent [candidate] (1.253 s) : 0, 1253035
Total [candidate] (10.551 s) : 0, 10551457
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.046 s -
Agent appsec 1.174 s 128.07 ms (12.2%)
Agent iast 1.182 s 136.34 ms (13.0%)
Agent profiling 1.269 s 223.262 ms (21.4%)
Total tracing 10.37 s -
Total appsec 10.476 s 106.241 ms (1.0%)
Total iast 10.816 s 446.522 ms (4.3%)
Total profiling 10.634 s 264.33 ms (2.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.049 s -
Agent appsec 1.171 s 121.405 ms (11.6%)
Agent iast 1.172 s 122.479 ms (11.7%)
Agent profiling 1.253 s 203.939 ms (19.4%)
Total tracing 10.408 s -
Total appsec 10.441 s 33.002 ms (0.3%)
Total iast 10.88 s 472.214 ms (4.5%)
Total profiling 10.551 s 143.571 ms (1.4%) 
gantt
    title petclinic - break down per module: candidate=1.39.0-SNAPSHOT~611b9e80c0, baseline=1.39.0-SNAPSHOT~8965c97c25

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (666.829 ms) : 0, 666829
BytebuddyAgent [candidate] (668.866 ms) : 0, 668866
GlobalTracer [baseline] (306.147 ms) : 0, 306147
GlobalTracer [candidate] (306.846 ms) : 0, 306846
AppSec [baseline] (51.093 ms) : 0, 51093
AppSec [candidate] (51.545 ms) : 0, 51545
Remote Config [baseline] (663.842 µs) : 0, 664
Remote Config [candidate] (665.271 µs) : 0, 665
Telemetry [baseline] (7.438 ms) : 0, 7438
Telemetry [candidate] (7.594 ms) : 0, 7594
section appsec
BytebuddyAgent [baseline] (681.163 ms) : 0, 681163
BytebuddyAgent [candidate] (678.447 ms) : 0, 678447
GlobalTracer [baseline] (301.232 ms) : 0, 301232
GlobalTracer [candidate] (300.554 ms) : 0, 300554
AppSec [baseline] (160.122 ms) : 0, 160122
AppSec [candidate] (161.238 ms) : 0, 161238
Remote Config [baseline] (640.105 µs) : 0, 640
Remote Config [candidate] (643.419 µs) : 0, 643
Telemetry [baseline] (7.745 ms) : 0, 7745
Telemetry [candidate] (6.791 ms) : 0, 6791
IAST [baseline] (18.513 ms) : 0, 18513
IAST [candidate] (18.464 ms) : 0, 18464
section iast
BytebuddyAgent [baseline] (784.737 ms) : 0, 784737
BytebuddyAgent [candidate] (777.212 ms) : 0, 777212
GlobalTracer [baseline] (298.599 ms) : 0, 298599
GlobalTracer [candidate] (295.56 ms) : 0, 295560
AppSec [baseline] (49.293 ms) : 0, 49293
AppSec [candidate] (50.827 ms) : 0, 50827
Remote Config [baseline] (622.012 µs) : 0, 622
Remote Config [candidate] (614.862 µs) : 0, 615
Telemetry [baseline] (8.872 ms) : 0, 8872
Telemetry [candidate] (9.502 ms) : 0, 9502
IAST [baseline] (26.229 ms) : 0, 26229
IAST [candidate] (24.266 ms) : 0, 24266
section profiling
BytebuddyAgent [baseline] (677.055 ms) : 0, 677055
BytebuddyAgent [candidate] (666.78 ms) : 0, 666780
GlobalTracer [baseline] (395.222 ms) : 0, 395222
GlobalTracer [candidate] (391.243 ms) : 0, 391243
AppSec [baseline] (53.183 ms) : 0, 53183
AppSec [candidate] (52.545 ms) : 0, 52545
Remote Config [baseline] (694.066 µs) : 0, 694
Remote Config [candidate] (707.491 µs) : 0, 707
Telemetry [baseline] (7.513 ms) : 0, 7513
Telemetry [candidate] (7.339 ms) : 0, 7339
ProfilingAgent [baseline] (97.146 ms) : 0, 97146
ProfilingAgent [candidate] (96.864 ms) : 0, 96864
Profiling [baseline] (97.17 ms) : 0, 97170
Profiling [candidate] (96.888 ms) : 0, 96888
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.39.0-SNAPSHOT~611b9e80c0, baseline=1.39.0-SNAPSHOT~8965c97c25

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.057 s) : 0, 1056667
Total [baseline] (8.563 s) : 0, 8563145
Agent [candidate] (1.046 s) : 0, 1046283
Total [candidate] (8.482 s) : 0, 8481889
section iast
Agent [baseline] (1.18 s) : 0, 1180076
Total [baseline] (8.991 s) : 0, 8991189
Agent [candidate] (1.179 s) : 0, 1179488
Total [candidate] (8.967 s) : 0, 8967118
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.182 s) : 0, 1182025
Total [baseline] (8.939 s) : 0, 8938747
Agent [candidate] (1.18 s) : 0, 1179616
Total [candidate] (8.924 s) : 0, 8924276
section iast_TELEMETRY_OFF
Agent [baseline] (1.179 s) : 0, 1178538
Total [baseline] (8.967 s) : 0, 8967077
Agent [candidate] (1.169 s) : 0, 1169232
Total [candidate] (8.962 s) : 0, 8962142
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.057 s -
Agent iast 1.18 s 123.409 ms (11.7%)
Agent iast_HARDCODED_SECRET_DISABLED 1.182 s 125.358 ms (11.9%)
Agent iast_TELEMETRY_OFF 1.179 s 121.871 ms (11.5%)
Total tracing 8.563 s -
Total iast 8.991 s 428.044 ms (5.0%)
Total iast_HARDCODED_SECRET_DISABLED 8.939 s 375.602 ms (4.4%)
Total iast_TELEMETRY_OFF 8.967 s 403.933 ms (4.7%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.046 s -
Agent iast 1.179 s 133.205 ms (12.7%)
Agent iast_HARDCODED_SECRET_DISABLED 1.18 s 133.333 ms (12.7%)
Agent iast_TELEMETRY_OFF 1.169 s 122.949 ms (11.8%)
Total tracing 8.482 s -
Total iast 8.967 s 485.229 ms (5.7%)
Total iast_HARDCODED_SECRET_DISABLED 8.924 s 442.387 ms (5.2%)
Total iast_TELEMETRY_OFF 8.962 s 480.253 ms (5.7%) 
gantt
    title insecure-bank - break down per module: candidate=1.39.0-SNAPSHOT~611b9e80c0, baseline=1.39.0-SNAPSHOT~8965c97c25

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (674.567 ms) : 0, 674567
BytebuddyAgent [candidate] (667.341 ms) : 0, 667341
GlobalTracer [baseline] (308.429 ms) : 0, 308429
GlobalTracer [candidate] (306.027 ms) : 0, 306027
AppSec [baseline] (51.699 ms) : 0, 51699
AppSec [candidate] (51.156 ms) : 0, 51156
Remote Config [baseline] (670.954 µs) : 0, 671
Remote Config [candidate] (669.27 µs) : 0, 669
Telemetry [baseline] (7.583 ms) : 0, 7583
Telemetry [candidate] (7.531 ms) : 0, 7531
section iast
BytebuddyAgent [baseline] (783.97 ms) : 0, 783970
BytebuddyAgent [candidate] (783.158 ms) : 0, 783158
GlobalTracer [baseline] (297.673 ms) : 0, 297673
GlobalTracer [candidate] (298.075 ms) : 0, 298075
AppSec [baseline] (50.231 ms) : 0, 50231
AppSec [candidate] (50.657 ms) : 0, 50657
Remote Config [baseline] (612.809 µs) : 0, 613
Remote Config [candidate] (608.96 µs) : 0, 609
Telemetry [baseline] (7.99 ms) : 0, 7990
Telemetry [candidate] (9.669 ms) : 0, 9669
IAST [baseline] (25.872 ms) : 0, 25872
IAST [candidate] (23.614 ms) : 0, 23614
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (785.542 ms) : 0, 785542
BytebuddyAgent [candidate] (782.683 ms) : 0, 782683
GlobalTracer [baseline] (298.27 ms) : 0, 298270
GlobalTracer [candidate] (298.151 ms) : 0, 298151
AppSec [baseline] (50.303 ms) : 0, 50303
AppSec [candidate] (48.377 ms) : 0, 48377
Remote Config [baseline] (580.235 µs) : 0, 580
Remote Config [candidate] (601.24 µs) : 0, 601
Telemetry [baseline] (7.169 ms) : 0, 7169
Telemetry [candidate] (10.224 ms) : 0, 10224
IAST [baseline] (26.397 ms) : 0, 26397
IAST [candidate] (25.882 ms) : 0, 25882
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (781.137 ms) : 0, 781137
BytebuddyAgent [candidate] (774.896 ms) : 0, 774896
GlobalTracer [baseline] (298.184 ms) : 0, 298184
GlobalTracer [candidate] (296.207 ms) : 0, 296207
AppSec [baseline] (49.451 ms) : 0, 49451
AppSec [candidate] (49.823 ms) : 0, 49823
Remote Config [baseline] (587.234 µs) : 0, 587
Remote Config [candidate] (578.299 µs) : 0, 578
Telemetry [baseline] (7.058 ms) : 0, 7058
Telemetry [candidate] (7.765 ms) : 0, 7765
IAST [baseline] (28.409 ms) : 0, 28409
IAST [candidate] (26.38 ms) : 0, 26380
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-08-28T10:06:53 2024-08-28T10:13:39
git_branch master malvarez/waf-fingerprints-support
git_commit_date 1724838688 1724839017
git_commit_sha 8965c97 611b9e8
release_version 1.39.0-SNAPSHOT~8965c97c25 1.39.0-SNAPSHOT~611b9e80c0
start_time 2024-08-28T10:06:39 2024-08-28T10:13:25
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1724840360 1724840360
ci_job_id 619679307 619679307
ci_pipeline_id 43011035 43011035
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 8 metrics, 20 unstable metrics.

Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.39.0-SNAPSHOT~611b9e80c0, baseline=1.39.0-SNAPSHOT~8965c97c25
    dateFormat X
    axisFormat %s
section baseline
no_agent (362.962 µs) : 344, 382
.   : milestone, 363,
iast (476.236 µs) : 454, 499
.   : milestone, 476,
iast_FULL (548.357 µs) : 527, 570
.   : milestone, 548,
iast_GLOBAL (502.093 µs) : 480, 524
.   : milestone, 502,
iast_HARDCODED_SECRET_DISABLED (479.738 µs) : 458, 502
.   : milestone, 480,
iast_INACTIVE (434.746 µs) : 414, 455
.   : milestone, 435,
iast_TELEMETRY_OFF (464.838 µs) : 442, 487
.   : milestone, 465,
tracing (432.897 µs) : 412, 453
.   : milestone, 433,
section candidate
no_agent (362.315 µs) : 343, 382
.   : milestone, 362,
iast (475.267 µs) : 453, 498
.   : milestone, 475,
iast_FULL (540.278 µs) : 519, 562
.   : milestone, 540,
iast_GLOBAL (493.744 µs) : 472, 515
.   : milestone, 494,
iast_HARDCODED_SECRET_DISABLED (477.593 µs) : 455, 500
.   : milestone, 478,
iast_INACTIVE (441.427 µs) : 420, 463
.   : milestone, 441,
iast_TELEMETRY_OFF (469.657 µs) : 447, 492
.   : milestone, 470,
tracing (434.691 µs) : 414, 455
.   : milestone, 435,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 362.962 µs [343.605 µs, 382.319 µs] -
iast 476.236 µs [453.865 µs, 498.608 µs] 113.274 µs (31.2%)
iast_FULL 548.357 µs [527.202 µs, 569.512 µs] 185.395 µs (51.1%)
iast_GLOBAL 502.093 µs [480.158 µs, 524.028 µs] 139.131 µs (38.3%)
iast_HARDCODED_SECRET_DISABLED 479.738 µs [457.585 µs, 501.892 µs] 116.776 µs (32.2%)
iast_INACTIVE 434.746 µs [413.992 µs, 455.499 µs] 71.783 µs (19.8%)
iast_TELEMETRY_OFF 464.838 µs [442.409 µs, 487.266 µs] 101.875 µs (28.1%)
tracing 432.897 µs [412.299 µs, 453.495 µs] 69.934 µs (19.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 362.315 µs [342.948 µs, 381.683 µs] -
iast 475.267 µs [452.663 µs, 497.872 µs] 112.952 µs (31.2%)
iast_FULL 540.278 µs [519.041 µs, 561.514 µs] 177.962 µs (49.1%)
iast_GLOBAL 493.744 µs [472.458 µs, 515.03 µs] 131.428 µs (36.3%)
iast_HARDCODED_SECRET_DISABLED 477.593 µs [454.919 µs, 500.268 µs] 115.278 µs (31.8%)
iast_INACTIVE 441.427 µs [420.188 µs, 462.667 µs] 79.112 µs (21.8%)
iast_TELEMETRY_OFF 469.657 µs [447.252 µs, 492.061 µs] 107.341 µs (29.6%)
tracing 434.691 µs [414.309 µs, 455.072 µs] 72.376 µs (20.0%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.39.0-SNAPSHOT~611b9e80c0, baseline=1.39.0-SNAPSHOT~8965c97c25
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.328 ms) : 1309, 1347
.   : milestone, 1328,
appsec (1.704 ms) : 1681, 1727
.   : milestone, 1704,
appsec_no_iast (1.716 ms) : 1692, 1740
.   : milestone, 1716,
iast (1.472 ms) : 1450, 1495
.   : milestone, 1472,
profiling (1.472 ms) : 1449, 1495
.   : milestone, 1472,
tracing (1.463 ms) : 1439, 1488
.   : milestone, 1463,
section candidate
no_agent (1.341 ms) : 1322, 1360
.   : milestone, 1341,
appsec (1.711 ms) : 1687, 1735
.   : milestone, 1711,
appsec_no_iast (1.719 ms) : 1693, 1744
.   : milestone, 1719,
iast (1.474 ms) : 1452, 1496
.   : milestone, 1474,
profiling (1.47 ms) : 1447, 1493
.   : milestone, 1470,
tracing (1.439 ms) : 1415, 1464
.   : milestone, 1439,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.328 ms [1.309 ms, 1.347 ms] -
appsec 1.704 ms [1.681 ms, 1.727 ms] 376.135 µs (28.3%)
appsec_no_iast 1.716 ms [1.692 ms, 1.74 ms] 387.931 µs (29.2%)
iast 1.472 ms [1.45 ms, 1.495 ms] 144.611 µs (10.9%)
profiling 1.472 ms [1.449 ms, 1.495 ms] 144.224 µs (10.9%)
tracing 1.463 ms [1.439 ms, 1.488 ms] 135.383 µs (10.2%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.341 ms [1.322 ms, 1.36 ms] -
appsec 1.711 ms [1.687 ms, 1.735 ms] 369.949 µs (27.6%)
appsec_no_iast 1.719 ms [1.693 ms, 1.744 ms] 377.846 µs (28.2%)
iast 1.474 ms [1.452 ms, 1.496 ms] 133.28 µs (9.9%)
profiling 1.47 ms [1.447 ms, 1.493 ms] 129.139 µs (9.6%)
tracing 1.439 ms [1.415 ms, 1.464 ms] 98.634 µs (7.4%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/waf-fingerprints-support
git_commit_date 1724838688 1724839017
git_commit_sha 8965c97 611b9e8
release_version 1.39.0-SNAPSHOT~8965c97c25 1.39.0-SNAPSHOT~611b9e80c0
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1724840872 1724840872
ci_job_id 619679308 619679308
ci_pipeline_id 43011035 43011035
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.39.0-SNAPSHOT~611b9e80c0, baseline=1.39.0-SNAPSHOT~8965c97c25
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.458 ms) : 1447, 1470
.   : milestone, 1458,
appsec (2.23 ms) : 2195, 2265
.   : milestone, 2230,
iast (1.968 ms) : 1925, 2010
.   : milestone, 1968,
iast_GLOBAL (2.026 ms) : 1982, 2070
.   : milestone, 2026,
profiling (1.862 ms) : 1826, 1897
.   : milestone, 1862,
tracing (1.83 ms) : 1797, 1862
.   : milestone, 1830,
section candidate
no_agent (1.462 ms) : 1450, 1474
.   : milestone, 1462,
appsec (2.232 ms) : 2197, 2268
.   : milestone, 2232,
iast (1.967 ms) : 1925, 2009
.   : milestone, 1967,
iast_GLOBAL (2.019 ms) : 1975, 2063
.   : milestone, 2019,
profiling (1.863 ms) : 1830, 1897
.   : milestone, 1863,
tracing (1.842 ms) : 1809, 1875
.   : milestone, 1842,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.458 ms [1.447 ms, 1.47 ms] -
appsec 2.23 ms [2.195 ms, 2.265 ms] 771.685 µs (52.9%)
iast 1.968 ms [1.925 ms, 2.01 ms] 509.22 µs (34.9%)
iast_GLOBAL 2.026 ms [1.982 ms, 2.07 ms] 567.575 µs (38.9%)
profiling 1.862 ms [1.826 ms, 1.897 ms] 403.204 µs (27.6%)
tracing 1.83 ms [1.797 ms, 1.862 ms] 371.019 µs (25.4%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.462 ms [1.45 ms, 1.474 ms] -
appsec 2.232 ms [2.197 ms, 2.268 ms] 770.441 µs (52.7%)
iast 1.967 ms [1.925 ms, 2.009 ms] 505.046 µs (34.5%)
iast_GLOBAL 2.019 ms [1.975 ms, 2.063 ms] 556.89 µs (38.1%)
profiling 1.863 ms [1.83 ms, 1.897 ms] 401.403 µs (27.5%)
tracing 1.842 ms [1.809 ms, 1.875 ms] 380.203 µs (26.0%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.39.0-SNAPSHOT~611b9e80c0, baseline=1.39.0-SNAPSHOT~8965c97c25
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.059 s) : 15059000, 15059000
.   : milestone, 15059000,
appsec (15.194 s) : 15194000, 15194000
.   : milestone, 15194000,
iast (18.707 s) : 18707000, 18707000
.   : milestone, 18707000,
iast_GLOBAL (18.084 s) : 18084000, 18084000
.   : milestone, 18084000,
profiling (14.835 s) : 14835000, 14835000
.   : milestone, 14835000,
tracing (15.227 s) : 15227000, 15227000
.   : milestone, 15227000,
section candidate
no_agent (15.028 s) : 15028000, 15028000
.   : milestone, 15028000,
appsec (15.13 s) : 15130000, 15130000
.   : milestone, 15130000,
iast (18.669 s) : 18669000, 18669000
.   : milestone, 18669000,
iast_GLOBAL (17.973 s) : 17973000, 17973000
.   : milestone, 17973000,
profiling (15.892 s) : 15892000, 15892000
.   : milestone, 15892000,
tracing (14.954 s) : 14954000, 14954000
.   : milestone, 14954000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.059 s [15.059 s, 15.059 s] -
appsec 15.194 s [15.194 s, 15.194 s] 135.0 ms (0.9%)
iast 18.707 s [18.707 s, 18.707 s] 3.648 s (24.2%)
iast_GLOBAL 18.084 s [18.084 s, 18.084 s] 3.025 s (20.1%)
profiling 14.835 s [14.835 s, 14.835 s] -224.0 ms (-1.5%)
tracing 15.227 s [15.227 s, 15.227 s] 168.0 ms (1.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.028 s [15.028 s, 15.028 s] -
appsec 15.13 s [15.13 s, 15.13 s] 102.0 ms (0.7%)
iast 18.669 s [18.669 s, 18.669 s] 3.641 s (24.2%)
iast_GLOBAL 17.973 s [17.973 s, 17.973 s] 2.945 s (19.6%)
profiling 15.892 s [15.892 s, 15.892 s] 864.0 ms (5.7%)
tracing 14.954 s [14.954 s, 14.954 s] -74.0 ms (-0.5%)

@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/waf-fingerprints-support branch 2 times, most recently from 2f7dd1f to 60b4e4e Compare August 16, 2024 08:58
@manuel-alvarez-alvarez manuel-alvarez-alvarez marked this pull request as ready for review August 16, 2024 08:58
@manuel-alvarez-alvarez manuel-alvarez-alvarez requested review from a team as code owners August 16, 2024 08:58
jandro996
jandro996 reviewed Aug 20, 2024
View reviewed changes
...appsec/src/test/groovy/com/datadog/appsec/config/AppSecConfigServiceImplSpecification.groovy
| CAPABILITY_ASM_RASP_SQLI)
| CAPABILITY_ASM_RASP_SQLI
| CAPABILITY_ENDPOINT_FINGERPRINT
// | CAPABILITY_ASM_SESSION_FINGERPRINT
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Leftovers?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, it's another capability that will be added in the next PR

jandro996
jandro996 reviewed Aug 20, 2024
View reviewed changes
...appsec/src/test/groovy/com/datadog/appsec/config/AppSecConfigServiceImplSpecification.groovy
| CAPABILITY_ASM_RASP_SQLI)
| CAPABILITY_ASM_RASP_SQLI
| CAPABILITY_ENDPOINT_FINGERPRINT
// | CAPABILITY_ASM_SESSION_FINGERPRINT
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Leftovers?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as before.

jandro996
jandro996 approved these changes Aug 20, 2024
View reviewed changes
Copy link
Member

@jandro996 jandro996 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! check my comments related with Leftovers

@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/waf-fingerprints-support branch 2 times, most recently from 00650db to a4c21c0 Compare August 27, 2024 13:19
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/waf-fingerprints-support branch from a4c21c0 to 611b9e8 Compare August 28, 2024 09:57
@manuel-alvarez-alvarez manuel-alvarez-alvarez merged commit 01d9133 into master Aug 28, 2024
90 checks passed
@manuel-alvarez-alvarez manuel-alvarez-alvarez deleted the malvarez/waf-fingerprints-support branch August 28, 2024 11:50
@github-actions github-actions bot added this to the 1.39.0 milestone Aug 28, 2024
@smola smola changed the title Add fingerprint support to the WAF Add fingerprint support to the WAF (and libddwaf 11.0.0) Oct 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smola smola smola approved these changes

@jandro996 jandro996 jandro996 approved these changes

@PerfectSlayer PerfectSlayer Awaiting requested review from PerfectSlayer PerfectSlayer is a code owner automatically assigned from DataDog/apm-java

@nayeem-kamal nayeem-kamal Awaiting requested review from nayeem-kamal nayeem-kamal is a code owner automatically assigned from DataDog/apm-java

Assignees
No one assigned
Labels
comp: asm waf Application Security Management (WAF)
Projects
None yet
Milestone
1.39.0
Development

Successfully merging this pull request may close these issues.
3 participants
@manuel-alvarez-alvarez @smola @jandro996