Skip to content

Add directory listing support to WEBLOGIC, WEBSPHERE and JETTY #6871

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 18, 2024
Merged

Add directory listing support to WEBLOGIC, WEBSPHERE and JETTY #6871

merged 3 commits into from
Apr 18, 2024

Conversation

@jandro996
Copy link
Member

@jandro996 jandro996 commented Apr 3, 2024
edited by Julio-Guerra
Loading

What Does This Do

Report Directory listing leak when:

  • <param-name>dirAllowed</param-name> is present in web.xml file (Jetty Servers)
  • <index-directory-enabled>true</index-directory-enabled> is present in weblogic.xml (WebLogic Servers)
  • directoryBrowsingEnabled="true" is present in ibm-web-ext.xmi (WebSphere Servers)
  • <enable-directory-browsing value="true"/> is present in ibm-web-ext.xml (WebSphere Servers)

Motivation

Report directory listing leak if directory listing is is enabled in:

  • Jetty servers configuring web.xml file
  • WebLogic servers configuring weblogic.xml file
  • WebSphere servers configuring ibm-web-ext.xmi or ibm-web-ext.xml file

Additional Notes

Jira ticket: APPSEC-52549

@pr-commenter
Copy link

pr-commenter bot commented Apr 3, 2024
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/IW_directory_listing_improve
git_commit_date 1713358531 1713420093
git_commit_sha 91854ff adf0118
release_version 1.33.0-SNAPSHOT~91854ffed0 1.33.0-SNAPSHOT~adf0118824
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1713422730 1713422730
ci_job_id 489987092 489987092
ci_pipeline_id 32366205 32366205
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 1 performance improvements and 1 performance regressions! Performance is the same for 48 metrics, 13 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:startup:petclinic:iast:AppSec better
[-7.335ms; -2.472ms] or [-13.881%; -4.677%]		 47.939ms 52.843ms
scenario:startup:petclinic:iast:Remote Config worse
[+12.651µs; +50.541µs] or [+2.263%; +9.039%]		 590.742µs 559.146µs
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.33.0-SNAPSHOT~adf0118824, baseline=1.33.0-SNAPSHOT~91854ffed0

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.083 s) : 0, 1082558
Total [baseline] (10.423 s) : 0, 10422527
Agent [candidate] (1.079 s) : 0, 1078946
Total [candidate] (10.365 s) : 0, 10364560
section appsec
Agent [baseline] (1.192 s) : 0, 1191839
Total [baseline] (10.556 s) : 0, 10556251
Agent [candidate] (1.204 s) : 0, 1203894
Total [candidate] (10.561 s) : 0, 10560657
section iast
Agent [baseline] (1.2 s) : 0, 1199940
Total [baseline] (10.741 s) : 0, 10741167
Agent [candidate] (1.201 s) : 0, 1200862
Total [candidate] (10.796 s) : 0, 10796014
section profiling
Agent [baseline] (1.272 s) : 0, 1272171
Total [baseline] (10.626 s) : 0, 10625761
Agent [candidate] (1.268 s) : 0, 1268084
Total [candidate] (10.645 s) : 0, 10645330
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.083 s -
Agent appsec 1.192 s 109.281 ms (10.1%)
Agent iast 1.2 s 117.382 ms (10.8%)
Agent profiling 1.272 s 189.612 ms (17.5%)
Total tracing 10.423 s -
Total appsec 10.556 s 133.724 ms (1.3%)
Total iast 10.741 s 318.641 ms (3.1%)
Total profiling 10.626 s 203.234 ms (1.9%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.079 s -
Agent appsec 1.204 s 124.948 ms (11.6%)
Agent iast 1.201 s 121.916 ms (11.3%)
Agent profiling 1.268 s 189.138 ms (17.5%)
Total tracing 10.365 s -
Total appsec 10.561 s 196.098 ms (1.9%)
Total iast 10.796 s 431.455 ms (4.2%)
Total profiling 10.645 s 280.771 ms (2.7%) 
gantt
    title petclinic - break down per module: candidate=1.33.0-SNAPSHOT~adf0118824, baseline=1.33.0-SNAPSHOT~91854ffed0

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (678.039 ms) : 0, 678039
BytebuddyAgent [candidate] (675.463 ms) : 0, 675463
GlobalTracer [baseline] (311.637 ms) : 0, 311637
GlobalTracer [candidate] (310.794 ms) : 0, 310794
AppSec [baseline] (49.975 ms) : 0, 49975
AppSec [candidate] (49.79 ms) : 0, 49790
Remote Config [baseline] (656.551 µs) : 0, 657
Remote Config [candidate] (661.81 µs) : 0, 662
Telemetry [baseline] (7.6 ms) : 0, 7600
Telemetry [candidate] (7.669 ms) : 0, 7669
section appsec
BytebuddyAgent [baseline] (697.343 ms) : 0, 697343
BytebuddyAgent [candidate] (704.902 ms) : 0, 704902
GlobalTracer [baseline] (291.969 ms) : 0, 291969
GlobalTracer [candidate] (295.341 ms) : 0, 295341
AppSec [baseline] (150.142 ms) : 0, 150142
AppSec [candidate] (150.529 ms) : 0, 150529
IAST [baseline] (19.002 ms) : 0, 19002
IAST [candidate] (19.336 ms) : 0, 19336
Remote Config [baseline] (625.139 µs) : 0, 625
Remote Config [candidate] (633.359 µs) : 0, 633
Telemetry [baseline] (7.831 ms) : 0, 7831
Telemetry [candidate] (7.947 ms) : 0, 7947
section iast
BytebuddyAgent [baseline] (795.451 ms) : 0, 795451
BytebuddyAgent [candidate] (794.961 ms) : 0, 794961
GlobalTracer [baseline] (288.681 ms) : 0, 288681
GlobalTracer [candidate] (288.555 ms) : 0, 288555
AppSec [baseline] (52.843 ms) : 0, 52843
AppSec [candidate] (47.939 ms) : 0, 47939
IAST [baseline] (21.363 ms) : 0, 21363
IAST [candidate] (23.987 ms) : 0, 23987
Remote Config [baseline] (559.146 µs) : 0, 559
Remote Config [candidate] (590.742 µs) : 0, 591
Telemetry [baseline] (6.613 ms) : 0, 6613
Telemetry [candidate] (10.39 ms) : 0, 10390
section profiling
BytebuddyAgent [baseline] (679.839 ms) : 0, 679839
BytebuddyAgent [candidate] (677.169 ms) : 0, 677169
GlobalTracer [baseline] (381.112 ms) : 0, 381112
GlobalTracer [candidate] (380.293 ms) : 0, 380293
AppSec [baseline] (50.29 ms) : 0, 50290
AppSec [candidate] (50.502 ms) : 0, 50502
Remote Config [baseline] (718.004 µs) : 0, 718
Remote Config [candidate] (721.363 µs) : 0, 721
Telemetry [baseline] (7.516 ms) : 0, 7516
Telemetry [candidate] (7.429 ms) : 0, 7429
ProfilingAgent [baseline] (96.122 ms) : 0, 96122
ProfilingAgent [candidate] (95.642 ms) : 0, 95642
Profiling [baseline] (96.146 ms) : 0, 96146
Profiling [candidate] (95.666 ms) : 0, 95666
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.33.0-SNAPSHOT~adf0118824, baseline=1.33.0-SNAPSHOT~91854ffed0

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.083 s) : 0, 1082621
Total [baseline] (8.578 s) : 0, 8577752
Agent [candidate] (1.075 s) : 0, 1075364
Total [candidate] (8.592 s) : 0, 8592225
section iast
Agent [baseline] (1.224 s) : 0, 1224444
Total [baseline] (9.071 s) : 0, 9070978
Agent [candidate] (1.197 s) : 0, 1197300
Total [candidate] (9.022 s) : 0, 9021852
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.206 s) : 0, 1206025
Total [baseline] (8.999 s) : 0, 8998837
Agent [candidate] (1.201 s) : 0, 1201284
Total [candidate] (8.984 s) : 0, 8983570
section iast_TELEMETRY_OFF
Agent [baseline] (1.194 s) : 0, 1194358
Total [baseline] (8.993 s) : 0, 8992607
Agent [candidate] (1.204 s) : 0, 1203603
Total [candidate] (9.013 s) : 0, 9013385
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.083 s -
Agent iast 1.224 s 141.822 ms (13.1%)
Agent iast_HARDCODED_SECRET_DISABLED 1.206 s 123.404 ms (11.4%)
Agent iast_TELEMETRY_OFF 1.194 s 111.736 ms (10.3%)
Total tracing 8.578 s -
Total iast 9.071 s 493.226 ms (5.8%)
Total iast_HARDCODED_SECRET_DISABLED 8.999 s 421.084 ms (4.9%)
Total iast_TELEMETRY_OFF 8.993 s 414.855 ms (4.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.075 s -
Agent iast 1.197 s 121.936 ms (11.3%)
Agent iast_HARDCODED_SECRET_DISABLED 1.201 s 125.92 ms (11.7%)
Agent iast_TELEMETRY_OFF 1.204 s 128.239 ms (11.9%)
Total tracing 8.592 s -
Total iast 9.022 s 429.627 ms (5.0%)
Total iast_HARDCODED_SECRET_DISABLED 8.984 s 391.345 ms (4.6%)
Total iast_TELEMETRY_OFF 9.013 s 421.16 ms (4.9%) 
gantt
    title insecure-bank - break down per module: candidate=1.33.0-SNAPSHOT~adf0118824, baseline=1.33.0-SNAPSHOT~91854ffed0

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (677.995 ms) : 0, 677995
BytebuddyAgent [candidate] (673.359 ms) : 0, 673359
GlobalTracer [baseline] (311.541 ms) : 0, 311541
GlobalTracer [candidate] (309.714 ms) : 0, 309714
AppSec [baseline] (50.152 ms) : 0, 50152
AppSec [candidate] (49.709 ms) : 0, 49709
Remote Config [baseline] (671.722 µs) : 0, 672
Remote Config [candidate] (668.126 µs) : 0, 668
Telemetry [baseline] (7.73 ms) : 0, 7730
Telemetry [candidate] (7.549 ms) : 0, 7549
section iast
BytebuddyAgent [baseline] (812.227 ms) : 0, 812227
BytebuddyAgent [candidate] (793.104 ms) : 0, 793104
GlobalTracer [baseline] (293.76 ms) : 0, 293760
GlobalTracer [candidate] (288.122 ms) : 0, 288122
AppSec [baseline] (52.613 ms) : 0, 52613
AppSec [candidate] (49.613 ms) : 0, 49613
IAST [baseline] (22.6 ms) : 0, 22600
IAST [candidate] (24.827 ms) : 0, 24827
Remote Config [baseline] (581.681 µs) : 0, 582
Remote Config [candidate] (576.738 µs) : 0, 577
Telemetry [baseline] (7.517 ms) : 0, 7517
Telemetry [candidate] (6.636 ms) : 0, 6636
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (799.469 ms) : 0, 799469
BytebuddyAgent [candidate] (795.252 ms) : 0, 795252
GlobalTracer [baseline] (289.497 ms) : 0, 289497
GlobalTracer [candidate] (289.25 ms) : 0, 289250
AppSec [baseline] (50.676 ms) : 0, 50676
AppSec [candidate] (48.69 ms) : 0, 48690
IAST [baseline] (23.038 ms) : 0, 23038
IAST [candidate] (26.384 ms) : 0, 26384
Remote Config [baseline] (587.925 µs) : 0, 588
Remote Config [candidate] (575.343 µs) : 0, 575
Telemetry [baseline] (8.2 ms) : 0, 8200
Telemetry [candidate] (6.632 ms) : 0, 6632
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (791.172 ms) : 0, 791172
BytebuddyAgent [candidate] (796.888 ms) : 0, 796888
GlobalTracer [baseline] (287.897 ms) : 0, 287897
GlobalTracer [candidate] (290.199 ms) : 0, 290199
AppSec [baseline] (49.899 ms) : 0, 49899
AppSec [candidate] (48.861 ms) : 0, 48861
IAST [baseline] (23.928 ms) : 0, 23928
IAST [candidate] (25.099 ms) : 0, 25099
Remote Config [baseline] (568.278 µs) : 0, 568
Remote Config [candidate] (584.814 µs) : 0, 585
Telemetry [baseline] (6.572 ms) : 0, 6572
Telemetry [candidate] (7.318 ms) : 0, 7318
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-04-18T06:16:10 2024-04-18T06:22:54
git_branch master alejandro.gonzalez/IW_directory_listing_improve
git_commit_date 1713358531 1713420093
git_commit_sha 91854ff adf0118
release_version 1.33.0-SNAPSHOT~91854ffed0 1.33.0-SNAPSHOT~adf0118824
start_time 2024-04-18T06:15:57 2024-04-18T06:22:41
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1713421716 1713421716
ci_job_id 489987093 489987093
ci_pipeline_id 32366205 32366205
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics.

Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.33.0-SNAPSHOT~adf0118824, baseline=1.33.0-SNAPSHOT~91854ffed0
    dateFormat X
    axisFormat %s
section baseline
no_agent (363.14 µs) : 344, 383
.   : milestone, 363,
iast (465.487 µs) : 445, 486
.   : milestone, 465,
iast_FULL (529.675 µs) : 509, 550
.   : milestone, 530,
iast_GLOBAL (488.531 µs) : 467, 510
.   : milestone, 489,
iast_HARDCODED_SECRET_DISABLED (464.865 µs) : 444, 486
.   : milestone, 465,
iast_INACTIVE (442.576 µs) : 422, 463
.   : milestone, 443,
iast_TELEMETRY_OFF (460.791 µs) : 441, 481
.   : milestone, 461,
tracing (439.592 µs) : 419, 461
.   : milestone, 440,
section candidate
no_agent (359.389 µs) : 340, 379
.   : milestone, 359,
iast (466.005 µs) : 445, 487
.   : milestone, 466,
iast_FULL (534.808 µs) : 514, 556
.   : milestone, 535,
iast_GLOBAL (493.186 µs) : 472, 515
.   : milestone, 493,
iast_HARDCODED_SECRET_DISABLED (468.431 µs) : 447, 490
.   : milestone, 468,
iast_INACTIVE (442.376 µs) : 422, 463
.   : milestone, 442,
iast_TELEMETRY_OFF (460.505 µs) : 440, 481
.   : milestone, 461,
tracing (442.235 µs) : 421, 463
.   : milestone, 442,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 363.14 µs [343.629 µs, 382.652 µs] -
iast 465.487 µs [444.686 µs, 486.287 µs] 102.346 µs (28.2%)
iast_FULL 529.675 µs [509.06 µs, 550.291 µs] 166.535 µs (45.9%)
iast_GLOBAL 488.531 µs [467.36 µs, 509.703 µs] 125.391 µs (34.5%)
iast_HARDCODED_SECRET_DISABLED 464.865 µs [443.926 µs, 485.804 µs] 101.724 µs (28.0%)
iast_INACTIVE 442.576 µs [421.843 µs, 463.31 µs] 79.436 µs (21.9%)
iast_TELEMETRY_OFF 460.791 µs [440.557 µs, 481.025 µs] 97.65 µs (26.9%)
tracing 439.592 µs [418.585 µs, 460.6 µs] 76.452 µs (21.1%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 359.389 µs [339.831 µs, 378.946 µs] -
iast 466.005 µs [445.303 µs, 486.708 µs] 106.617 µs (29.7%)
iast_FULL 534.808 µs [513.647 µs, 555.97 µs] 175.42 µs (48.8%)
iast_GLOBAL 493.186 µs [471.572 µs, 514.801 µs] 133.798 µs (37.2%)
iast_HARDCODED_SECRET_DISABLED 468.431 µs [446.956 µs, 489.906 µs] 109.042 µs (30.3%)
iast_INACTIVE 442.376 µs [421.541 µs, 463.21 µs] 82.987 µs (23.1%)
iast_TELEMETRY_OFF 460.505 µs [440.14 µs, 480.871 µs] 101.117 µs (28.1%)
tracing 442.235 µs [421.211 µs, 463.258 µs] 82.846 µs (23.1%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.33.0-SNAPSHOT~adf0118824, baseline=1.33.0-SNAPSHOT~91854ffed0
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.34 ms) : 1319, 1361
.   : milestone, 1340,
appsec (1.7 ms) : 1676, 1724
.   : milestone, 1700,
appsec_no_iast (1.695 ms) : 1670, 1720
.   : milestone, 1695,
iast (1.482 ms) : 1459, 1504
.   : milestone, 1482,
profiling (1.472 ms) : 1447, 1497
.   : milestone, 1472,
tracing (1.458 ms) : 1433, 1482
.   : milestone, 1458,
section candidate
no_agent (1.338 ms) : 1320, 1357
.   : milestone, 1338,
appsec (1.701 ms) : 1676, 1725
.   : milestone, 1701,
appsec_no_iast (1.696 ms) : 1671, 1720
.   : milestone, 1696,
iast (1.484 ms) : 1461, 1507
.   : milestone, 1484,
profiling (1.51 ms) : 1485, 1536
.   : milestone, 1510,
tracing (1.477 ms) : 1452, 1501
.   : milestone, 1477,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.34 ms [1.319 ms, 1.361 ms] -
appsec 1.7 ms [1.676 ms, 1.724 ms] 359.619 µs (26.8%)
appsec_no_iast 1.695 ms [1.67 ms, 1.72 ms] 355.219 µs (26.5%)
iast 1.482 ms [1.459 ms, 1.504 ms] 141.484 µs (10.6%)
profiling 1.472 ms [1.447 ms, 1.497 ms] 131.916 µs (9.8%)
tracing 1.458 ms [1.433 ms, 1.482 ms] 117.461 µs (8.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.338 ms [1.32 ms, 1.357 ms] -
appsec 1.701 ms [1.676 ms, 1.725 ms] 362.139 µs (27.1%)
appsec_no_iast 1.696 ms [1.671 ms, 1.72 ms] 357.091 µs (26.7%)
iast 1.484 ms [1.461 ms, 1.507 ms] 145.727 µs (10.9%)
profiling 1.51 ms [1.485 ms, 1.536 ms] 171.736 µs (12.8%)
tracing 1.477 ms [1.452 ms, 1.501 ms] 138.035 µs (10.3%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/IW_directory_listing_improve
git_commit_date 1713358531 1713420093
git_commit_sha 91854ff adf0118
release_version 1.33.0-SNAPSHOT~91854ffed0 1.33.0-SNAPSHOT~adf0118824
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1713422211 1713422211
ci_job_id 489987094 489987094
ci_pipeline_id 32366205 32366205
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.33.0-SNAPSHOT~adf0118824, baseline=1.33.0-SNAPSHOT~91854ffed0
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.453 ms) : 1442, 1465
.   : milestone, 1453,
appsec (2.19 ms) : 2157, 2224
.   : milestone, 2190,
iast (1.859 ms) : 1824, 1893
.   : milestone, 1859,
iast_GLOBAL (1.898 ms) : 1864, 1933
.   : milestone, 1898,
profiling (1.828 ms) : 1796, 1861
.   : milestone, 1828,
tracing (1.82 ms) : 1789, 1852
.   : milestone, 1820,
section candidate
no_agent (1.453 ms) : 1442, 1465
.   : milestone, 1453,
appsec (2.182 ms) : 2149, 2216
.   : milestone, 2182,
iast (1.874 ms) : 1839, 1909
.   : milestone, 1874,
iast_GLOBAL (1.9 ms) : 1866, 1934
.   : milestone, 1900,
profiling (1.833 ms) : 1800, 1865
.   : milestone, 1833,
tracing (1.82 ms) : 1788, 1851
.   : milestone, 1820,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.453 ms [1.442 ms, 1.465 ms] -
appsec 2.19 ms [2.157 ms, 2.224 ms] 736.668 µs (50.7%)
iast 1.859 ms [1.824 ms, 1.893 ms] 405.205 µs (27.9%)
iast_GLOBAL 1.898 ms [1.864 ms, 1.933 ms] 444.771 µs (30.6%)
profiling 1.828 ms [1.796 ms, 1.861 ms] 374.932 µs (25.8%)
tracing 1.82 ms [1.789 ms, 1.852 ms] 366.906 µs (25.2%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.453 ms [1.442 ms, 1.465 ms] -
appsec 2.182 ms [2.149 ms, 2.216 ms] 729.206 µs (50.2%)
iast 1.874 ms [1.839 ms, 1.909 ms] 421.007 µs (29.0%)
iast_GLOBAL 1.9 ms [1.866 ms, 1.934 ms] 446.859 µs (30.7%)
profiling 1.833 ms [1.8 ms, 1.865 ms] 379.596 µs (26.1%)
tracing 1.82 ms [1.788 ms, 1.851 ms] 366.433 µs (25.2%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.33.0-SNAPSHOT~adf0118824, baseline=1.33.0-SNAPSHOT~91854ffed0
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.02 s) : 15020000, 15020000
.   : milestone, 15020000,
appsec (15.195 s) : 15195000, 15195000
.   : milestone, 15195000,
iast (18.678 s) : 18678000, 18678000
.   : milestone, 18678000,
iast_GLOBAL (17.961 s) : 17961000, 17961000
.   : milestone, 17961000,
profiling (15.035 s) : 15035000, 15035000
.   : milestone, 15035000,
tracing (14.785 s) : 14785000, 14785000
.   : milestone, 14785000,
section candidate
no_agent (15.0 s) : 15000000, 15000000
.   : milestone, 15000000,
appsec (14.796 s) : 14796000, 14796000
.   : milestone, 14796000,
iast (18.546 s) : 18546000, 18546000
.   : milestone, 18546000,
iast_GLOBAL (17.921 s) : 17921000, 17921000
.   : milestone, 17921000,
profiling (15.38 s) : 15380000, 15380000
.   : milestone, 15380000,
tracing (15.263 s) : 15263000, 15263000
.   : milestone, 15263000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.02 s [15.02 s, 15.02 s] -
appsec 15.195 s [15.195 s, 15.195 s] 175.0 ms (1.2%)
iast 18.678 s [18.678 s, 18.678 s] 3.658 s (24.4%)
iast_GLOBAL 17.961 s [17.961 s, 17.961 s] 2.941 s (19.6%)
profiling 15.035 s [15.035 s, 15.035 s] 15.0 ms (0.1%)
tracing 14.785 s [14.785 s, 14.785 s] -235.0 ms (-1.6%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.0 s [15.0 s, 15.0 s] -
appsec 14.796 s [14.796 s, 14.796 s] -204.0 ms (-1.4%)
iast 18.546 s [18.546 s, 18.546 s] 3.546 s (23.6%)
iast_GLOBAL 17.921 s [17.921 s, 17.921 s] 2.921 s (19.5%)
profiling 15.38 s [15.38 s, 15.38 s] 380.0 ms (2.5%)
tracing 15.263 s [15.263 s, 15.263 s] 263.0 ms (1.8%)

@jandro996 jandro996 force-pushed the alejandro.gonzalez/IW_directory_listing_improve branch from afe24a6 to 512b4cb Compare April 10, 2024 06:12
@jandro996 jandro996 changed the base branch from master to alejandro.gonzalez/IW_admin_console_active_improve April 10, 2024 06:12
@jandro996 jandro996 changed the title Add directory listing WEBLOGIC and WEBSPHERE support Add directory listing suppport to WEBLOGIC, WEBSPHERE and JETTY Apr 10, 2024
@jandro996 jandro996 force-pushed the alejandro.gonzalez/IW_directory_listing_improve branch from d2bb519 to 7a54b98 Compare April 10, 2024 06:21
@jandro996 jandro996 changed the title Add directory listing suppport to WEBLOGIC, WEBSPHERE and JETTY IW - II - Add directory listing suppport to WEBLOGIC, WEBSPHERE and JETTY Apr 10, 2024
@smola smola added comp: asm iast Application Security Management (IAST) R&D labels Apr 15, 2024
@jandro996 jandro996 force-pushed the alejandro.gonzalez/IW_admin_console_active_improve branch 2 times, most recently from 20c9efd to cbeea3a Compare April 16, 2024 11:24
Base automatically changed from alejandro.gonzalez/IW_admin_console_active_improve to master April 16, 2024 12:25
@jandro996 jandro996 force-pushed the alejandro.gonzalez/IW_directory_listing_improve branch from 7a54b98 to 82b29ef Compare April 16, 2024 15:49
@jandro996 jandro996 force-pushed the alejandro.gonzalez/IW_directory_listing_improve branch from ac1b217 to 231e977 Compare April 16, 2024 15:57
@jandro996 jandro996 changed the title IW - II - Add directory listing suppport to WEBLOGIC, WEBSPHERE and JETTY Add directory listing suppport to WEBLOGIC, WEBSPHERE and JETTY Apr 16, 2024
@jandro996 jandro996 changed the title Add directory listing suppport to WEBLOGIC, WEBSPHERE and JETTY Add directory listing support to WEBLOGIC, WEBSPHERE and JETTY Apr 16, 2024
@jandro996 jandro996 marked this pull request as ready for review April 16, 2024 16:30
@jandro996 jandro996 requested a review from a team as a code owner April 16, 2024 16:30
@jandro996 jandro996 merged commit 652193c into master Apr 18, 2024
@jandro996 jandro996 deleted the alejandro.gonzalez/IW_directory_listing_improve branch April 18, 2024 08:36
@github-actions github-actions bot added this to the 1.33.0 milestone Apr 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smola smola smola approved these changes

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@ValentinZakharov ValentinZakharov Awaiting requested review from ValentinZakharov ValentinZakharov is a code owner automatically assigned from DataDog/asm-java

Assignees

No one assigned

Labels

comp: asm iast Application Security Management (IAST)

Projects

None yet

Milestone

1.33.0

Development

Successfully merging this pull request may close these issues.

4 participants

@jandro996 @smola @manuel-alvarez-alvarez