Skip to content

Libddwaf upgrade to 17.1.0 #9486

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Oct 8, 2025
Merged

Libddwaf upgrade to 17.1.0 #9486

merged 15 commits into from
Oct 8, 2025
+238 −186

Conversation

@sezen-datadog
Copy link
Contributor

@sezen-datadog sezen-datadog commented Sep 8, 2025
edited
Loading

What Does This Do

small upgrade for waf on the libddwaf side, the new version of libddwaf allows for us to remove the earlier custom implementation of json parsing (numbers were parsed to double which the waf rejected, there is no longer an issue with this) and bug fixes to trace tagging (sampling priority fix) + enhancement of smoke tests

Motivation

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-58796

@sezen-datadog sezen-datadog requested a review from a team as a code owner September 8, 2025 08:23
@sezen-datadog sezen-datadog added the comp: asm waf Application Security Management (WAF) label Sep 8, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Sep 8, 2025
edited
Loading

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

sezen-datadog
sezen-datadog commented Sep 8, 2025
View reviewed changes
dd-java-agent/appsec/src/main/java/com/datadog/appsec/ddwaf/WAFModule.java

private static final JsonAdapter<List<WAFResultData>> RES_JSON_ADAPTER;

private static final Map<String, ActionInfo> DEFAULT_ACTIONS;
Copy link
Contributor Author

@sezen-datadog sezen-datadog Sep 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dead code

@sezen-datadog sezen-datadog added the type: enhancement Enhancements and improvements label Sep 8, 2025
@sezen-datadog sezen-datadog marked this pull request as draft September 8, 2025 08:48
@datadog-official
Copy link

datadog-official bot commented Sep 11, 2025
edited by datadog-datadog-prod-us1 bot
Loading

🎯 Code Coverage
Patch Coverage: 70.00%
Total Coverage: 57.97% (-0.02%)

View detailed report

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: b8d3158 | Docs | Was this helpful? Give us feedback!

@pr-commenter
Copy link

pr-commenter bot commented Sep 11, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sezen.leblay/waf-upgrade
git_commit_date 1759740320 1759744551
git_commit_sha 4386dc4 b8d3158
release_version 1.54.0-SNAPSHOT~4386dc46f0 1.54.0-SNAPSHOT~b8d31589e9
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1759746336 1759746336
ci_job_id 1164237201 1164237201
ci_pipeline_id 78447035 78447035
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-abp777ul 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-abp777ul 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 58 metrics, 7 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.54.0-SNAPSHOT~b8d31589e9, baseline=1.54.0-SNAPSHOT~4386dc46f0

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.02 s) : 0, 1019616
Total [baseline] (10.679 s) : 0, 10678734
Agent [candidate] (1.026 s) : 0, 1026235
Total [candidate] (10.791 s) : 0, 10790721
section appsec
Agent [baseline] (1.195 s) : 0, 1195069
Total [baseline] (11.022 s) : 0, 11022073
Agent [candidate] (1.199 s) : 0, 1199396
Total [candidate] (10.976 s) : 0, 10976021
section iast
Agent [baseline] (1.149 s) : 0, 1149451
Total [baseline] (10.896 s) : 0, 10896095
Agent [candidate] (1.148 s) : 0, 1148411
Total [candidate] (10.97 s) : 0, 10969964
section profiling
Agent [baseline] (1.169 s) : 0, 1168717
Total [baseline] (11.066 s) : 0, 11065676
Agent [candidate] (1.165 s) : 0, 1165350
Total [candidate] (11.04 s) : 0, 11039854
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.02 s -
Agent appsec 1.195 s 175.453 ms (17.2%)
Agent iast 1.149 s 129.835 ms (12.7%)
Agent profiling 1.169 s 149.101 ms (14.6%)
Total tracing 10.679 s -
Total appsec 11.022 s 343.339 ms (3.2%)
Total iast 10.896 s 217.361 ms (2.0%)
Total profiling 11.066 s 386.941 ms (3.6%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.026 s -
Agent appsec 1.199 s 173.161 ms (16.9%)
Agent iast 1.148 s 122.176 ms (11.9%)
Agent profiling 1.165 s 139.116 ms (13.6%)
Total tracing 10.791 s -
Total appsec 10.976 s 185.301 ms (1.7%)
Total iast 10.97 s 179.243 ms (1.7%)
Total profiling 11.04 s 249.134 ms (2.3%) 
gantt
    title petclinic - break down per module: candidate=1.54.0-SNAPSHOT~b8d31589e9, baseline=1.54.0-SNAPSHOT~4386dc46f0

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.461 ms) : 0, 1461
crashtracking [candidate] (1.462 ms) : 0, 1462
BytebuddyAgent [baseline] (695.0 ms) : 0, 695000
BytebuddyAgent [candidate] (699.185 ms) : 0, 699185
GlobalTracer [baseline] (242.105 ms) : 0, 242105
GlobalTracer [candidate] (244.723 ms) : 0, 244723
AppSec [baseline] (32.674 ms) : 0, 32674
AppSec [candidate] (32.437 ms) : 0, 32437
Debugger [baseline] (6.39 ms) : 0, 6390
Debugger [candidate] (6.401 ms) : 0, 6401
Remote Config [baseline] (697.823 µs) : 0, 698
Remote Config [candidate] (678.455 µs) : 0, 678
Telemetry [baseline] (9.168 ms) : 0, 9168
Telemetry [candidate] (9.365 ms) : 0, 9365
Flare Poller [baseline] (10.989 ms) : 0, 10989
Flare Poller [candidate] (10.787 ms) : 0, 10787
section appsec
crashtracking [baseline] (1.462 ms) : 0, 1462
crashtracking [candidate] (1.477 ms) : 0, 1477
BytebuddyAgent [baseline] (718.182 ms) : 0, 718182
BytebuddyAgent [candidate] (722.908 ms) : 0, 722908
GlobalTracer [baseline] (234.68 ms) : 0, 234680
GlobalTracer [candidate] (235.884 ms) : 0, 235884
AppSec [baseline] (173.784 ms) : 0, 173784
AppSec [candidate] (173.923 ms) : 0, 173923
Debugger [baseline] (6.201 ms) : 0, 6201
Debugger [candidate] (6.038 ms) : 0, 6038
Remote Config [baseline] (660.442 µs) : 0, 660
Remote Config [candidate] (641.793 µs) : 0, 642
Telemetry [baseline] (10.005 ms) : 0, 10005
Telemetry [candidate] (8.523 ms) : 0, 8523
Flare Poller [baseline] (4.01 ms) : 0, 4010
Flare Poller [candidate] (3.883 ms) : 0, 3883
IAST [baseline] (24.973 ms) : 0, 24973
IAST [candidate] (24.849 ms) : 0, 24849
section iast
crashtracking [baseline] (1.457 ms) : 0, 1457
crashtracking [candidate] (1.469 ms) : 0, 1469
BytebuddyAgent [baseline] (813.459 ms) : 0, 813459
BytebuddyAgent [candidate] (812.645 ms) : 0, 812645
GlobalTracer [baseline] (231.774 ms) : 0, 231774
GlobalTracer [candidate] (232.892 ms) : 0, 232892
AppSec [baseline] (35.432 ms) : 0, 35432
AppSec [candidate] (34.654 ms) : 0, 34654
Debugger [baseline] (6.066 ms) : 0, 6066
Debugger [candidate] (6.1 ms) : 0, 6100
Remote Config [baseline] (601.38 µs) : 0, 601
Remote Config [candidate] (606.962 µs) : 0, 607
Telemetry [baseline] (8.468 ms) : 0, 8468
Telemetry [candidate] (8.475 ms) : 0, 8475
Flare Poller [baseline] (4.23 ms) : 0, 4230
Flare Poller [candidate] (4.203 ms) : 0, 4203
IAST [baseline] (26.798 ms) : 0, 26798
IAST [candidate] (26.178 ms) : 0, 26178
section profiling
crashtracking [baseline] (1.427 ms) : 0, 1427
crashtracking [candidate] (1.429 ms) : 0, 1429
BytebuddyAgent [baseline] (726.967 ms) : 0, 726967
BytebuddyAgent [candidate] (723.293 ms) : 0, 723293
GlobalTracer [baseline] (219.446 ms) : 0, 219446
GlobalTracer [candidate] (218.698 ms) : 0, 218698
AppSec [baseline] (33.264 ms) : 0, 33264
AppSec [candidate] (32.324 ms) : 0, 32324
Debugger [baseline] (7.327 ms) : 0, 7327
Debugger [candidate] (6.536 ms) : 0, 6536
Remote Config [baseline] (695.408 µs) : 0, 695
Remote Config [candidate] (737.072 µs) : 0, 737
Telemetry [baseline] (15.86 ms) : 0, 15860
Telemetry [candidate] (16.75 ms) : 0, 16750
Flare Poller [baseline] (4.143 ms) : 0, 4143
Flare Poller [candidate] (4.147 ms) : 0, 4147
ProfilingAgent [baseline] (106.8 ms) : 0, 106800
ProfilingAgent [candidate] (107.776 ms) : 0, 107776
Profiling [baseline] (107.406 ms) : 0, 107406
Profiling [candidate] (109.658 ms) : 0, 109658
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.54.0-SNAPSHOT~b8d31589e9, baseline=1.54.0-SNAPSHOT~4386dc46f0

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.019 s) : 0, 1018544
Total [baseline] (8.689 s) : 0, 8689199
Agent [candidate] (1.02 s) : 0, 1019962
Total [candidate] (8.698 s) : 0, 8698412
section iast
Agent [baseline] (1.159 s) : 0, 1159142
Total [baseline] (9.262 s) : 0, 9261880
Agent [candidate] (1.159 s) : 0, 1159233
Total [candidate] (9.302 s) : 0, 9301579
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.019 s -
Agent iast 1.159 s 140.598 ms (13.8%)
Total tracing 8.689 s -
Total iast 9.262 s 572.681 ms (6.6%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.02 s -
Agent iast 1.159 s 139.271 ms (13.7%)
Total tracing 8.698 s -
Total iast 9.302 s 603.167 ms (6.9%) 
gantt
    title insecure-bank - break down per module: candidate=1.54.0-SNAPSHOT~b8d31589e9, baseline=1.54.0-SNAPSHOT~4386dc46f0

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.459 ms) : 0, 1459
crashtracking [candidate] (1.465 ms) : 0, 1465
BytebuddyAgent [baseline] (694.934 ms) : 0, 694934
BytebuddyAgent [candidate] (695.057 ms) : 0, 695057
GlobalTracer [baseline] (241.984 ms) : 0, 241984
GlobalTracer [candidate] (243.349 ms) : 0, 243349
AppSec [baseline] (32.689 ms) : 0, 32689
AppSec [candidate] (32.104 ms) : 0, 32104
Debugger [baseline] (6.424 ms) : 0, 6424
Debugger [candidate] (6.334 ms) : 0, 6334
Remote Config [baseline] (695.531 µs) : 0, 696
Remote Config [candidate] (671.084 µs) : 0, 671
Telemetry [baseline] (9.2 ms) : 0, 9200
Telemetry [candidate] (9.32 ms) : 0, 9320
Flare Poller [baseline] (10.067 ms) : 0, 10067
Flare Poller [candidate] (10.574 ms) : 0, 10574
section iast
crashtracking [baseline] (1.475 ms) : 0, 1475
crashtracking [candidate] (1.473 ms) : 0, 1473
BytebuddyAgent [baseline] (820.667 ms) : 0, 820667
BytebuddyAgent [candidate] (820.611 ms) : 0, 820611
GlobalTracer [baseline] (233.311 ms) : 0, 233311
GlobalTracer [candidate] (234.216 ms) : 0, 234216
AppSec [baseline] (35.672 ms) : 0, 35672
AppSec [candidate] (35.359 ms) : 0, 35359
Debugger [baseline] (6.054 ms) : 0, 6054
Debugger [candidate] (6.206 ms) : 0, 6206
Remote Config [baseline] (597.538 µs) : 0, 598
Remote Config [candidate] (614.789 µs) : 0, 615
Telemetry [baseline] (8.494 ms) : 0, 8494
Telemetry [candidate] (8.691 ms) : 0, 8691
Flare Poller [baseline] (4.301 ms) : 0, 4301
Flare Poller [candidate] (4.266 ms) : 0, 4266
IAST [baseline] (27.182 ms) : 0, 27182
IAST [candidate] (26.491 ms) : 0, 26491
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sezen.leblay/waf-upgrade
git_commit_date 1759740320 1759744551
git_commit_sha 4386dc4 b8d3158
release_version 1.54.0-SNAPSHOT~4386dc46f0 1.54.0-SNAPSHOT~b8d31589e9
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1759746084 1759746084
ci_job_id 1164237202 1164237202
ci_pipeline_id 78447035 78447035
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-2-lepkgpow 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-2-lepkgpow 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 3 performance regressions! Performance is the same for 7 metrics, 12 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:insecure-bank:no_agent:high_load better
[-242.074µs; -133.672µs] or [-5.339%; -2.948%]		 unstable
[-59.881op/s; +147.819op/s] or [-5.913%; +14.595%]		 4.346ms 1056.750op/s 4.534ms 1012.781op/s
scenario:load:insecure-bank:iast_GLOBAL:high_load worse
[+435.629µs; +845.741µs] or [+4.209%; +8.172%]		 unstable
[-74.601op/s; +22.664op/s] or [-16.616%; +5.048%]		 10.990ms 423.000op/s 10.349ms 448.969op/s
scenario:load:insecure-bank:iast:high_load worse
[+313.110µs; +666.063µs] or [+3.286%; +6.990%]		 unstable
[-77.771op/s; +30.521op/s] or [-15.959%; +6.263%]		 10.018ms 463.688op/s 9.529ms 487.312op/s
scenario:load:petclinic:iast:high_load better
[-1.952ms; -1.080ms] or [-4.208%; -2.328%]		 unstable
[-2.107op/s; +11.547op/s] or [-2.088%; +11.446%]		 44.865ms 105.595op/s 46.381ms 100.875op/s
scenario:load:petclinic:tracing:high_load worse
[+1.481ms; +2.314ms] or [+3.399%; +5.311%]		 unstable
[-10.215op/s; +3.870op/s] or [-9.516%; +3.605%]		 45.464ms 104.177op/s 43.567ms 107.350op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.54.0-SNAPSHOT~b8d31589e9, baseline=1.54.0-SNAPSHOT~4386dc46f0
    dateFormat X
    axisFormat %s
section baseline
no_agent (36.841 ms) : 36539, 37143
.   : milestone, 36841,
appsec (47.813 ms) : 47412, 48213
.   : milestone, 47813,
code_origins (44.314 ms) : 43928, 44699
.   : milestone, 44314,
iast (46.381 ms) : 45969, 46793
.   : milestone, 46381,
profiling (48.23 ms) : 47790, 48670
.   : milestone, 48230,
tracing (43.567 ms) : 43192, 43942
.   : milestone, 43567,
section candidate
no_agent (36.993 ms) : 36693, 37292
.   : milestone, 36993,
appsec (47.997 ms) : 47568, 48426
.   : milestone, 47997,
code_origins (43.574 ms) : 43197, 43951
.   : milestone, 43574,
iast (44.865 ms) : 44467, 45263
.   : milestone, 44865,
profiling (47.097 ms) : 46669, 47525
.   : milestone, 47097,
tracing (45.464 ms) : 45065, 45863
.   : milestone, 45464,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 36.841 ms [36.539 ms, 37.143 ms] -
appsec 47.813 ms [47.412 ms, 48.213 ms] 10.972 ms (29.8%)
code_origins 44.314 ms [43.928 ms, 44.699 ms] 7.473 ms (20.3%)
iast 46.381 ms [45.969 ms, 46.793 ms] 9.54 ms (25.9%)
profiling 48.23 ms [47.79 ms, 48.67 ms] 11.389 ms (30.9%)
tracing 43.567 ms [43.192 ms, 43.942 ms] 6.726 ms (18.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 36.993 ms [36.693 ms, 37.292 ms] -
appsec 47.997 ms [47.568 ms, 48.426 ms] 11.004 ms (29.7%)
code_origins 43.574 ms [43.197 ms, 43.951 ms] 6.581 ms (17.8%)
iast 44.865 ms [44.467 ms, 45.263 ms] 7.872 ms (21.3%)
profiling 47.097 ms [46.669 ms, 47.525 ms] 10.104 ms (27.3%)
tracing 45.464 ms [45.065 ms, 45.863 ms] 8.472 ms (22.9%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.54.0-SNAPSHOT~b8d31589e9, baseline=1.54.0-SNAPSHOT~4386dc46f0
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.534 ms) : 4483, 4586
.   : milestone, 4534,
iast (9.529 ms) : 9369, 9688
.   : milestone, 9529,
iast_FULL (14.315 ms) : 14029, 14602
.   : milestone, 14315,
iast_GLOBAL (10.349 ms) : 10165, 10534
.   : milestone, 10349,
profiling (8.679 ms) : 8539, 8820
.   : milestone, 8679,
tracing (7.702 ms) : 7593, 7811
.   : milestone, 7702,
section candidate
no_agent (4.346 ms) : 4298, 4395
.   : milestone, 4346,
iast (10.018 ms) : 9850, 10187
.   : milestone, 10018,
iast_FULL (14.578 ms) : 14290, 14867
.   : milestone, 14578,
iast_GLOBAL (10.99 ms) : 10794, 11187
.   : milestone, 10990,
profiling (8.55 ms) : 8408, 8691
.   : milestone, 8550,
tracing (7.853 ms) : 7732, 7974
.   : milestone, 7853,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.534 ms [4.483 ms, 4.586 ms] -
iast 9.529 ms [9.369 ms, 9.688 ms] 4.994 ms (110.1%)
iast_FULL 14.315 ms [14.029 ms, 14.602 ms] 9.781 ms (215.7%)
iast_GLOBAL 10.349 ms [10.165 ms, 10.534 ms] 5.815 ms (128.2%)
profiling 8.679 ms [8.539 ms, 8.82 ms] 4.145 ms (91.4%)
tracing 7.702 ms [7.593 ms, 7.811 ms] 3.168 ms (69.9%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.346 ms [4.298 ms, 4.395 ms] -
iast 10.018 ms [9.85 ms, 10.187 ms] 5.672 ms (130.5%)
iast_FULL 14.578 ms [14.29 ms, 14.867 ms] 10.232 ms (235.4%)
iast_GLOBAL 10.99 ms [10.794 ms, 11.187 ms] 6.644 ms (152.9%)
profiling 8.55 ms [8.408 ms, 8.691 ms] 4.203 ms (96.7%)
tracing 7.853 ms [7.732 ms, 7.974 ms] 3.506 ms (80.7%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sezen.leblay/waf-upgrade
git_commit_date 1759740320 1759744551
git_commit_sha 4386dc4 b8d3158
release_version 1.54.0-SNAPSHOT~4386dc46f0 1.54.0-SNAPSHOT~b8d31589e9
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1759746606 1759746606
ci_job_id 1164237203 1164237203
ci_pipeline_id 78447035 78447035
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-2-guzuj9un 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-2-guzuj9un 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.54.0-SNAPSHOT~b8d31589e9, baseline=1.54.0-SNAPSHOT~4386dc46f0
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.469 ms) : 1457, 1480
.   : milestone, 1469,
appsec (2.501 ms) : 2447, 2555
.   : milestone, 2501,
iast (2.196 ms) : 2133, 2260
.   : milestone, 2196,
iast_GLOBAL (2.25 ms) : 2186, 2314
.   : milestone, 2250,
profiling (2.055 ms) : 2003, 2107
.   : milestone, 2055,
tracing (2.019 ms) : 1969, 2069
.   : milestone, 2019,
section candidate
no_agent (1.47 ms) : 1458, 1481
.   : milestone, 1470,
appsec (2.492 ms) : 2439, 2546
.   : milestone, 2492,
iast (2.204 ms) : 2140, 2267
.   : milestone, 2204,
iast_GLOBAL (2.256 ms) : 2192, 2320
.   : milestone, 2256,
profiling (2.062 ms) : 2009, 2115
.   : milestone, 2062,
tracing (2.022 ms) : 1972, 2071
.   : milestone, 2022,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.469 ms [1.457 ms, 1.48 ms] -
appsec 2.501 ms [2.447 ms, 2.555 ms] 1.032 ms (70.3%)
iast 2.196 ms [2.133 ms, 2.26 ms] 727.323 µs (49.5%)
iast_GLOBAL 2.25 ms [2.186 ms, 2.314 ms] 780.86 µs (53.2%)
profiling 2.055 ms [2.003 ms, 2.107 ms] 585.691 µs (39.9%)
tracing 2.019 ms [1.969 ms, 2.069 ms] 550.074 µs (37.4%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.47 ms [1.458 ms, 1.481 ms] -
appsec 2.492 ms [2.439 ms, 2.546 ms] 1.022 ms (69.5%)
iast 2.204 ms [2.14 ms, 2.267 ms] 733.563 µs (49.9%)
iast_GLOBAL 2.256 ms [2.192 ms, 2.32 ms] 786.065 µs (53.5%)
profiling 2.062 ms [2.009 ms, 2.115 ms] 591.853 µs (40.3%)
tracing 2.022 ms [1.972 ms, 2.071 ms] 551.699 µs (37.5%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.54.0-SNAPSHOT~b8d31589e9, baseline=1.54.0-SNAPSHOT~4386dc46f0
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.047 s) : 15047000, 15047000
.   : milestone, 15047000,
appsec (14.95 s) : 14950000, 14950000
.   : milestone, 14950000,
iast (18.74 s) : 18740000, 18740000
.   : milestone, 18740000,
iast_GLOBAL (18.069 s) : 18069000, 18069000
.   : milestone, 18069000,
profiling (15.393 s) : 15393000, 15393000
.   : milestone, 15393000,
tracing (15.237 s) : 15237000, 15237000
.   : milestone, 15237000,
section candidate
no_agent (14.976 s) : 14976000, 14976000
.   : milestone, 14976000,
appsec (14.964 s) : 14964000, 14964000
.   : milestone, 14964000,
iast (18.437 s) : 18437000, 18437000
.   : milestone, 18437000,
iast_GLOBAL (18.191 s) : 18191000, 18191000
.   : milestone, 18191000,
profiling (15.435 s) : 15435000, 15435000
.   : milestone, 15435000,
tracing (15.216 s) : 15216000, 15216000
.   : milestone, 15216000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.047 s [15.047 s, 15.047 s] -
appsec 14.95 s [14.95 s, 14.95 s] -97.0 ms (-0.6%)
iast 18.74 s [18.74 s, 18.74 s] 3.693 s (24.5%)
iast_GLOBAL 18.069 s [18.069 s, 18.069 s] 3.022 s (20.1%)
profiling 15.393 s [15.393 s, 15.393 s] 346.0 ms (2.3%)
tracing 15.237 s [15.237 s, 15.237 s] 190.0 ms (1.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.976 s [14.976 s, 14.976 s] -
appsec 14.964 s [14.964 s, 14.964 s] -12.0 ms (-0.1%)
iast 18.437 s [18.437 s, 18.437 s] 3.461 s (23.1%)
iast_GLOBAL 18.191 s [18.191 s, 18.191 s] 3.215 s (21.5%)
profiling 15.435 s [15.435 s, 15.435 s] 459.0 ms (3.1%)
tracing 15.216 s [15.216 s, 15.216 s] 240.0 ms (1.6%)

@sezen-datadog sezen-datadog changed the title Waf upgrade to 1.28.0 Waf upgrade to 1.28.1 Sep 16, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Sep 16, 2025

Hi! 👋 Looks like you updated a Git Submodule.
If this was not intentional please make sure to:

jandro996
jandro996 reviewed Sep 16, 2025
View reviewed changes
@sezen-datadog sezen-datadog force-pushed the sezen.leblay/waf-upgrade branch from 8460db5 to bc5038c Compare September 16, 2025 09:20
@github-actions
Copy link
Contributor

github-actions bot commented Sep 16, 2025

Hi! 👋 Looks like you updated a Git Submodule.
If this was not intentional please make sure to:

@sezen-datadog sezen-datadog force-pushed the sezen.leblay/waf-upgrade branch from bc5038c to 44902b2 Compare September 16, 2025 09:23
@github-actions
Copy link
Contributor

github-actions bot commented Sep 16, 2025

Hi! 👋 Looks like you updated a Git Submodule.
If this was not intentional please make sure to:

@sezen-datadog sezen-datadog changed the title Waf upgrade to 1.28.1 Libddwaf upgrade to 17.1.0 Sep 16, 2025
@sezen-datadog sezen-datadog force-pushed the sezen.leblay/waf-upgrade branch from 44902b2 to d847652 Compare September 16, 2025 09:24
@github-actions
Copy link
Contributor

github-actions bot commented Sep 16, 2025

Hi! 👋 Looks like you updated a Git Submodule.
If this was not intentional please make sure to:

2 similar comments
@github-actions
Copy link
Contributor

github-actions bot commented Sep 18, 2025

Hi! 👋 Looks like you updated a Git Submodule.
If this was not intentional please make sure to:

@github-actions
Copy link
Contributor

github-actions bot commented Sep 18, 2025

Hi! 👋 Looks like you updated a Git Submodule.
If this was not intentional please make sure to:

@sezen-datadog sezen-datadog marked this pull request as ready for review September 18, 2025 14:30
@sezen-datadog sezen-datadog requested a review from a team as a code owner September 18, 2025 14:30
@sezen-datadog sezen-datadog force-pushed the sezen.leblay/waf-upgrade branch from b4ee066 to 8108556 Compare September 19, 2025 07:51
@github-actions
Copy link
Contributor

github-actions bot commented Sep 19, 2025

Hi! 👋 Looks like you updated a Git Submodule.
If this was not intentional please make sure to:

jandro996
jandro996 requested changes Sep 19, 2025
View reviewed changes
Copy link
Member

@jandro996 jandro996 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added a comment related with the ASM_KEEP tag that seems that should not be removed.

Just a quick note, this isn’t super relevant for this PR specifically, but IMHO it’s always easier to review smaller, focused PRs. This one could probably be split into 2 or 3, in case of a regression, it makes rollbacks simpler too 😊

@sezen-datadog sezen-datadog force-pushed the sezen.leblay/waf-upgrade branch from eb328ea to c65718c Compare September 19, 2025 13:43
@sezen-datadog
Controversial commit that works for trace tag
7260492 
Signed-off-by: sezen.leblay <sezen.leblay@datadoghq.com>
@sezen-datadog
Revert "Controversial commit that works for trace tag"
2914c00 
This reverts commit d999005.
@sezen-datadog
trial
c513eb6 
Signed-off-by: sezen.leblay <sezen.leblay@datadoghq.com>
@sezen-datadog sezen-datadog force-pushed the sezen.leblay/waf-upgrade branch 2 times, most recently from 44eee7c to 5d0cbd7 Compare October 1, 2025 13:18
@sezen-datadog
oh!
00fa9fd 
Signed-off-by: sezen.leblay <sezen.leblay@datadoghq.com>
@sezen-datadog sezen-datadog force-pushed the sezen.leblay/waf-upgrade branch from 5d0cbd7 to 00fa9fd Compare October 1, 2025 14:07
@sezen-datadog
alejandro part 1
05fab9c 
Signed-off-by: sezen.leblay <sezen.leblay@datadoghq.com>
@sezen-datadog
mistake
8fe160a 
Signed-off-by: sezen.leblay <sezen.leblay@datadoghq.com>
@sezen-datadog
cleanup of unit tests
f2f9558 
Signed-off-by: sezen.leblay <sezen.leblay@datadoghq.com>
@sezen-datadog
cleanup
357968b 
Signed-off-by: sezen.leblay <sezen.leblay@datadoghq.com>
@sezen-datadog
cleanup
9fc0b3a 
Signed-off-by: sezen.leblay <sezen.leblay@datadoghq.com>
@sezen-datadog
Merge branch 'master' into sezen.leblay/waf-upgrade
8e23408
@sezen-datadog
cleanup
0bec75c 
Signed-off-by: sezen.leblay <sezen.leblay@datadoghq.com>
@sezen-datadog
Merge branch 'master' into sezen.leblay/waf-upgrade
2824138
jandro996
jandro996 reviewed Oct 3, 2025
View reviewed changes
@sezen-datadog
cleanup
5f82fb0 
Signed-off-by: sezen.leblay <sezen.leblay@datadoghq.com>
smola
smola reviewed Oct 6, 2025
View reviewed changes
@sezen-datadog
comments
b8d3158 
Signed-off-by: sezen.leblay <sezen.leblay@datadoghq.com>
jandro996
jandro996 approved these changes Oct 8, 2025
View reviewed changes
Copy link
Member

@jandro996 jandro996 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@sezen-datadog sezen-datadog merged commit a56894b into master Oct 8, 2025
536 checks passed
@sezen-datadog sezen-datadog deleted the sezen.leblay/waf-upgrade branch October 8, 2025 11:55
@github-actions github-actions bot added this to the 1.55.0 milestone Oct 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smola smola smola approved these changes

@jandro996 jandro996 jandro996 approved these changes

@robertpi robertpi Awaiting requested review from robertpi robertpi is a code owner automatically assigned from DataDog/asm-java

@manuel-alvarez-alvarez manuel-alvarez-alvarez Awaiting requested review from manuel-alvarez-alvarez manuel-alvarez-alvarez was automatically assigned from DataDog/apm-java

Assignees

No one assigned

Labels

comp: asm waf Application Security Management (WAF) type: enhancement Enhancements and improvements

Projects

None yet

Milestone

1.55.0

Development

Successfully merging this pull request may close these issues.

4 participants

@sezen-datadog @smola @jandro996