Skip to content

Ensure blocking exceptions are propagated for SSRF #9790

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 17, 2025
Merged

Ensure blocking exceptions are propagated for SSRF #9790

merged 1 commit into from
Oct 17, 2025

Conversation

@manuel-alvarez-alvarez
Copy link
Member

@manuel-alvarez-alvarez manuel-alvarez-alvarez commented Oct 17, 2025
edited
Loading

What Does This Do

Ensures that blocking exceptions are properly propagated when testing RASP protections against SSRF attacks.

Motivation

If the exception isn’t propagated, execution continues and the attack may succeed, even if the response is eventually blocked.

Additional Notes

Contributor Checklist

Jira ticket: [PROJ-IDENT]

@manuel-alvarez-alvarez manuel-alvarez-alvarez added the type: bug Bug report and fix label Oct 17, 2025
@manuel-alvarez-alvarez manuel-alvarez-alvarez added the comp: asm waf Application Security Management (WAF) label Oct 17, 2025
@datadog-datadog-prod-us1
Copy link
Contributor

datadog-datadog-prod-us1 bot commented Oct 17, 2025
edited
Loading

🎯 Code Coverage
Patch Coverage: 33.33%
Total Coverage: 63.32% (+3.53%)

View detailed report

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: fbf00b3 | Docs | Was this helpful? Give us feedback!

@pr-commenter
Copy link

pr-commenter bot commented Oct 17, 2025

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/waf-fix-ssrf-blocking-exception
git_commit_date 1760694165 1760694875
git_commit_sha 664b9a4 fbf00b3
release_version 1.55.0-SNAPSHOT~664b9a412c 1.55.0-SNAPSHOT~fbf00b38b5
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1760696760 1760696760
ci_job_id 1184588059 1184588059
ci_pipeline_id 79605032 79605032
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-inaw21ns 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-inaw21ns 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 60 metrics, 5 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.55.0-SNAPSHOT~fbf00b38b5, baseline=1.55.0-SNAPSHOT~664b9a412c

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.019 s) : 0, 1019084
Total [baseline] (10.708 s) : 0, 10707560
Agent [candidate] (1.018 s) : 0, 1017859
Total [candidate] (10.795 s) : 0, 10795079
section appsec
Agent [baseline] (1.194 s) : 0, 1194338
Total [baseline] (10.782 s) : 0, 10781650
Agent [candidate] (1.203 s) : 0, 1203003
Total [candidate] (10.874 s) : 0, 10873781
section iast
Agent [baseline] (1.152 s) : 0, 1151701
Total [baseline] (11.109 s) : 0, 11109342
Agent [candidate] (1.148 s) : 0, 1148003
Total [candidate] (11.141 s) : 0, 11140857
section profiling
Agent [baseline] (1.162 s) : 0, 1162359
Total [baseline] (10.925 s) : 0, 10924813
Agent [candidate] (1.163 s) : 0, 1163109
Total [candidate] (10.922 s) : 0, 10922413
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.019 s -
Agent appsec 1.194 s 175.254 ms (17.2%)
Agent iast 1.152 s 132.617 ms (13.0%)
Agent profiling 1.162 s 143.275 ms (14.1%)
Total tracing 10.708 s -
Total appsec 10.782 s 74.09 ms (0.7%)
Total iast 11.109 s 401.782 ms (3.8%)
Total profiling 10.925 s 217.252 ms (2.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.018 s -
Agent appsec 1.203 s 185.144 ms (18.2%)
Agent iast 1.148 s 130.143 ms (12.8%)
Agent profiling 1.163 s 145.25 ms (14.3%)
Total tracing 10.795 s -
Total appsec 10.874 s 78.702 ms (0.7%)
Total iast 11.141 s 345.779 ms (3.2%)
Total profiling 10.922 s 127.335 ms (1.2%) 
gantt
    title petclinic - break down per module: candidate=1.55.0-SNAPSHOT~fbf00b38b5, baseline=1.55.0-SNAPSHOT~664b9a412c

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.473 ms) : 0, 1473
crashtracking [candidate] (1.461 ms) : 0, 1461
BytebuddyAgent [baseline] (693.278 ms) : 0, 693278
BytebuddyAgent [candidate] (693.085 ms) : 0, 693085
GlobalTracer [baseline] (243.031 ms) : 0, 243031
GlobalTracer [candidate] (242.95 ms) : 0, 242950
AppSec [baseline] (32.641 ms) : 0, 32641
AppSec [candidate] (32.503 ms) : 0, 32503
Debugger [baseline] (6.411 ms) : 0, 6411
Debugger [candidate] (6.394 ms) : 0, 6394
Remote Config [baseline] (686.644 µs) : 0, 687
Remote Config [candidate] (677.353 µs) : 0, 677
Telemetry [baseline] (9.481 ms) : 0, 9481
Telemetry [candidate] (9.511 ms) : 0, 9511
Flare Poller [baseline] (10.798 ms) : 0, 10798
Flare Poller [candidate] (10.12 ms) : 0, 10120
section appsec
crashtracking [baseline] (1.48 ms) : 0, 1480
crashtracking [candidate] (1.489 ms) : 0, 1489
BytebuddyAgent [baseline] (717.312 ms) : 0, 717312
BytebuddyAgent [candidate] (722.646 ms) : 0, 722646
GlobalTracer [baseline] (235.425 ms) : 0, 235425
GlobalTracer [candidate] (237.151 ms) : 0, 237151
IAST [baseline] (24.85 ms) : 0, 24850
IAST [candidate] (25.046 ms) : 0, 25046
AppSec [baseline] (175.075 ms) : 0, 175075
AppSec [candidate] (175.888 ms) : 0, 175888
Debugger [baseline] (6.001 ms) : 0, 6001
Debugger [candidate] (6.195 ms) : 0, 6195
Remote Config [baseline] (630.984 µs) : 0, 631
Remote Config [candidate] (643.877 µs) : 0, 644
Telemetry [baseline] (8.542 ms) : 0, 8542
Telemetry [candidate] (8.641 ms) : 0, 8641
Flare Poller [baseline] (3.908 ms) : 0, 3908
Flare Poller [candidate] (4.034 ms) : 0, 4034
section iast
crashtracking [baseline] (1.462 ms) : 0, 1462
crashtracking [candidate] (1.453 ms) : 0, 1453
BytebuddyAgent [baseline] (814.643 ms) : 0, 814643
BytebuddyAgent [candidate] (812.417 ms) : 0, 812417
GlobalTracer [baseline] (232.672 ms) : 0, 232672
GlobalTracer [candidate] (231.559 ms) : 0, 231559
IAST [baseline] (26.455 ms) : 0, 26455
IAST [candidate] (26.4 ms) : 0, 26400
AppSec [baseline] (35.19 ms) : 0, 35190
AppSec [candidate] (35.1 ms) : 0, 35100
Debugger [baseline] (6.169 ms) : 0, 6169
Debugger [candidate] (6.138 ms) : 0, 6138
Remote Config [baseline] (606.666 µs) : 0, 607
Remote Config [candidate] (591.119 µs) : 0, 591
Telemetry [baseline] (8.771 ms) : 0, 8771
Telemetry [candidate] (8.581 ms) : 0, 8581
Flare Poller [baseline] (4.145 ms) : 0, 4145
Flare Poller [candidate] (4.258 ms) : 0, 4258
section profiling
crashtracking [baseline] (1.438 ms) : 0, 1438
crashtracking [candidate] (1.444 ms) : 0, 1444
BytebuddyAgent [baseline] (720.201 ms) : 0, 720201
BytebuddyAgent [candidate] (720.281 ms) : 0, 720281
GlobalTracer [baseline] (219.234 ms) : 0, 219234
GlobalTracer [candidate] (218.572 ms) : 0, 218572
AppSec [baseline] (32.276 ms) : 0, 32276
AppSec [candidate] (32.341 ms) : 0, 32341
Debugger [baseline] (6.678 ms) : 0, 6678
Debugger [candidate] (7.513 ms) : 0, 7513
Remote Config [baseline] (709.288 µs) : 0, 709
Remote Config [candidate] (705.232 µs) : 0, 705
Telemetry [baseline] (15.87 ms) : 0, 15870
Telemetry [candidate] (15.407 ms) : 0, 15407
Flare Poller [baseline] (4.159 ms) : 0, 4159
Flare Poller [candidate] (4.111 ms) : 0, 4111
ProfilingAgent [baseline] (108.365 ms) : 0, 108365
ProfilingAgent [candidate] (109.43 ms) : 0, 109430
Profiling [baseline] (109.651 ms) : 0, 109651
Profiling [candidate] (110.614 ms) : 0, 110614
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.55.0-SNAPSHOT~fbf00b38b5, baseline=1.55.0-SNAPSHOT~664b9a412c

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.026 s) : 0, 1025797
Total [baseline] (8.691 s) : 0, 8691268
Agent [candidate] (1.025 s) : 0, 1024652
Total [candidate] (8.699 s) : 0, 8699384
section iast
Agent [baseline] (1.153 s) : 0, 1153192
Total [baseline] (9.318 s) : 0, 9318371
Agent [candidate] (1.154 s) : 0, 1153578
Total [candidate] (9.319 s) : 0, 9319159
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.026 s -
Agent iast 1.153 s 127.395 ms (12.4%)
Total tracing 8.691 s -
Total iast 9.318 s 627.103 ms (7.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.025 s -
Agent iast 1.154 s 128.926 ms (12.6%)
Total tracing 8.699 s -
Total iast 9.319 s 619.775 ms (7.1%) 
gantt
    title insecure-bank - break down per module: candidate=1.55.0-SNAPSHOT~fbf00b38b5, baseline=1.55.0-SNAPSHOT~664b9a412c

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.484 ms) : 0, 1484
crashtracking [candidate] (1.465 ms) : 0, 1465
BytebuddyAgent [baseline] (697.945 ms) : 0, 697945
BytebuddyAgent [candidate] (697.431 ms) : 0, 697431
GlobalTracer [baseline] (244.156 ms) : 0, 244156
GlobalTracer [candidate] (244.7 ms) : 0, 244700
AppSec [baseline] (32.375 ms) : 0, 32375
AppSec [candidate] (32.965 ms) : 0, 32965
Debugger [baseline] (6.446 ms) : 0, 6446
Debugger [candidate] (6.518 ms) : 0, 6518
Remote Config [baseline] (688.768 µs) : 0, 689
Remote Config [candidate] (690.506 µs) : 0, 691
Telemetry [baseline] (9.523 ms) : 0, 9523
Telemetry [candidate] (9.531 ms) : 0, 9531
Flare Poller [baseline] (11.872 ms) : 0, 11872
Flare Poller [candidate] (10.154 ms) : 0, 10154
section iast
crashtracking [baseline] (1.502 ms) : 0, 1502
crashtracking [candidate] (1.497 ms) : 0, 1497
BytebuddyAgent [baseline] (816.196 ms) : 0, 816196
BytebuddyAgent [candidate] (816.143 ms) : 0, 816143
GlobalTracer [baseline] (232.555 ms) : 0, 232555
GlobalTracer [candidate] (232.918 ms) : 0, 232918
IAST [baseline] (26.618 ms) : 0, 26618
IAST [candidate] (26.607 ms) : 0, 26607
AppSec [baseline] (35.181 ms) : 0, 35181
AppSec [candidate] (35.063 ms) : 0, 35063
Debugger [baseline] (6.175 ms) : 0, 6175
Debugger [candidate] (6.202 ms) : 0, 6202
Remote Config [baseline] (607.989 µs) : 0, 608
Remote Config [candidate] (615.347 µs) : 0, 615
Telemetry [baseline] (8.669 ms) : 0, 8669
Telemetry [candidate] (8.721 ms) : 0, 8721
Flare Poller [baseline] (4.208 ms) : 0, 4208
Flare Poller [candidate] (4.309 ms) : 0, 4309
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/waf-fix-ssrf-blocking-exception
git_commit_date 1760694165 1760694875
git_commit_sha 664b9a4 fbf00b3
release_version 1.55.0-SNAPSHOT~664b9a412c 1.55.0-SNAPSHOT~fbf00b38b5
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1760696513 1760696513
ci_job_id 1184588060 1184588060
ci_pipeline_id 79605032 79605032
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-rpmr51ky 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-rpmr51ky 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 3 performance regressions! Performance is the same for 7 metrics, 12 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:insecure-bank:tracing:high_load worse
[+161.772µs; +404.974µs] or [+2.105%; +5.270%]		 unstable
[-86.388op/s; +80.729op/s] or [-14.781%; +13.813%]		 7.968ms 581.625op/s 7.684ms 584.455op/s
scenario:load:insecure-bank:iast_FULL:high_load better
[-1007.573µs; -367.822µs] or [-6.639%; -2.424%]		 unstable
[-23.046op/s; +51.921op/s] or [-7.499%; +16.895%]		 14.488ms 321.750op/s 15.176ms 307.312op/s
scenario:load:petclinic:no_agent:high_load better
[-2.079ms; -1.450ms] or [-5.581%; -3.892%]		 unstable
[-2.813op/s; +15.263op/s] or [-2.242%; +12.163%]		 35.491ms 131.713op/s 37.256ms 125.487op/s
scenario:load:petclinic:code_origins:high_load worse
[+0.894ms; +1.690ms] or [+2.081%; +3.934%]		 unstable
[-11.254op/s; +4.854op/s] or [-10.327%; +4.454%]		 44.235ms 105.775op/s 42.944ms 108.975op/s
scenario:load:petclinic:profiling:high_load worse
[+1.123ms; +2.144ms] or [+2.358%; +4.501%]		 unstable
[-10.642op/s; +4.142op/s] or [-10.830%; +4.215%]		 49.260ms 95.013op/s 47.626ms 98.263op/s
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.55.0-SNAPSHOT~fbf00b38b5, baseline=1.55.0-SNAPSHOT~664b9a412c
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.158 ms) : 4109, 4208
.   : milestone, 4158,
iast (9.877 ms) : 9701, 10054
.   : milestone, 9877,
iast_FULL (15.176 ms) : 14877, 15475
.   : milestone, 15176,
iast_GLOBAL (10.58 ms) : 10389, 10771
.   : milestone, 10580,
profiling (9.094 ms) : 8951, 9236
.   : milestone, 9094,
tracing (7.684 ms) : 7574, 7794
.   : milestone, 7684,
section candidate
no_agent (4.21 ms) : 4159, 4262
.   : milestone, 4210,
iast (10.148 ms) : 9972, 10325
.   : milestone, 10148,
iast_FULL (14.488 ms) : 14193, 14784
.   : milestone, 14488,
iast_GLOBAL (10.273 ms) : 10090, 10456
.   : milestone, 10273,
profiling (8.785 ms) : 8635, 8935
.   : milestone, 8785,
tracing (7.968 ms) : 7852, 8083
.   : milestone, 7968,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.158 ms [4.109 ms, 4.208 ms] -
iast 9.877 ms [9.701 ms, 10.054 ms] 5.719 ms (137.5%)
iast_FULL 15.176 ms [14.877 ms, 15.475 ms] 11.018 ms (264.9%)
iast_GLOBAL 10.58 ms [10.389 ms, 10.771 ms] 6.422 ms (154.4%)
profiling 9.094 ms [8.951 ms, 9.236 ms] 4.935 ms (118.7%)
tracing 7.684 ms [7.574 ms, 7.794 ms] 3.526 ms (84.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.21 ms [4.159 ms, 4.262 ms] -
iast 10.148 ms [9.972 ms, 10.325 ms] 5.938 ms (141.0%)
iast_FULL 14.488 ms [14.193 ms, 14.784 ms] 10.278 ms (244.1%)
iast_GLOBAL 10.273 ms [10.09 ms, 10.456 ms] 6.062 ms (144.0%)
profiling 8.785 ms [8.635 ms, 8.935 ms] 4.575 ms (108.7%)
tracing 7.968 ms [7.852 ms, 8.083 ms] 3.757 ms (89.2%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.55.0-SNAPSHOT~fbf00b38b5, baseline=1.55.0-SNAPSHOT~664b9a412c
    dateFormat X
    axisFormat %s
section baseline
no_agent (37.256 ms) : 36951, 37561
.   : milestone, 37256,
appsec (47.637 ms) : 47219, 48055
.   : milestone, 47637,
code_origins (42.944 ms) : 42570, 43317
.   : milestone, 42944,
iast (46.155 ms) : 45747, 46564
.   : milestone, 46155,
profiling (47.626 ms) : 47179, 48074
.   : milestone, 47626,
tracing (43.833 ms) : 43446, 44219
.   : milestone, 43833,
section candidate
no_agent (35.491 ms) : 35213, 35770
.   : milestone, 35491,
appsec (48.809 ms) : 48384, 49234
.   : milestone, 48809,
code_origins (44.235 ms) : 43869, 44601
.   : milestone, 44235,
iast (45.126 ms) : 44739, 45512
.   : milestone, 45126,
profiling (49.26 ms) : 48760, 49759
.   : milestone, 49260,
tracing (44.181 ms) : 43805, 44557
.   : milestone, 44181,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 37.256 ms [36.951 ms, 37.561 ms] -
appsec 47.637 ms [47.219 ms, 48.055 ms] 10.381 ms (27.9%)
code_origins 42.944 ms [42.57 ms, 43.317 ms] 5.688 ms (15.3%)
iast 46.155 ms [45.747 ms, 46.564 ms] 8.899 ms (23.9%)
profiling 47.626 ms [47.179 ms, 48.074 ms] 10.37 ms (27.8%)
tracing 43.833 ms [43.446 ms, 44.219 ms] 6.577 ms (17.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 35.491 ms [35.213 ms, 35.77 ms] -
appsec 48.809 ms [48.384 ms, 49.234 ms] 13.318 ms (37.5%)
code_origins 44.235 ms [43.869 ms, 44.601 ms] 8.744 ms (24.6%)
iast 45.126 ms [44.739 ms, 45.512 ms] 9.634 ms (27.1%)
profiling 49.26 ms [48.76 ms, 49.759 ms] 13.768 ms (38.8%)
tracing 44.181 ms [43.805 ms, 44.557 ms] 8.689 ms (24.5%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/waf-fix-ssrf-blocking-exception
git_commit_date 1760694165 1760694875
git_commit_sha 664b9a4 fbf00b3
release_version 1.55.0-SNAPSHOT~664b9a412c 1.55.0-SNAPSHOT~fbf00b38b5
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1760696960 1760696960
ci_job_id 1184588061 1184588061
ci_pipeline_id 79605032 79605032
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-kgdijpl3 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-kgdijpl3 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.55.0-SNAPSHOT~fbf00b38b5, baseline=1.55.0-SNAPSHOT~664b9a412c
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.472 ms) : 1460, 1483
.   : milestone, 1472,
appsec (3.642 ms) : 3428, 3857
.   : milestone, 3642,
iast (2.212 ms) : 2148, 2275
.   : milestone, 2212,
iast_GLOBAL (2.249 ms) : 2185, 2313
.   : milestone, 2249,
profiling (2.053 ms) : 2002, 2105
.   : milestone, 2053,
tracing (2.024 ms) : 1975, 2073
.   : milestone, 2024,
section candidate
no_agent (1.476 ms) : 1464, 1487
.   : milestone, 1476,
appsec (3.719 ms) : 3500, 3937
.   : milestone, 3719,
iast (2.208 ms) : 2144, 2272
.   : milestone, 2208,
iast_GLOBAL (2.254 ms) : 2190, 2318
.   : milestone, 2254,
profiling (2.066 ms) : 2013, 2118
.   : milestone, 2066,
tracing (2.021 ms) : 1972, 2071
.   : milestone, 2021,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.472 ms [1.46 ms, 1.483 ms] -
appsec 3.642 ms [3.428 ms, 3.857 ms] 2.171 ms (147.5%)
iast 2.212 ms [2.148 ms, 2.275 ms] 740.104 µs (50.3%)
iast_GLOBAL 2.249 ms [2.185 ms, 2.313 ms] 777.455 µs (52.8%)
profiling 2.053 ms [2.002 ms, 2.105 ms] 581.624 µs (39.5%)
tracing 2.024 ms [1.975 ms, 2.073 ms] 552.232 µs (37.5%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.476 ms [1.464 ms, 1.487 ms] -
appsec 3.719 ms [3.5 ms, 3.937 ms] 2.243 ms (152.0%)
iast 2.208 ms [2.144 ms, 2.272 ms] 732.285 µs (49.6%)
iast_GLOBAL 2.254 ms [2.19 ms, 2.318 ms] 778.599 µs (52.8%)
profiling 2.066 ms [2.013 ms, 2.118 ms] 589.957 µs (40.0%)
tracing 2.021 ms [1.972 ms, 2.071 ms] 545.244 µs (36.9%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.55.0-SNAPSHOT~fbf00b38b5, baseline=1.55.0-SNAPSHOT~664b9a412c
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.588 s) : 15588000, 15588000
.   : milestone, 15588000,
appsec (15.026 s) : 15026000, 15026000
.   : milestone, 15026000,
iast (18.8 s) : 18800000, 18800000
.   : milestone, 18800000,
iast_GLOBAL (18.046 s) : 18046000, 18046000
.   : milestone, 18046000,
profiling (15.407 s) : 15407000, 15407000
.   : milestone, 15407000,
tracing (15.102 s) : 15102000, 15102000
.   : milestone, 15102000,
section candidate
no_agent (15.28 s) : 15280000, 15280000
.   : milestone, 15280000,
appsec (14.897 s) : 14897000, 14897000
.   : milestone, 14897000,
iast (18.54 s) : 18540000, 18540000
.   : milestone, 18540000,
iast_GLOBAL (17.938 s) : 17938000, 17938000
.   : milestone, 17938000,
profiling (15.867 s) : 15867000, 15867000
.   : milestone, 15867000,
tracing (15.197 s) : 15197000, 15197000
.   : milestone, 15197000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.588 s [15.588 s, 15.588 s] -
appsec 15.026 s [15.026 s, 15.026 s] -562.0 ms (-3.6%)
iast 18.8 s [18.8 s, 18.8 s] 3.212 s (20.6%)
iast_GLOBAL 18.046 s [18.046 s, 18.046 s] 2.458 s (15.8%)
profiling 15.407 s [15.407 s, 15.407 s] -181.0 ms (-1.2%)
tracing 15.102 s [15.102 s, 15.102 s] -486.0 ms (-3.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.28 s [15.28 s, 15.28 s] -
appsec 14.897 s [14.897 s, 14.897 s] -383.0 ms (-2.5%)
iast 18.54 s [18.54 s, 18.54 s] 3.26 s (21.3%)
iast_GLOBAL 17.938 s [17.938 s, 17.938 s] 2.658 s (17.4%)
profiling 15.867 s [15.867 s, 15.867 s] 587.0 ms (3.8%)
tracing 15.197 s [15.197 s, 15.197 s] -83.0 ms (-0.5%)

jandro996
jandro996 approved these changes Oct 17, 2025
View reviewed changes
Copy link
Member

@jandro996 jandro996 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix!

@manuel-alvarez-alvarez manuel-alvarez-alvarez merged commit b083d21 into master Oct 17, 2025
542 checks passed
@manuel-alvarez-alvarez manuel-alvarez-alvarez deleted the malvarez/waf-fix-ssrf-blocking-exception branch October 17, 2025 13:16
@github-actions github-actions bot added this to the 1.55.0 milestone Oct 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jandro996 jandro996 jandro996 approved these changes

@robertpi robertpi Awaiting requested review from robertpi robertpi is a code owner automatically assigned from DataDog/asm-java

Assignees

No one assigned

Labels

comp: asm waf Application Security Management (WAF) type: bug Bug report and fix

Projects

None yet

Milestone

1.55.0

Development

Successfully merging this pull request may close these issues.

3 participants

@manuel-alvarez-alvarez @jandro996