Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Guard parsed-body instrumentation from raw Spring HttpMessageConverters #9613

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Sep 26, 2025
Merged

Guard parsed-body instrumentation from raw Spring HttpMessageConverters #9613

merged 4 commits into from
Sep 26, 2025

Conversation

jandro996
Copy link
Member

@jandro996 jandro996 commented Sep 25, 2025
edited by atlassian bot
Loading

What Does This Do

  • Skip publishing the requestBodyProcessed AppSec event when Spring’s HttpMessageConverters return raw payloads so only structured converters feed the parsed-body channel.

  • Add focused instrumentation tests proving that raw converters no longer publish parsed bodies while form conversion still does.

  • Extend the AppSec smoke test and controller with a custom rule and string-body endpoint to confirm the StringHttpMessageConverter path now completes without triggering the parsed-body WAF rule.

Motivation

Avoid false positives in WAF rules related with structured body processed like in escalation https://datadoghq.atlassian.net/browse/SCRS-1682

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-59183

@jandro996 jandro996 added the tag: do not merge Do not merge changes label Sep 25, 2025
@datadog-official Datadog Official
Copy link

datadog-official bot commented Sep 25, 2025
edited by datadog-datadog-prod-us1 bot
Loading

🎯 Code Coverage
Patch Coverage: 100.00%
Total Coverage: 57.79% (-0.05%)

View detailed report

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: f3788e7 | Docs | Was this helpful? Give us feedback!

@pr-commenter
Copy link

pr-commenter bot commented Sep 25, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/SCRS-1682
git_commit_date 1758874940 1758882944
git_commit_sha 8f47b66 f3788e7
release_version 1.54.0-SNAPSHOT~8f47b665c4 1.54.0-SNAPSHOT~f3788e7232
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1758884755 1758884755
ci_job_id 1149442325 1149442325
ci_pipeline_id 77632928 77632928
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-82209i9u 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-82209i9u 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 54 metrics, 5 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.54.0-SNAPSHOT~f3788e7232, baseline=1.54.0-SNAPSHOT~8f47b665c4

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.015 s) : 0, 1014769
Total [baseline] (8.641 s) : 0, 8641496
Agent [candidate] (1.005 s) : 0, 1005448
Total [candidate] (8.66 s) : 0, 8659767
section iast
Agent [baseline] (1.154 s) : 0, 1153986
Total [baseline] (9.324 s) : 0, 9323754
Agent [candidate] (1.143 s) : 0, 1142761
Total [candidate] (9.259 s) : 0, 9258969
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.015 s -
Agent iast 1.154 s 139.217 ms (13.7%)
Total tracing 8.641 s -
Total iast 9.324 s 682.258 ms (7.9%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.005 s -
Agent iast 1.143 s 137.314 ms (13.7%)
Total tracing 8.66 s -
Total iast 9.259 s 599.202 ms (6.9%) 
gantt
    title insecure-bank - break down per module: candidate=1.54.0-SNAPSHOT~f3788e7232, baseline=1.54.0-SNAPSHOT~8f47b665c4

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.464 ms) : 0, 1464
crashtracking [candidate] (1.456 ms) : 0, 1456
BytebuddyAgent [baseline] (689.78 ms) : 0, 689780
BytebuddyAgent [candidate] (688.174 ms) : 0, 688174
GlobalTracer [baseline] (243.106 ms) : 0, 243106
GlobalTracer [candidate] (247.816 ms) : 0, 247816
AppSec [baseline] (31.33 ms) : 0, 31330
AppSec [candidate] (31.035 ms) : 0, 31035
Debugger [baseline] (6.368 ms) : 0, 6368
Debugger [candidate] (6.364 ms) : 0, 6364
Remote Config [baseline] (680.406 µs) : 0, 680
Remote Config [candidate] (672.444 µs) : 0, 672
Telemetry [baseline] (9.092 ms) : 0, 9092
Telemetry [candidate] (8.995 ms) : 0, 8995
Flare Poller [baseline] (11.787 ms) : 0, 11787
section iast
crashtracking [baseline] (1.482 ms) : 0, 1482
crashtracking [candidate] (1.457 ms) : 0, 1457
BytebuddyAgent [baseline] (818.578 ms) : 0, 818578
BytebuddyAgent [candidate] (808.257 ms) : 0, 808257
GlobalTracer [baseline] (233.317 ms) : 0, 233317
GlobalTracer [candidate] (236.773 ms) : 0, 236773
IAST [baseline] (27.35 ms) : 0, 27350
IAST [candidate] (26.232 ms) : 0, 26232
AppSec [baseline] (32.884 ms) : 0, 32884
AppSec [candidate] (33.812 ms) : 0, 33812
Debugger [baseline] (6.048 ms) : 0, 6048
Debugger [candidate] (6.045 ms) : 0, 6045
Remote Config [baseline] (576.197 µs) : 0, 576
Remote Config [candidate] (592.546 µs) : 0, 593
Telemetry [baseline] (8.042 ms) : 0, 8042
Telemetry [candidate] (8.357 ms) : 0, 8357
Flare Poller [baseline] (4.221 ms) : 0, 4221
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.54.0-SNAPSHOT~f3788e7232, baseline=1.54.0-SNAPSHOT~8f47b665c4

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.01 s) : 0, 1010412
Total [baseline] (10.655 s) : 0, 10654869
Agent [candidate] (1.005 s) : 0, 1004507
Total [candidate] (10.681 s) : 0, 10680956
section appsec
Agent [baseline] (1.189 s) : 0, 1189471
Total [baseline] (11.004 s) : 0, 11004206
Agent [candidate] (1.187 s) : 0, 1186906
Total [candidate] (11.046 s) : 0, 11045510
section iast
Agent [baseline] (1.157 s) : 0, 1156760
Total [baseline] (11.066 s) : 0, 11066293
Agent [candidate] (1.152 s) : 0, 1151870
Total [candidate] (10.949 s) : 0, 10949481
section profiling
Agent [baseline] (1.149 s) : 0, 1148835
Total [baseline] (11.036 s) : 0, 11035712
Agent [candidate] (1.155 s) : 0, 1154722
Total [candidate] (11.0 s) : 0, 11000326
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.01 s -
Agent appsec 1.189 s 179.059 ms (17.7%)
Agent iast 1.157 s 146.348 ms (14.5%)
Agent profiling 1.149 s 138.423 ms (13.7%)
Total tracing 10.655 s -
Total appsec 11.004 s 349.337 ms (3.3%)
Total iast 11.066 s 411.424 ms (3.9%)
Total profiling 11.036 s 380.843 ms (3.6%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.005 s -
Agent appsec 1.187 s 182.399 ms (18.2%)
Agent iast 1.152 s 147.363 ms (14.7%)
Agent profiling 1.155 s 150.215 ms (15.0%)
Total tracing 10.681 s -
Total appsec 11.046 s 364.554 ms (3.4%)
Total iast 10.949 s 268.525 ms (2.5%)
Total profiling 11.0 s 319.37 ms (3.0%) 
gantt
    title petclinic - break down per module: candidate=1.54.0-SNAPSHOT~f3788e7232, baseline=1.54.0-SNAPSHOT~8f47b665c4

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.446 ms) : 0, 1446
crashtracking [candidate] (1.447 ms) : 0, 1447
BytebuddyAgent [baseline] (688.283 ms) : 0, 688283
BytebuddyAgent [candidate] (687.945 ms) : 0, 687945
GlobalTracer [baseline] (242.92 ms) : 0, 242920
GlobalTracer [candidate] (247.166 ms) : 0, 247166
AppSec [baseline] (31.26 ms) : 0, 31260
AppSec [candidate] (30.886 ms) : 0, 30886
Debugger [baseline] (6.36 ms) : 0, 6360
Debugger [candidate] (6.356 ms) : 0, 6356
Remote Config [baseline] (665.942 µs) : 0, 666
Remote Config [candidate] (669.485 µs) : 0, 669
Telemetry [baseline] (9.121 ms) : 0, 9121
Telemetry [candidate] (8.964 ms) : 0, 8964
Flare Poller [baseline] (9.14 ms) : 0, 9140
section appsec
crashtracking [baseline] (1.455 ms) : 0, 1455
crashtracking [candidate] (1.45 ms) : 0, 1450
BytebuddyAgent [baseline] (714.422 ms) : 0, 714422
BytebuddyAgent [candidate] (712.62 ms) : 0, 712620
GlobalTracer [baseline] (235.575 ms) : 0, 235575
GlobalTracer [candidate] (240.013 ms) : 0, 240013
IAST [baseline] (24.735 ms) : 0, 24735
IAST [candidate] (24.607 ms) : 0, 24607
AppSec [baseline] (170.7 ms) : 0, 170700
AppSec [candidate] (172.152 ms) : 0, 172152
Debugger [baseline] (6.088 ms) : 0, 6088
Debugger [candidate] (5.964 ms) : 0, 5964
Remote Config [baseline] (652.68 µs) : 0, 653
Remote Config [candidate] (637.795 µs) : 0, 638
Telemetry [baseline] (8.309 ms) : 0, 8309
Telemetry [candidate] (8.409 ms) : 0, 8409
Flare Poller [baseline] (6.383 ms) : 0, 6383
section iast
crashtracking [baseline] (1.464 ms) : 0, 1464
crashtracking [candidate] (1.466 ms) : 0, 1466
BytebuddyAgent [baseline] (817.742 ms) : 0, 817742
BytebuddyAgent [candidate] (814.947 ms) : 0, 814947
GlobalTracer [baseline] (235.639 ms) : 0, 235639
GlobalTracer [candidate] (238.297 ms) : 0, 238297
IAST [baseline] (26.937 ms) : 0, 26937
IAST [candidate] (26.39 ms) : 0, 26390
AppSec [baseline] (34.151 ms) : 0, 34151
AppSec [candidate] (34.266 ms) : 0, 34266
Debugger [baseline] (6.103 ms) : 0, 6103
Debugger [candidate] (6.088 ms) : 0, 6088
Remote Config [baseline] (603.036 µs) : 0, 603
Remote Config [candidate] (584.494 µs) : 0, 584
Telemetry [baseline] (8.309 ms) : 0, 8309
Telemetry [candidate] (8.446 ms) : 0, 8446
Flare Poller [baseline] (4.319 ms) : 0, 4319
section profiling
crashtracking [baseline] (1.424 ms) : 0, 1424
crashtracking [candidate] (1.454 ms) : 0, 1454
BytebuddyAgent [baseline] (716.839 ms) : 0, 716839
BytebuddyAgent [candidate] (722.406 ms) : 0, 722406
GlobalTracer [baseline] (218.452 ms) : 0, 218452
GlobalTracer [candidate] (222.963 ms) : 0, 222963
AppSec [baseline] (31.229 ms) : 0, 31229
AppSec [candidate] (31.124 ms) : 0, 31124
Debugger [baseline] (6.488 ms) : 0, 6488
Debugger [candidate] (7.233 ms) : 0, 7233
Remote Config [baseline] (724.923 µs) : 0, 725
Remote Config [candidate] (699.752 µs) : 0, 700
Telemetry [baseline] (16.47 ms) : 0, 16470
Telemetry [candidate] (14.44 ms) : 0, 14440
Flare Poller [baseline] (4.15 ms) : 0, 4150
ProfilingAgent [baseline] (100.858 ms) : 0, 100858
ProfilingAgent [candidate] (101.339 ms) : 0, 101339
Profiling [baseline] (101.428 ms) : 0, 101428
Profiling [candidate] (102.591 ms) : 0, 102591
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/SCRS-1682
git_commit_date 1758874940 1758882944
git_commit_sha 8f47b66 f3788e7
release_version 1.54.0-SNAPSHOT~8f47b665c4 1.54.0-SNAPSHOT~f3788e7232
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1758884418 1758884418
ci_job_id 1149442326 1149442326
ci_pipeline_id 77632928 77632928
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-79p4kx27 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-79p4kx27 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 4 performance improvements and 2 performance regressions! Performance is the same for 6 metrics, 12 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:insecure-bank:profiling:high_load better
[-774.580µs; -438.624µs] or [-8.271%; -4.684%]		 unstable
[-34.290op/s; +101.977op/s] or [-6.918%; +20.574%]		 8.758ms 529.500op/s 9.365ms 495.656op/s
scenario:load:insecure-bank:iast_FULL:high_load better
[-1044.340µs; -441.986µs] or [-7.105%; -3.007%]		 unstable
[-18.532op/s; +52.094op/s] or [-5.845%; +16.430%]		 13.956ms 333.844op/s 14.699ms 317.062op/s
scenario:load:insecure-bank:no_agent:high_load better
[-204.536µs; -99.223µs] or [-4.636%; -2.249%]		 unstable
[-80.093op/s; +152.280op/s] or [-7.697%; +14.634%]		 4.260ms 1076.719op/s 4.412ms 1040.625op/s
scenario:load:petclinic:tracing:high_load worse
[+2.687ms; +3.488ms] or [+6.412%; +8.324%]		 unstable
[-15.596op/s; +0.346op/s] or [-13.972%; +0.310%]		 44.985ms 104.000op/s 41.898ms 111.625op/s
scenario:load:petclinic:no_agent:high_load worse
[+1.592ms; +2.248ms] or [+4.314%; +6.090%]		 unstable
[-14.791op/s; +2.491op/s] or [-11.680%; +1.967%]		 38.830ms 120.487op/s 36.910ms 126.638op/s
scenario:load:petclinic:profiling:high_load better
[-2.506ms; -1.455ms] or [-5.079%; -2.949%]		 unstable
[-3.239op/s; +11.189op/s] or [-3.415%; +11.795%]		 47.351ms 98.838op/s 49.331ms 94.862op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.54.0-SNAPSHOT~f3788e7232, baseline=1.54.0-SNAPSHOT~8f47b665c4
    dateFormat X
    axisFormat %s
section baseline
no_agent (36.91 ms) : 36622, 37198
.   : milestone, 36910,
appsec (47.712 ms) : 47299, 48125
.   : milestone, 47712,
code_origins (44.423 ms) : 44040, 44806
.   : milestone, 44423,
iast (45.386 ms) : 45016, 45755
.   : milestone, 45386,
profiling (49.331 ms) : 48812, 49851
.   : milestone, 49331,
tracing (41.898 ms) : 41546, 42250
.   : milestone, 41898,
section candidate
no_agent (38.83 ms) : 38509, 39150
.   : milestone, 38830,
appsec (47.697 ms) : 47253, 48140
.   : milestone, 47697,
code_origins (44.139 ms) : 43755, 44524
.   : milestone, 44139,
iast (44.706 ms) : 44327, 45084
.   : milestone, 44706,
profiling (47.351 ms) : 46896, 47806
.   : milestone, 47351,
tracing (44.985 ms) : 44593, 45377
.   : milestone, 44985,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 36.91 ms [36.622 ms, 37.198 ms] -
appsec 47.712 ms [47.299 ms, 48.125 ms] 10.802 ms (29.3%)
code_origins 44.423 ms [44.04 ms, 44.806 ms] 7.513 ms (20.4%)
iast 45.386 ms [45.016 ms, 45.755 ms] 8.476 ms (23.0%)
profiling 49.331 ms [48.812 ms, 49.851 ms] 12.421 ms (33.7%)
tracing 41.898 ms [41.546 ms, 42.25 ms] 4.988 ms (13.5%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 38.83 ms [38.509 ms, 39.15 ms] -
appsec 47.697 ms [47.253 ms, 48.14 ms] 8.867 ms (22.8%)
code_origins 44.139 ms [43.755 ms, 44.524 ms] 5.309 ms (13.7%)
iast 44.706 ms [44.327 ms, 45.084 ms] 5.876 ms (15.1%)
profiling 47.351 ms [46.896 ms, 47.806 ms] 8.521 ms (21.9%)
tracing 44.985 ms [44.593 ms, 45.377 ms] 6.155 ms (15.9%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.54.0-SNAPSHOT~f3788e7232, baseline=1.54.0-SNAPSHOT~8f47b665c4
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.412 ms) : 4362, 4461
.   : milestone, 4412,
iast (9.561 ms) : 9397, 9726
.   : milestone, 9561,
iast_FULL (14.699 ms) : 14412, 14987
.   : milestone, 14699,
iast_GLOBAL (10.887 ms) : 10690, 11084
.   : milestone, 10887,
profiling (9.365 ms) : 9202, 9527
.   : milestone, 9365,
tracing (7.957 ms) : 7829, 8084
.   : milestone, 7957,
section candidate
no_agent (4.26 ms) : 4212, 4308
.   : milestone, 4260,
iast (9.637 ms) : 9478, 9797
.   : milestone, 9637,
iast_FULL (13.956 ms) : 13684, 14229
.   : milestone, 13956,
iast_GLOBAL (10.99 ms) : 10794, 11186
.   : milestone, 10990,
profiling (8.758 ms) : 8609, 8907
.   : milestone, 8758,
tracing (7.952 ms) : 7830, 8075
.   : milestone, 7952,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.412 ms [4.362 ms, 4.461 ms] -
iast 9.561 ms [9.397 ms, 9.726 ms] 5.15 ms (116.7%)
iast_FULL 14.699 ms [14.412 ms, 14.987 ms] 10.288 ms (233.2%)
iast_GLOBAL 10.887 ms [10.69 ms, 11.084 ms] 6.475 ms (146.8%)
profiling 9.365 ms [9.202 ms, 9.527 ms] 4.953 ms (112.3%)
tracing 7.957 ms [7.829 ms, 8.084 ms] 3.545 ms (80.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.26 ms [4.212 ms, 4.308 ms] -
iast 9.637 ms [9.478 ms, 9.797 ms] 5.378 ms (126.2%)
iast_FULL 13.956 ms [13.684 ms, 14.229 ms] 9.697 ms (227.6%)
iast_GLOBAL 10.99 ms [10.794 ms, 11.186 ms] 6.731 ms (158.0%)
profiling 8.758 ms [8.609 ms, 8.907 ms] 4.498 ms (105.6%)
tracing 7.952 ms [7.83 ms, 8.075 ms] 3.693 ms (86.7%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/SCRS-1682
git_commit_date 1758874940 1758882944
git_commit_sha 8f47b66 f3788e7
release_version 1.54.0-SNAPSHOT~8f47b665c4 1.54.0-SNAPSHOT~f3788e7232
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1758884938 1758884938
ci_job_id 1149442327 1149442327
ci_pipeline_id 77632928 77632928
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-dbqxewn3 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-dbqxewn3 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.54.0-SNAPSHOT~f3788e7232, baseline=1.54.0-SNAPSHOT~8f47b665c4
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.858 s) : 14858000, 14858000
.   : milestone, 14858000,
appsec (14.935 s) : 14935000, 14935000
.   : milestone, 14935000,
iast (18.436 s) : 18436000, 18436000
.   : milestone, 18436000,
iast_GLOBAL (17.783 s) : 17783000, 17783000
.   : milestone, 17783000,
profiling (15.778 s) : 15778000, 15778000
.   : milestone, 15778000,
tracing (15.125 s) : 15125000, 15125000
.   : milestone, 15125000,
section candidate
no_agent (14.947 s) : 14947000, 14947000
.   : milestone, 14947000,
appsec (15.364 s) : 15364000, 15364000
.   : milestone, 15364000,
iast (18.255 s) : 18255000, 18255000
.   : milestone, 18255000,
iast_GLOBAL (18.1 s) : 18100000, 18100000
.   : milestone, 18100000,
profiling (15.211 s) : 15211000, 15211000
.   : milestone, 15211000,
tracing (15.153 s) : 15153000, 15153000
.   : milestone, 15153000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.858 s [14.858 s, 14.858 s] -
appsec 14.935 s [14.935 s, 14.935 s] 77.0 ms (0.5%)
iast 18.436 s [18.436 s, 18.436 s] 3.578 s (24.1%)
iast_GLOBAL 17.783 s [17.783 s, 17.783 s] 2.925 s (19.7%)
profiling 15.778 s [15.778 s, 15.778 s] 920.0 ms (6.2%)
tracing 15.125 s [15.125 s, 15.125 s] 267.0 ms (1.8%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.947 s [14.947 s, 14.947 s] -
appsec 15.364 s [15.364 s, 15.364 s] 417.0 ms (2.8%)
iast 18.255 s [18.255 s, 18.255 s] 3.308 s (22.1%)
iast_GLOBAL 18.1 s [18.1 s, 18.1 s] 3.153 s (21.1%)
profiling 15.211 s [15.211 s, 15.211 s] 264.0 ms (1.8%)
tracing 15.153 s [15.153 s, 15.153 s] 206.0 ms (1.4%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.54.0-SNAPSHOT~f3788e7232, baseline=1.54.0-SNAPSHOT~8f47b665c4
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.476 ms) : 1464, 1487
.   : milestone, 1476,
appsec (2.511 ms) : 2458, 2564
.   : milestone, 2511,
iast (2.193 ms) : 2131, 2256
.   : milestone, 2193,
iast_GLOBAL (2.238 ms) : 2176, 2301
.   : milestone, 2238,
profiling (2.038 ms) : 1988, 2088
.   : milestone, 2038,
tracing (2.02 ms) : 1971, 2068
.   : milestone, 2020,
section candidate
no_agent (1.48 ms) : 1469, 1492
.   : milestone, 1480,
appsec (3.713 ms) : 3496, 3929
.   : milestone, 3713,
iast (2.192 ms) : 2129, 2254
.   : milestone, 2192,
iast_GLOBAL (2.242 ms) : 2179, 2305
.   : milestone, 2242,
profiling (2.04 ms) : 1990, 2090
.   : milestone, 2040,
tracing (2.007 ms) : 1959, 2055
.   : milestone, 2007,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.476 ms [1.464 ms, 1.487 ms] -
appsec 2.511 ms [2.458 ms, 2.564 ms] 1.035 ms (70.1%)
iast 2.193 ms [2.131 ms, 2.256 ms] 717.578 µs (48.6%)
iast_GLOBAL 2.238 ms [2.176 ms, 2.301 ms] 762.374 µs (51.7%)
profiling 2.038 ms [1.988 ms, 2.088 ms] 562.134 µs (38.1%)
tracing 2.02 ms [1.971 ms, 2.068 ms] 543.852 µs (36.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.48 ms [1.469 ms, 1.492 ms] -
appsec 3.713 ms [3.496 ms, 3.929 ms] 2.232 ms (150.8%)
iast 2.192 ms [2.129 ms, 2.254 ms] 711.347 µs (48.1%)
iast_GLOBAL 2.242 ms [2.179 ms, 2.305 ms] 761.353 µs (51.4%)
profiling 2.04 ms [1.99 ms, 2.09 ms] 559.934 µs (37.8%)
tracing 2.007 ms [1.959 ms, 2.055 ms] 526.741 µs (35.6%)

@jandro996 jandro996 changed the title WIP Guard parsed-body instrumentation from raw Spring HttpMessageConverters Sep 26, 2025
@jandro996 jandro996 added type: enhancement Enhancements and improvements and removed tag: do not merge Do not merge changes labels Sep 26, 2025
manuel-alvarez-alvarez
manuel-alvarez-alvarez reviewed Sep 26, 2025
View reviewed changes
...c/main/java/datadog/trace/instrumentation/springweb/HttpMessageConverterInstrumentation.java
return;
}

// CharSequence or byte[] cannot be treated as parsed body content, as they may lead to false
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll rather drop a TODO here saying that those are candidates to being deserialized before being set to the WAF once we implement that feature.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it's useful also to try to list all possible types that this method receives, in case we need to add others for the block list.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the advise Manu, I improved the comment

@jandro996 jandro996 marked this pull request as ready for review September 26, 2025 10:36
@jandro996 jandro996 requested review from a team as code owners September 26, 2025 10:36
@github-actions GitHub Actions
Copy link
Contributor

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

@jandro996 jandro996 added the comp: asm waf Application Security Management (WAF) label Sep 26, 2025
@jandro996 jandro996 added this to the 1.54.0 milestone Sep 26, 2025
@jandro996 jandro996 merged commit 4cf7670 into master Sep 26, 2025
544 of 545 checks passed
@jandro996 jandro996 deleted the alejandro.gonzalez/SCRS-1682 branch September 26, 2025 12:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@smola smola Awaiting requested review from smola smola is a code owner automatically assigned from DataDog/asm-java

@sezen-datadog sezen-datadog Awaiting requested review from sezen-datadog sezen-datadog is a code owner automatically assigned from DataDog/asm-java

Assignees
No one assigned
Labels
comp: asm waf Application Security Management (WAF) type: enhancement Enhancements and improvements
Projects
None yet
Milestone
1.54.0
Development

Successfully merging this pull request may close these issues.
2 participants
@jandro996 @manuel-alvarez-alvarez