Add XSS support for Velocity

[Mariovido]

What Does This Do

Adds support to the detection of XSS in the Velocity library

Motivation

Being able to detect XSS in the library of Velocity

Additional Notes

Contributor Checklist

• [ ] Format the title according the contribution guidelines
• [ ] Assign the type: and (comp: or inst:) labels in addition to any usefull labels
• [ ] Squash your commits prior merging or merge using GitHub's Squash and merge
• [ ] Don't use close, fix or any linking keywords when referencing an issue.
  Use solves instead, and assign the PR milestone to the issue
• [ ] Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-53841

[pr-commenter[bot]]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	mario.vidal/xss_velocity
git_commit_date	1726223410	1726230798
git_commit_sha	d2ff624132	d0a640a504
release_version	1.40.0-SNAPSHOT~d2ff624132	1.40.0-SNAPSHOT~d0a640a504

See matching parameters

| |Baseline |Candidate | |---------------------|----------------------------------------------|----------------------------------------------| |application |insecure-bank |insecure-bank | |ci_job_date |1726233216 |1726233216 | |ci_job_id |638637662 |638637662 | |ci_pipeline_id|44277094 |44277094 | |cpu_model |Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz|Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz| |module |Agent |Agent | |parent |None |None | |variant |iast |iast |

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 49 metrics, 14 unstable metrics.

Startup time reports for petclinic

```mermaid gantt title petclinic - global startup overhead: candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132 dateFormat X axisFormat %s section tracing Agent [baseline] (1.061 s) : 0, 1061397 Total [baseline] (10.379 s) : 0, 10378810 Agent [candidate] (1.072 s) : 0, 1072133 Total [candidate] (10.407 s) : 0, 10407325 section appsec Agent [baseline] (1.193 s) : 0, 1192720 Total [baseline] (10.573 s) : 0, 10573184 Agent [candidate] (1.197 s) : 0, 1197115 Total [candidate] (10.572 s) : 0, 10571881 section iast Agent [baseline] (1.187 s) : 0, 1186604 Total [baseline] (10.851 s) : 0, 10851074 Agent [candidate] (1.189 s) : 0, 1188911 Total [candidate] (10.893 s) : 0, 10893342 section profiling Agent [baseline] (1.267 s) : 0, 1266614 Total [baseline] (10.549 s) : 0, 10549383 Agent [candidate] (1.261 s) : 0, 1261398 Total [candidate] (10.559 s) : 0, 10558893 ``` * **baseline** results |Module|Variant|Duration|Δ tracing| |---|---|---|---| |Agent|tracing|1.061 s |-| |Agent|appsec|1.193 s |131.323 ms (12.4%)| |Agent|iast|1.187 s |125.207 ms (11.8%)| |Agent|profiling|1.267 s |205.217 ms (19.3%)| |Total|tracing|10.379 s |-| |Total|appsec|10.573 s |194.374 ms (1.9%)| |Total|iast|10.851 s |472.265 ms (4.6%)| |Total|profiling|10.549 s |170.573 ms (1.6%)| * **candidate** results |Module|Variant|Duration|Δ tracing| |---|---|---|---| |Agent|tracing|1.072 s |-| |Agent|appsec|1.197 s |124.982 ms (11.7%)| |Agent|iast|1.189 s |116.778 ms (10.9%)| |Agent|profiling|1.261 s |189.264 ms (17.7%)| |Total|tracing|10.407 s |-| |Total|appsec|10.572 s |164.556 ms (1.6%)| |Total|iast|10.893 s |486.017 ms (4.7%)| |Total|profiling|10.559 s |151.569 ms (1.5%)| ```mermaid gantt title petclinic - break down per module: candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132 dateFormat X axisFormat %s section tracing BytebuddyAgent [baseline] (677.763 ms) : 0, 677763 BytebuddyAgent [candidate] (684.231 ms) : 0, 684231 GlobalTracer [baseline] (310.006 ms) : 0, 310006 GlobalTracer [candidate] (313.927 ms) : 0, 313927 AppSec [baseline] (51.861 ms) : 0, 51861 AppSec [candidate] (52.148 ms) : 0, 52148 Remote Config [baseline] (710.38 µs) : 0, 710 Remote Config [candidate] (687.184 µs) : 0, 687 Telemetry [baseline] (7.512 ms) : 0, 7512 Telemetry [candidate] (7.447 ms) : 0, 7447 section appsec BytebuddyAgent [baseline] (697.433 ms) : 0, 697433 BytebuddyAgent [candidate] (699.012 ms) : 0, 699012 GlobalTracer [baseline] (302.165 ms) : 0, 302165 GlobalTracer [candidate] (303.978 ms) : 0, 303978 AppSec [baseline] (160.239 ms) : 0, 160239 AppSec [candidate] (160.056 ms) : 0, 160056 Remote Config [baseline] (643.0 µs) : 0, 643 Remote Config [candidate] (652.375 µs) : 0, 652 Telemetry [baseline] (7.943 ms) : 0, 7943 Telemetry [candidate] (9.047 ms) : 0, 9047 IAST [baseline] (21.525 ms) : 0, 21525 IAST [candidate] (21.532 ms) : 0, 21532 section iast BytebuddyAgent [baseline] (789.761 ms) : 0, 789761 BytebuddyAgent [candidate] (791.614 ms) : 0, 791614 GlobalTracer [baseline] (298.676 ms) : 0, 298676 GlobalTracer [candidate] (298.578 ms) : 0, 298578 AppSec [baseline] (53.812 ms) : 0, 53812 AppSec [candidate] (53.152 ms) : 0, 53152 Remote Config [baseline] (645.455 µs) : 0, 645 Remote Config [candidate] (617.156 µs) : 0, 617 Telemetry [baseline] (7.342 ms) : 0, 7342 Telemetry [candidate] (7.399 ms) : 0, 7399 IAST [baseline] (22.807 ms) : 0, 22807 IAST [candidate] (23.952 ms) : 0, 23952 section profiling ProfilingAgent [baseline] (96.134 ms) : 0, 96134 ProfilingAgent [candidate] (96.803 ms) : 0, 96803 BytebuddyAgent [baseline] (676.722 ms) : 0, 676722 BytebuddyAgent [candidate] (672.801 ms) : 0, 672801 GlobalTracer [baseline] (395.012 ms) : 0, 395012 GlobalTracer [candidate] (393.286 ms) : 0, 393286 AppSec [baseline] (52.416 ms) : 0, 52416 AppSec [candidate] (52.405 ms) : 0, 52405 Remote Config [baseline] (707.318 µs) : 0, 707 Remote Config [candidate] (720.101 µs) : 0, 720 Telemetry [baseline] (7.467 ms) : 0, 7467 Telemetry [candidate] (7.469 ms) : 0, 7469 Profiling [baseline] (96.157 ms) : 0, 96157 Profiling [candidate] (96.827 ms) : 0, 96827 ```

Startup time reports for insecure-bank

```mermaid gantt title insecure-bank - global startup overhead: candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132 dateFormat X axisFormat %s section tracing Agent [baseline] (1.064 s) : 0, 1064442 Total [baseline] (8.526 s) : 0, 8526466 Agent [candidate] (1.064 s) : 0, 1064067 Total [candidate] (8.512 s) : 0, 8512048 section iast Agent [baseline] (1.188 s) : 0, 1187550 Total [baseline] (9.041 s) : 0, 9041381 Agent [candidate] (1.188 s) : 0, 1188477 Total [candidate] (8.957 s) : 0, 8957200 section iast_HARDCODED_SECRET_DISABLED Agent [baseline] (1.187 s) : 0, 1187196 Total [baseline] (8.945 s) : 0, 8944642 Agent [candidate] (1.205 s) : 0, 1204944 Total [candidate] (8.999 s) : 0, 8999431 section iast_TELEMETRY_OFF Agent [baseline] (1.192 s) : 0, 1192209 Total [baseline] (8.963 s) : 0, 8963164 Agent [candidate] (1.187 s) : 0, 1186584 Total [candidate] (9.004 s) : 0, 9004372 ``` * **baseline** results |Module|Variant|Duration|Δ tracing| |---|---|---|---| |Agent|tracing|1.064 s |-| |Agent|iast|1.188 s |123.108 ms (11.6%)| |Agent|iast_HARDCODED_SECRET_DISABLED|1.187 s |122.754 ms (11.5%)| |Agent|iast_TELEMETRY_OFF|1.192 s |127.768 ms (12.0%)| |Total|tracing|8.526 s |-| |Total|iast|9.041 s |514.915 ms (6.0%)| |Total|iast_HARDCODED_SECRET_DISABLED|8.945 s |418.175 ms (4.9%)| |Total|iast_TELEMETRY_OFF|8.963 s |436.698 ms (5.1%)| * **candidate** results |Module|Variant|Duration|Δ tracing| |---|---|---|---| |Agent|tracing|1.064 s |-| |Agent|iast|1.188 s |124.41 ms (11.7%)| |Agent|iast_HARDCODED_SECRET_DISABLED|1.205 s |140.877 ms (13.2%)| |Agent|iast_TELEMETRY_OFF|1.187 s |122.517 ms (11.5%)| |Total|tracing|8.512 s |-| |Total|iast|8.957 s |445.152 ms (5.2%)| |Total|iast_HARDCODED_SECRET_DISABLED|8.999 s |487.383 ms (5.7%)| |Total|iast_TELEMETRY_OFF|9.004 s |492.323 ms (5.8%)| ```mermaid gantt title insecure-bank - break down per module: candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132 dateFormat X axisFormat %s section tracing BytebuddyAgent [baseline] (678.163 ms) : 0, 678163 BytebuddyAgent [candidate] (679.516 ms) : 0, 679516 GlobalTracer [baseline] (312.304 ms) : 0, 312304 GlobalTracer [candidate] (310.933 ms) : 0, 310933 AppSec [baseline] (52.154 ms) : 0, 52154 AppSec [candidate] (51.796 ms) : 0, 51796 Remote Config [baseline] (719.957 µs) : 0, 720 Remote Config [candidate] (713.038 µs) : 0, 713 Telemetry [baseline] (7.544 ms) : 0, 7544 Telemetry [candidate] (7.512 ms) : 0, 7512 section iast BytebuddyAgent [baseline] (791.336 ms) : 0, 791336 BytebuddyAgent [candidate] (791.72 ms) : 0, 791720 GlobalTracer [baseline] (299.244 ms) : 0, 299244 GlobalTracer [candidate] (298.5 ms) : 0, 298500 AppSec [baseline] (53.565 ms) : 0, 53565 AppSec [candidate] (53.856 ms) : 0, 53856 IAST [baseline] (21.742 ms) : 0, 21742 IAST [candidate] (22.693 ms) : 0, 22693 Remote Config [baseline] (635.937 µs) : 0, 636 Remote Config [candidate] (708.293 µs) : 0, 708 Telemetry [baseline] (7.419 ms) : 0, 7419 Telemetry [candidate] (7.352 ms) : 0, 7352 section iast_HARDCODED_SECRET_DISABLED BytebuddyAgent [baseline] (790.203 ms) : 0, 790203 BytebuddyAgent [candidate] (803.695 ms) : 0, 803695 GlobalTracer [baseline] (298.776 ms) : 0, 298776 GlobalTracer [candidate] (302.639 ms) : 0, 302639 AppSec [baseline] (54.187 ms) : 0, 54187 AppSec [candidate] (52.266 ms) : 0, 52266 IAST [baseline] (21.712 ms) : 0, 21712 IAST [candidate] (24.62 ms) : 0, 24620 Remote Config [baseline] (601.345 µs) : 0, 601 Remote Config [candidate] (636.761 µs) : 0, 637 Telemetry [baseline] (8.11 ms) : 0, 8110 Telemetry [candidate] (7.395 ms) : 0, 7395 section iast_TELEMETRY_OFF BytebuddyAgent [baseline] (792.324 ms) : 0, 792324 BytebuddyAgent [candidate] (788.594 ms) : 0, 788594 GlobalTracer [baseline] (300.993 ms) : 0, 300993 GlobalTracer [candidate] (299.394 ms) : 0, 299394 AppSec [baseline] (52.176 ms) : 0, 52176 AppSec [candidate] (51.922 ms) : 0, 51922 IAST [baseline] (25.109 ms) : 0, 25109 IAST [candidate] (25.085 ms) : 0, 25085 Remote Config [baseline] (603.055 µs) : 0, 603 Remote Config [candidate] (613.186 µs) : 0, 613 Telemetry [baseline] (7.3 ms) : 0, 7300 Telemetry [candidate] (7.321 ms) : 0, 7321 ```

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2024-09-13T12:44:16	2024-09-13T12:51:05
git_branch	master	mario.vidal/xss_velocity
git_commit_date	1726223410	1726230798
git_commit_sha	d2ff624132	d0a640a504
release_version	1.40.0-SNAPSHOT~d2ff624132	1.40.0-SNAPSHOT~d0a640a504
start_time	2024-09-13T12:44:03	2024-09-13T12:50:52

See matching parameters

| |Baseline |Candidate | |---------------------|----------------------------------------------|----------------------------------------------| |application |insecure-bank |insecure-bank | |ci_job_date |1726232210 |1726232210 | |ci_job_id |638637663 |638637663 | |ci_pipeline_id|44277094 |44277094 | |cpu_model |Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz|Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz| |variant |iast |iast |

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 18 unstable metrics.

Request duration reports for petclinic

```mermaid gantt title petclinic - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132 dateFormat X axisFormat %s section baseline no_agent (1.352 ms) : 1333, 1372 . : milestone, 1352, appsec (1.724 ms) : 1701, 1748 . : milestone, 1724, appsec_no_iast (1.744 ms) : 1720, 1769 . : milestone, 1744, iast (1.456 ms) : 1434, 1479 . : milestone, 1456, profiling (1.485 ms) : 1461, 1510 . : milestone, 1485, tracing (1.458 ms) : 1434, 1482 . : milestone, 1458, section candidate no_agent (1.329 ms) : 1309, 1349 . : milestone, 1329, appsec (1.707 ms) : 1684, 1731 . : milestone, 1707, appsec_no_iast (1.717 ms) : 1690, 1744 . : milestone, 1717, iast (1.466 ms) : 1443, 1490 . : milestone, 1466, profiling (1.478 ms) : 1455, 1501 . : milestone, 1478, tracing (1.469 ms) : 1445, 1492 . : milestone, 1469, ``` * **baseline** results |Variant|Request duration [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|1.352 ms [1.333 ms, 1.372 ms]|-| |appsec|1.724 ms [1.701 ms, 1.748 ms]|372.001 µs (27.5%)| |appsec_no_iast|1.744 ms [1.72 ms, 1.769 ms]|391.713 µs (29.0%)| |iast|1.456 ms [1.434 ms, 1.479 ms]|103.842 µs (7.7%)| |profiling|1.485 ms [1.461 ms, 1.51 ms]|132.671 µs (9.8%)| |tracing|1.458 ms [1.434 ms, 1.482 ms]|105.467 µs (7.8%)| * **candidate** results |Variant|Request duration [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|1.329 ms [1.309 ms, 1.349 ms]|-| |appsec|1.707 ms [1.684 ms, 1.731 ms]|378.278 µs (28.5%)| |appsec_no_iast|1.717 ms [1.69 ms, 1.744 ms]|387.696 µs (29.2%)| |iast|1.466 ms [1.443 ms, 1.49 ms]|137.288 µs (10.3%)| |profiling|1.478 ms [1.455 ms, 1.501 ms]|148.716 µs (11.2%)| |tracing|1.469 ms [1.445 ms, 1.492 ms]|139.401 µs (10.5%)|

Request duration reports for insecure-bank

```mermaid gantt title insecure-bank - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132 dateFormat X axisFormat %s section baseline no_agent (366.271 µs) : 347, 386 . : milestone, 366, iast (481.793 µs) : 460, 504 . : milestone, 482, iast_FULL (553.46 µs) : 532, 575 . : milestone, 553, iast_GLOBAL (502.466 µs) : 481, 524 . : milestone, 502, iast_HARDCODED_SECRET_DISABLED (481.225 µs) : 460, 503 . : milestone, 481, iast_INACTIVE (447.799 µs) : 427, 469 . : milestone, 448, iast_TELEMETRY_OFF (476.339 µs) : 453, 499 . : milestone, 476, tracing (431.113 µs) : 411, 451 . : milestone, 431, section candidate no_agent (372.49 µs) : 353, 392 . : milestone, 372, iast (478.994 µs) : 458, 500 . : milestone, 479, iast_FULL (546.568 µs) : 525, 568 . : milestone, 547, iast_GLOBAL (508.997 µs) : 486, 532 . : milestone, 509, iast_HARDCODED_SECRET_DISABLED (480.791 µs) : 460, 502 . : milestone, 481, iast_INACTIVE (454.429 µs) : 433, 476 . : milestone, 454, iast_TELEMETRY_OFF (478.227 µs) : 455, 501 . : milestone, 478, tracing (440.249 µs) : 419, 461 . : milestone, 440, ``` * **baseline** results |Variant|Request duration [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|366.271 µs [346.945 µs, 385.596 µs]|-| |iast|481.793 µs [459.706 µs, 503.88 µs]|115.523 µs (31.5%)| |iast_FULL|553.46 µs [532.202 µs, 574.718 µs]|187.19 µs (51.1%)| |iast_GLOBAL|502.466 µs [480.738 µs, 524.194 µs]|136.195 µs (37.2%)| |iast_HARDCODED_SECRET_DISABLED|481.225 µs [459.551 µs, 502.899 µs]|114.954 µs (31.4%)| |iast_INACTIVE|447.799 µs [426.86 µs, 468.737 µs]|81.528 µs (22.3%)| |iast_TELEMETRY_OFF|476.339 µs [453.332 µs, 499.345 µs]|110.068 µs (30.1%)| |tracing|431.113 µs [411.217 µs, 451.008 µs]|64.842 µs (17.7%)| * **candidate** results |Variant|Request duration [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|372.49 µs [352.98 µs, 391.999 µs]|-| |iast|478.994 µs [457.949 µs, 500.039 µs]|106.504 µs (28.6%)| |iast_FULL|546.568 µs [525.39 µs, 567.746 µs]|174.078 µs (46.7%)| |iast_GLOBAL|508.997 µs [486.0 µs, 531.993 µs]|136.507 µs (36.6%)| |iast_HARDCODED_SECRET_DISABLED|480.791 µs [459.821 µs, 501.762 µs]|108.302 µs (29.1%)| |iast_INACTIVE|454.429 µs [433.082 µs, 475.776 µs]|81.939 µs (22.0%)| |iast_TELEMETRY_OFF|478.227 µs [455.073 µs, 501.382 µs]|105.738 µs (28.4%)| |tracing|440.249 µs [419.332 µs, 461.166 µs]|67.759 µs (18.2%)|

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	mario.vidal/xss_velocity
git_commit_date	1726223410	1726230798
git_commit_sha	d2ff624132	d0a640a504
release_version	1.40.0-SNAPSHOT~d2ff624132	1.40.0-SNAPSHOT~d0a640a504

See matching parameters

| |Baseline |Candidate | |---------------------|----------------------------------------------|----------------------------------------------| |application |biojava |biojava | |ci_job_date |1726232876 |1726232876 | |ci_job_id |638637664 |638637664 | |ci_pipeline_id|44277094 |44277094 | |cpu_model |Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz|Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz| |variant |appsec |appsec |

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat

```mermaid gantt title tomcat - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132 dateFormat X axisFormat %s section baseline no_agent (1.464 ms) : 1453, 1476 . : milestone, 1464, appsec (2.289 ms) : 2249, 2330 . : milestone, 2289, iast (2.057 ms) : 2007, 2107 . : milestone, 2057, iast_GLOBAL (2.107 ms) : 2056, 2158 . : milestone, 2107, profiling (1.929 ms) : 1889, 1970 . : milestone, 1929, tracing (1.902 ms) : 1863, 1940 . : milestone, 1902, section candidate no_agent (1.466 ms) : 1455, 1478 . : milestone, 1466, appsec (2.303 ms) : 2262, 2344 . : milestone, 2303, iast (2.034 ms) : 1986, 2082 . : milestone, 2034, iast_GLOBAL (2.093 ms) : 2042, 2144 . : milestone, 2093, profiling (1.928 ms) : 1887, 1970 . : milestone, 1928, tracing (1.899 ms) : 1861, 1938 . : milestone, 1899, ``` * **baseline** results |Variant|Execution Time [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|1.464 ms [1.453 ms, 1.476 ms]|-| |appsec|2.289 ms [2.249 ms, 2.33 ms]|824.733 µs (56.3%)| |iast|2.057 ms [2.007 ms, 2.107 ms]|592.675 µs (40.5%)| |iast_GLOBAL|2.107 ms [2.056 ms, 2.158 ms]|642.306 µs (43.9%)| |profiling|1.929 ms [1.889 ms, 1.97 ms]|464.752 µs (31.7%)| |tracing|1.902 ms [1.863 ms, 1.94 ms]|437.224 µs (29.9%)| * **candidate** results |Variant|Execution Time [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|1.466 ms [1.455 ms, 1.478 ms]|-| |appsec|2.303 ms [2.262 ms, 2.344 ms]|836.763 µs (57.1%)| |iast|2.034 ms [1.986 ms, 2.082 ms]|568.183 µs (38.8%)| |iast_GLOBAL|2.093 ms [2.042 ms, 2.144 ms]|626.896 µs (42.8%)| |profiling|1.928 ms [1.887 ms, 1.97 ms]|462.335 µs (31.5%)| |tracing|1.899 ms [1.861 ms, 1.938 ms]|433.336 µs (29.6%)|

Execution time for biojava

```mermaid gantt title biojava - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~d0a640a504, baseline=1.40.0-SNAPSHOT~d2ff624132 dateFormat X axisFormat %s section baseline no_agent (15.079 s) : 15079000, 15079000 . : milestone, 15079000, appsec (15.27 s) : 15270000, 15270000 . : milestone, 15270000, iast (19.228 s) : 19228000, 19228000 . : milestone, 19228000, iast_GLOBAL (18.028 s) : 18028000, 18028000 . : milestone, 18028000, profiling (15.252 s) : 15252000, 15252000 . : milestone, 15252000, tracing (15.181 s) : 15181000, 15181000 . : milestone, 15181000, section candidate no_agent (15.071 s) : 15071000, 15071000 . : milestone, 15071000, appsec (15.036 s) : 15036000, 15036000 . : milestone, 15036000, iast (19.166 s) : 19166000, 19166000 . : milestone, 19166000, iast_GLOBAL (18.445 s) : 18445000, 18445000 . : milestone, 18445000, profiling (15.663 s) : 15663000, 15663000 . : milestone, 15663000, tracing (15.121 s) : 15121000, 15121000 . : milestone, 15121000, ``` * **baseline** results |Variant|Execution Time [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|15.079 s [15.079 s, 15.079 s]|-| |appsec|15.27 s [15.27 s, 15.27 s]|191.0 ms (1.3%)| |iast|19.228 s [19.228 s, 19.228 s]|4.149 s (27.5%)| |iast_GLOBAL|18.028 s [18.028 s, 18.028 s]|2.949 s (19.6%)| |profiling|15.252 s [15.252 s, 15.252 s]|173.0 ms (1.1%)| |tracing|15.181 s [15.181 s, 15.181 s]|102.0 ms (0.7%)| * **candidate** results |Variant|Execution Time [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|15.071 s [15.071 s, 15.071 s]|-| |appsec|15.036 s [15.036 s, 15.036 s]|-35.0 ms (-0.2%)| |iast|19.166 s [19.166 s, 19.166 s]|4.095 s (27.2%)| |iast_GLOBAL|18.445 s [18.445 s, 18.445 s]|3.374 s (22.4%)| |profiling|15.663 s [15.663 s, 15.663 s]|592.0 ms (3.9%)| |tracing|15.121 s [15.121 s, 15.121 s]|50.0 ms (0.3%)|