Add support for session fingerprints to the WAF

[manuel-alvarez-alvarez]

What Does This Do

Add support for tracking the requested session ids for those frameworks supporting sessions. It also adds required WAF with the session ids to be able to generate session fingerprints.

Motivation

Fingerprinting is a technique used to identify and track users through the use of available data which, when combined through a certain set of algorithms, can provide a unique fingerprint for said user.

Additional Notes

See original RFC

Contributor Checklist

• [ x Format the title according the contribution guidelines
• [x] Assign the type: and (comp: or inst:) labels in addition to any usefull labels
• [x] Squash your commits prior merging or merge using GitHub's Squash and merge
• [x] Don't use close, fix or any linking keywords when referencing an issue.
  Use solves instead, and assign the PR milestone to the issue
• ~[ ] Update the public documentation in case of new configuration flag or behavior~

Jira ticket: APPSEC-54838

[pr-commenter[bot]]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/waf-session-fingerprint
git_commit_date	1726677448	1726688377
git_commit_sha	da9ecfbbcd	fff9d3586c
release_version	1.40.0-SNAPSHOT~da9ecfbbcd	1.40.0-SNAPSHOT~fff9d3586c

See matching parameters

| |Baseline |Candidate | |---------------------|----------------------------------------------|----------------------------------------------| |application |insecure-bank |insecure-bank | |ci_job_date |1726690784 |1726690784 | |ci_job_id |644127293 |644127293 | |ci_pipeline_id|44630248 |44630248 | |cpu_model |Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz|Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz| |module |Agent |Agent | |parent |None |None | |variant |iast |iast |

Summary

Found 0 performance improvements and 1 performance regressions! Performance is the same for 49 metrics, 13 unstable metrics.

scenario	Δ mean execution_time	candidate mean execution_time	baseline mean execution_time
scenario:startup:petclinic:profiling:AppSec	worse [+1.280ms; +2.777ms] or [+2.414%; +5.235%]	55.082ms	53.053ms

Startup time reports for petclinic

```mermaid gantt title petclinic - global startup overhead: candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd dateFormat X axisFormat %s section tracing Agent [baseline] (1.075 s) : 0, 1075001 Total [baseline] (10.448 s) : 0, 10447636 Agent [candidate] (1.064 s) : 0, 1064112 Total [candidate] (10.412 s) : 0, 10412471 section appsec Agent [baseline] (1.197 s) : 0, 1197492 Total [baseline] (10.617 s) : 0, 10617124 Agent [candidate] (1.206 s) : 0, 1206479 Total [candidate] (10.61 s) : 0, 10610115 section iast Agent [baseline] (1.189 s) : 0, 1188859 Total [baseline] (10.808 s) : 0, 10807826 Agent [candidate] (1.189 s) : 0, 1188768 Total [candidate] (10.854 s) : 0, 10854171 section profiling Agent [baseline] (1.261 s) : 0, 1260750 Total [baseline] (10.604 s) : 0, 10603775 Agent [candidate] (1.268 s) : 0, 1268251 Total [candidate] (10.632 s) : 0, 10632069 ``` * **baseline** results |Module|Variant|Duration|Δ tracing| |---|---|---|---| |Agent|tracing|1.075 s |-| |Agent|appsec|1.197 s |122.49 ms (11.4%)| |Agent|iast|1.189 s |113.857 ms (10.6%)| |Agent|profiling|1.261 s |185.748 ms (17.3%)| |Total|tracing|10.448 s |-| |Total|appsec|10.617 s |169.488 ms (1.6%)| |Total|iast|10.808 s |360.189 ms (3.4%)| |Total|profiling|10.604 s |156.138 ms (1.5%)| * **candidate** results |Module|Variant|Duration|Δ tracing| |---|---|---|---| |Agent|tracing|1.064 s |-| |Agent|appsec|1.206 s |142.368 ms (13.4%)| |Agent|iast|1.189 s |124.656 ms (11.7%)| |Agent|profiling|1.268 s |204.14 ms (19.2%)| |Total|tracing|10.412 s |-| |Total|appsec|10.61 s |197.644 ms (1.9%)| |Total|iast|10.854 s |441.701 ms (4.2%)| |Total|profiling|10.632 s |219.598 ms (2.1%)| ```mermaid gantt title petclinic - break down per module: candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd dateFormat X axisFormat %s section tracing BytebuddyAgent [baseline] (687.934 ms) : 0, 687934 BytebuddyAgent [candidate] (678.836 ms) : 0, 678836 GlobalTracer [baseline] (312.372 ms) : 0, 312372 GlobalTracer [candidate] (309.853 ms) : 0, 309853 AppSec [baseline] (52.731 ms) : 0, 52731 AppSec [candidate] (53.523 ms) : 0, 53523 Remote Config [baseline] (677.376 µs) : 0, 677 Remote Config [candidate] (661.44 µs) : 0, 661 Telemetry [baseline] (7.506 ms) : 0, 7506 Telemetry [candidate] (7.578 ms) : 0, 7578 section appsec BytebuddyAgent [baseline] (699.98 ms) : 0, 699980 BytebuddyAgent [candidate] (705.37 ms) : 0, 705370 GlobalTracer [baseline] (302.776 ms) : 0, 302776 GlobalTracer [candidate] (304.685 ms) : 0, 304685 AppSec [baseline] (162.362 ms) : 0, 162362 AppSec [candidate] (162.654 ms) : 0, 162654 IAST [baseline] (20.382 ms) : 0, 20382 IAST [candidate] (19.943 ms) : 0, 19943 Remote Config [baseline] (624.034 µs) : 0, 624 Remote Config [candidate] (641.187 µs) : 0, 641 Telemetry [baseline] (7.993 ms) : 0, 7993 Telemetry [candidate] (9.47 ms) : 0, 9470 section iast BytebuddyAgent [baseline] (791.303 ms) : 0, 791303 BytebuddyAgent [candidate] (790.267 ms) : 0, 790267 GlobalTracer [baseline] (298.248 ms) : 0, 298248 GlobalTracer [candidate] (298.591 ms) : 0, 298591 AppSec [baseline] (54.94 ms) : 0, 54940 AppSec [candidate] (54.737 ms) : 0, 54737 IAST [baseline] (22.832 ms) : 0, 22832 IAST [candidate] (23.622 ms) : 0, 23622 Remote Config [baseline] (615.92 µs) : 0, 616 Remote Config [candidate] (602.388 µs) : 0, 602 Telemetry [baseline] (7.33 ms) : 0, 7330 Telemetry [candidate] (7.327 ms) : 0, 7327 section profiling BytebuddyAgent [baseline] (671.725 ms) : 0, 671725 BytebuddyAgent [candidate] (673.692 ms) : 0, 673692 GlobalTracer [baseline] (393.51 ms) : 0, 393510 GlobalTracer [candidate] (395.627 ms) : 0, 395627 AppSec [baseline] (53.053 ms) : 0, 53053 AppSec [candidate] (55.082 ms) : 0, 55082 Remote Config [baseline] (661.816 µs) : 0, 662 Remote Config [candidate] (661.513 µs) : 0, 662 Telemetry [baseline] (7.354 ms) : 0, 7354 Telemetry [candidate] (7.479 ms) : 0, 7479 ProfilingAgent [baseline] (96.473 ms) : 0, 96473 ProfilingAgent [candidate] (97.592 ms) : 0, 97592 Profiling [baseline] (96.497 ms) : 0, 96497 Profiling [candidate] (97.616 ms) : 0, 97616 ```

Startup time reports for insecure-bank

```mermaid gantt title insecure-bank - global startup overhead: candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd dateFormat X axisFormat %s section tracing Agent [baseline] (1.071 s) : 0, 1071279 Total [baseline] (8.595 s) : 0, 8594838 Agent [candidate] (1.072 s) : 0, 1072490 Total [candidate] (8.54 s) : 0, 8540080 section iast Agent [baseline] (1.189 s) : 0, 1189115 Total [baseline] (9.044 s) : 0, 9043900 Agent [candidate] (1.19 s) : 0, 1190178 Total [candidate] (8.993 s) : 0, 8993080 section iast_HARDCODED_SECRET_DISABLED Agent [baseline] (1.196 s) : 0, 1195904 Total [baseline] (9.012 s) : 0, 9012210 Agent [candidate] (1.196 s) : 0, 1195999 Total [candidate] (8.984 s) : 0, 8983768 section iast_TELEMETRY_OFF Agent [baseline] (1.196 s) : 0, 1196058 Total [baseline] (9.011 s) : 0, 9011275 Agent [candidate] (1.195 s) : 0, 1195330 Total [candidate] (9.006 s) : 0, 9005998 ``` * **baseline** results |Module|Variant|Duration|Δ tracing| |---|---|---|---| |Agent|tracing|1.071 s |-| |Agent|iast|1.189 s |117.836 ms (11.0%)| |Agent|iast_HARDCODED_SECRET_DISABLED|1.196 s |124.625 ms (11.6%)| |Agent|iast_TELEMETRY_OFF|1.196 s |124.779 ms (11.6%)| |Total|tracing|8.595 s |-| |Total|iast|9.044 s |449.063 ms (5.2%)| |Total|iast_HARDCODED_SECRET_DISABLED|9.012 s |417.373 ms (4.9%)| |Total|iast_TELEMETRY_OFF|9.011 s |416.437 ms (4.8%)| * **candidate** results |Module|Variant|Duration|Δ tracing| |---|---|---|---| |Agent|tracing|1.072 s |-| |Agent|iast|1.19 s |117.688 ms (11.0%)| |Agent|iast_HARDCODED_SECRET_DISABLED|1.196 s |123.509 ms (11.5%)| |Agent|iast_TELEMETRY_OFF|1.195 s |122.84 ms (11.5%)| |Total|tracing|8.54 s |-| |Total|iast|8.993 s |453.0 ms (5.3%)| |Total|iast_HARDCODED_SECRET_DISABLED|8.984 s |443.688 ms (5.2%)| |Total|iast_TELEMETRY_OFF|9.006 s |465.917 ms (5.5%)| ```mermaid gantt title insecure-bank - break down per module: candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd dateFormat X axisFormat %s section tracing BytebuddyAgent [baseline] (683.729 ms) : 0, 683729 BytebuddyAgent [candidate] (684.631 ms) : 0, 684631 GlobalTracer [baseline] (312.43 ms) : 0, 312430 GlobalTracer [candidate] (311.945 ms) : 0, 311945 AppSec [baseline] (53.198 ms) : 0, 53198 AppSec [candidate] (53.975 ms) : 0, 53975 Remote Config [baseline] (676.382 µs) : 0, 676 Remote Config [candidate] (655.486 µs) : 0, 655 Telemetry [baseline] (7.523 ms) : 0, 7523 Telemetry [candidate] (7.558 ms) : 0, 7558 section iast BytebuddyAgent [baseline] (791.245 ms) : 0, 791245 BytebuddyAgent [candidate] (791.692 ms) : 0, 791692 GlobalTracer [baseline] (298.097 ms) : 0, 298097 GlobalTracer [candidate] (298.727 ms) : 0, 298727 AppSec [baseline] (51.015 ms) : 0, 51015 AppSec [candidate] (53.16 ms) : 0, 53160 Remote Config [baseline] (660.893 µs) : 0, 661 Remote Config [candidate] (668.987 µs) : 0, 669 Telemetry [baseline] (7.331 ms) : 0, 7331 Telemetry [candidate] (7.28 ms) : 0, 7280 IAST [baseline] (27.159 ms) : 0, 27159 IAST [candidate] (25.012 ms) : 0, 25012 section iast_HARDCODED_SECRET_DISABLED BytebuddyAgent [baseline] (797.119 ms) : 0, 797119 BytebuddyAgent [candidate] (795.837 ms) : 0, 795837 GlobalTracer [baseline] (299.918 ms) : 0, 299918 GlobalTracer [candidate] (300.712 ms) : 0, 300712 AppSec [baseline] (52.611 ms) : 0, 52611 AppSec [candidate] (55.857 ms) : 0, 55857 Remote Config [baseline] (638.026 µs) : 0, 638 Remote Config [candidate] (609.556 µs) : 0, 610 Telemetry [baseline] (7.387 ms) : 0, 7387 Telemetry [candidate] (7.363 ms) : 0, 7363 IAST [baseline] (24.504 ms) : 0, 24504 IAST [candidate] (21.91 ms) : 0, 21910 section iast_TELEMETRY_OFF BytebuddyAgent [baseline] (795.214 ms) : 0, 795214 BytebuddyAgent [candidate] (793.76 ms) : 0, 793760 GlobalTracer [baseline] (301.404 ms) : 0, 301404 GlobalTracer [candidate] (301.016 ms) : 0, 301016 AppSec [baseline] (54.447 ms) : 0, 54447 AppSec [candidate] (54.863 ms) : 0, 54863 Remote Config [baseline] (625.495 µs) : 0, 625 Remote Config [candidate] (617.813 µs) : 0, 618 Telemetry [baseline] (8.143 ms) : 0, 8143 Telemetry [candidate] (7.272 ms) : 0, 7272 IAST [baseline] (22.453 ms) : 0, 22453 IAST [candidate] (24.138 ms) : 0, 24138 ```

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2024-09-18T19:50:20	2024-09-18T19:57:11
git_branch	master	malvarez/waf-session-fingerprint
git_commit_date	1726677448	1726688377
git_commit_sha	da9ecfbbcd	fff9d3586c
release_version	1.40.0-SNAPSHOT~da9ecfbbcd	1.40.0-SNAPSHOT~fff9d3586c
start_time	2024-09-18T19:50:07	2024-09-18T19:56:58

See matching parameters

| |Baseline |Candidate | |---------------------|----------------------------------------------|----------------------------------------------| |application |insecure-bank |insecure-bank | |ci_job_date |1726689777 |1726689777 | |ci_job_id |644127294 |644127294 | |ci_pipeline_id|44630248 |44630248 | |cpu_model |Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz|Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz| |variant |iast |iast |

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 18 unstable metrics.

Request duration reports for petclinic

```mermaid gantt title petclinic - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd dateFormat X axisFormat %s section baseline no_agent (1.344 ms) : 1325, 1364 . : milestone, 1344, appsec (1.722 ms) : 1697, 1747 . : milestone, 1722, appsec_no_iast (1.717 ms) : 1692, 1742 . : milestone, 1717, iast (1.469 ms) : 1446, 1492 . : milestone, 1469, profiling (1.495 ms) : 1471, 1520 . : milestone, 1495, tracing (1.463 ms) : 1438, 1488 . : milestone, 1463, section candidate no_agent (1.333 ms) : 1313, 1354 . : milestone, 1333, appsec (1.724 ms) : 1699, 1748 . : milestone, 1724, appsec_no_iast (1.71 ms) : 1685, 1736 . : milestone, 1710, iast (1.455 ms) : 1433, 1478 . : milestone, 1455, profiling (1.502 ms) : 1476, 1528 . : milestone, 1502, tracing (1.447 ms) : 1422, 1471 . : milestone, 1447, ``` * **baseline** results |Variant|Request duration [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|1.344 ms [1.325 ms, 1.364 ms]|-| |appsec|1.722 ms [1.697 ms, 1.747 ms]|377.784 µs (28.1%)| |appsec_no_iast|1.717 ms [1.692 ms, 1.742 ms]|373.075 µs (27.8%)| |iast|1.469 ms [1.446 ms, 1.492 ms]|124.818 µs (9.3%)| |profiling|1.495 ms [1.471 ms, 1.52 ms]|151.367 µs (11.3%)| |tracing|1.463 ms [1.438 ms, 1.488 ms]|119.086 µs (8.9%)| * **candidate** results |Variant|Request duration [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|1.333 ms [1.313 ms, 1.354 ms]|-| |appsec|1.724 ms [1.699 ms, 1.748 ms]|390.099 µs (29.3%)| |appsec_no_iast|1.71 ms [1.685 ms, 1.736 ms]|376.909 µs (28.3%)| |iast|1.455 ms [1.433 ms, 1.478 ms]|121.791 µs (9.1%)| |profiling|1.502 ms [1.476 ms, 1.528 ms]|168.432 µs (12.6%)| |tracing|1.447 ms [1.422 ms, 1.471 ms]|113.182 µs (8.5%)|

Request duration reports for insecure-bank

```mermaid gantt title insecure-bank - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd dateFormat X axisFormat %s section baseline no_agent (370.091 µs) : 350, 390 . : milestone, 370, iast (481.859 µs) : 461, 503 . : milestone, 482, iast_FULL (560.006 µs) : 538, 582 . : milestone, 560, iast_GLOBAL (507.353 µs) : 486, 529 . : milestone, 507, iast_HARDCODED_SECRET_DISABLED (488.094 µs) : 467, 509 . : milestone, 488, iast_INACTIVE (446.978 µs) : 426, 468 . : milestone, 447, iast_TELEMETRY_OFF (482.642 µs) : 459, 506 . : milestone, 483, tracing (444.828 µs) : 424, 466 . : milestone, 445, section candidate no_agent (369.636 µs) : 350, 389 . : milestone, 370, iast (480.654 µs) : 459, 502 . : milestone, 481, iast_FULL (558.091 µs) : 537, 579 . : milestone, 558, iast_GLOBAL (507.163 µs) : 486, 529 . : milestone, 507, iast_HARDCODED_SECRET_DISABLED (482.145 µs) : 461, 504 . : milestone, 482, iast_INACTIVE (449.788 µs) : 428, 471 . : milestone, 450, iast_TELEMETRY_OFF (474.749 µs) : 452, 497 . : milestone, 475, tracing (443.404 µs) : 423, 464 . : milestone, 443, ``` * **baseline** results |Variant|Request duration [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|370.091 µs [350.114 µs, 390.068 µs]|-| |iast|481.859 µs [460.916 µs, 502.801 µs]|111.768 µs (30.2%)| |iast_FULL|560.006 µs [538.487 µs, 581.525 µs]|189.915 µs (51.3%)| |iast_GLOBAL|507.353 µs [485.794 µs, 528.912 µs]|137.262 µs (37.1%)| |iast_HARDCODED_SECRET_DISABLED|488.094 µs [466.729 µs, 509.46 µs]|118.003 µs (31.9%)| |iast_INACTIVE|446.978 µs [425.825 µs, 468.131 µs]|76.887 µs (20.8%)| |iast_TELEMETRY_OFF|482.642 µs [459.491 µs, 505.792 µs]|112.551 µs (30.4%)| |tracing|444.828 µs [423.849 µs, 465.807 µs]|74.737 µs (20.2%)| * **candidate** results |Variant|Request duration [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|369.636 µs [350.496 µs, 388.776 µs]|-| |iast|480.654 µs [459.498 µs, 501.811 µs]|111.019 µs (30.0%)| |iast_FULL|558.091 µs [536.756 µs, 579.425 µs]|188.455 µs (51.0%)| |iast_GLOBAL|507.163 µs [485.709 µs, 528.618 µs]|137.528 µs (37.2%)| |iast_HARDCODED_SECRET_DISABLED|482.145 µs [460.641 µs, 503.648 µs]|112.509 µs (30.4%)| |iast_INACTIVE|449.788 µs [428.291 µs, 471.286 µs]|80.153 µs (21.7%)| |iast_TELEMETRY_OFF|474.749 µs [452.132 µs, 497.366 µs]|105.113 µs (28.4%)| |tracing|443.404 µs [422.728 µs, 464.079 µs]|73.768 µs (20.0%)|

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/waf-session-fingerprint
git_commit_date	1726677448	1726688377
git_commit_sha	da9ecfbbcd	fff9d3586c
release_version	1.40.0-SNAPSHOT~da9ecfbbcd	1.40.0-SNAPSHOT~fff9d3586c

See matching parameters

| |Baseline |Candidate | |---------------------|----------------------------------------------|----------------------------------------------| |application |biojava |biojava | |ci_job_date |1726690293 |1726690293 | |ci_job_id |644127295 |644127295 | |ci_pipeline_id|44630248 |44630248 | |cpu_model |Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz|Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz| |variant |appsec |appsec |

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat

```mermaid gantt title tomcat - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd dateFormat X axisFormat %s section baseline no_agent (1.461 ms) : 1449, 1472 . : milestone, 1461, appsec (2.276 ms) : 2236, 2316 . : milestone, 2276, iast (2.045 ms) : 1995, 2095 . : milestone, 2045, iast_GLOBAL (2.085 ms) : 2035, 2135 . : milestone, 2085, profiling (2.366 ms) : 2127, 2604 . : milestone, 2366, tracing (1.903 ms) : 1865, 1941 . : milestone, 1903, section candidate no_agent (1.466 ms) : 1454, 1477 . : milestone, 1466, appsec (2.317 ms) : 2276, 2358 . : milestone, 2317, iast (2.046 ms) : 1996, 2096 . : milestone, 2046, iast_GLOBAL (2.084 ms) : 2033, 2135 . : milestone, 2084, profiling (1.93 ms) : 1889, 1970 . : milestone, 1930, tracing (1.895 ms) : 1856, 1934 . : milestone, 1895, ``` * **baseline** results |Variant|Execution Time [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|1.461 ms [1.449 ms, 1.472 ms]|-| |appsec|2.276 ms [2.236 ms, 2.316 ms]|815.28 µs (55.8%)| |iast|2.045 ms [1.995 ms, 2.095 ms]|583.815 µs (40.0%)| |iast_GLOBAL|2.085 ms [2.035 ms, 2.135 ms]|624.122 µs (42.7%)| |profiling|2.366 ms [2.127 ms, 2.604 ms]|904.751 µs (61.9%)| |tracing|1.903 ms [1.865 ms, 1.941 ms]|442.107 µs (30.3%)| * **candidate** results |Variant|Execution Time [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|1.466 ms [1.454 ms, 1.477 ms]|-| |appsec|2.317 ms [2.276 ms, 2.358 ms]|851.601 µs (58.1%)| |iast|2.046 ms [1.996 ms, 2.096 ms]|580.124 µs (39.6%)| |iast_GLOBAL|2.084 ms [2.033 ms, 2.135 ms]|618.241 µs (42.2%)| |profiling|1.93 ms [1.889 ms, 1.97 ms]|463.929 µs (31.7%)| |tracing|1.895 ms [1.856 ms, 1.934 ms]|429.101 µs (29.3%)|

Execution time for biojava

```mermaid gantt title biojava - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd dateFormat X axisFormat %s section baseline no_agent (15.228 s) : 15228000, 15228000 . : milestone, 15228000, appsec (15.216 s) : 15216000, 15216000 . : milestone, 15216000, iast (18.813 s) : 18813000, 18813000 . : milestone, 18813000, iast_GLOBAL (17.976 s) : 17976000, 17976000 . : milestone, 17976000, profiling (15.78 s) : 15780000, 15780000 . : milestone, 15780000, tracing (15.391 s) : 15391000, 15391000 . : milestone, 15391000, section candidate no_agent (15.536 s) : 15536000, 15536000 . : milestone, 15536000, appsec (15.484 s) : 15484000, 15484000 . : milestone, 15484000, iast (18.634 s) : 18634000, 18634000 . : milestone, 18634000, iast_GLOBAL (17.947 s) : 17947000, 17947000 . : milestone, 17947000, profiling (14.929 s) : 14929000, 14929000 . : milestone, 14929000, tracing (15.143 s) : 15143000, 15143000 . : milestone, 15143000, ``` * **baseline** results |Variant|Execution Time [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|15.228 s [15.228 s, 15.228 s]|-| |appsec|15.216 s [15.216 s, 15.216 s]|-12.0 ms (-0.1%)| |iast|18.813 s [18.813 s, 18.813 s]|3.585 s (23.5%)| |iast_GLOBAL|17.976 s [17.976 s, 17.976 s]|2.748 s (18.0%)| |profiling|15.78 s [15.78 s, 15.78 s]|552.0 ms (3.6%)| |tracing|15.391 s [15.391 s, 15.391 s]|163.0 ms (1.1%)| * **candidate** results |Variant|Execution Time [CI 0.99]|Δ no_agent| |---|---|---| |no_agent|15.536 s [15.536 s, 15.536 s]|-| |appsec|15.484 s [15.484 s, 15.484 s]|-52.0 ms (-0.3%)| |iast|18.634 s [18.634 s, 18.634 s]|3.098 s (19.9%)| |iast_GLOBAL|17.947 s [17.947 s, 17.947 s]|2.411 s (15.5%)| |profiling|14.929 s [14.929 s, 14.929 s]|-607.0 ms (-3.9%)| |tracing|15.143 s [15.143 s, 15.143 s]|-393.0 ms (-2.5%)|