Skip to content

Fix issue with call sites on constructors without DUP bytecode #9698

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 14, 2025
Merged

Fix issue with call sites on constructors without DUP bytecode #9698

merged 1 commit into from
Oct 14, 2025

Conversation

@manuel-alvarez-alvarez
Copy link
Member

@manuel-alvarez-alvarez manuel-alvarez-alvarez commented Oct 8, 2025
edited by atlassian bot
Loading

What Does This Do

Ignores constructor call sites when there is no corresponding DUP instruction following a NEW. This can occur when the created instance is immediately discarded and never used in the code.

Motivation

We've received an escalation related to a verification error:

Attempt to pop empty stack.
Current Frame:
bci: @24
flags: { }
locals: { 'java/lang/String', 'java/lang/String' }
stack: { uninitialized 10, '[Ljava/lang/Object;' }

The issue is caused by stack manipulation operations performed by IAST when applying call site advices. In the case of constructors, the instrumentation expects a DUP instruction to follow the NEW operation. However, in this particular instance, the bytecode sequence was:

new java/net/URI
aload 1
invokespecial java/net/URI.<init>(Ljava/lang/String;)V

Since the created instance is immediately discarded by the Java code, we can safely ignore these call sites.

Additional Notes

As a future improvement, we could revisit this logic and explore applying call site advices to this case as well.

Contributor Checklist

Jira ticket: APMS-17315

@manuel-alvarez-alvarez manuel-alvarez-alvarez requested a review from a team as a code owner October 8, 2025 12:26
@manuel-alvarez-alvarez manuel-alvarez-alvarez added the type: bug Bug report and fix label Oct 8, 2025
@manuel-alvarez-alvarez manuel-alvarez-alvarez added the comp: asm iast Application Security Management (IAST) label Oct 8, 2025
@datadog-datadog-prod-us1
Copy link
Contributor

datadog-datadog-prod-us1 bot commented Oct 8, 2025
edited
Loading

🎯 Code Coverage
Patch Coverage: 0.00%
Total Coverage: 59.86% (-0.07%)

View detailed report

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 34d74cf | Docs | Was this helpful? Give us feedback!

@pr-commenter
Copy link

pr-commenter bot commented Oct 8, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/fix-iast-url-callsite
git_commit_date 1760389963 1760431385
git_commit_sha 85d8580 34d74cf
release_version 1.55.0-SNAPSHOT~85d85805f6 1.55.0-SNAPSHOT~34d74cfcd4
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1760433983 1760433983
ci_job_id 1177430603 1177430603
ci_pipeline_id 79204562 79204562
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-iacxxwh4 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-iacxxwh4 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 60 metrics, 5 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.55.0-SNAPSHOT~34d74cfcd4, baseline=1.55.0-SNAPSHOT~85d85805f6

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.013 s) : 0, 1013234
Total [baseline] (8.671 s) : 0, 8670774
Agent [candidate] (1.025 s) : 0, 1024687
Total [candidate] (8.676 s) : 0, 8676006
section iast
Agent [baseline] (1.149 s) : 0, 1148805
Total [baseline] (9.251 s) : 0, 9251179
Agent [candidate] (1.151 s) : 0, 1151028
Total [candidate] (9.301 s) : 0, 9300591
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.013 s -
Agent iast 1.149 s 135.571 ms (13.4%)
Total tracing 8.671 s -
Total iast 9.251 s 580.405 ms (6.7%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.025 s -
Agent iast 1.151 s 126.341 ms (12.3%)
Total tracing 8.676 s -
Total iast 9.301 s 624.585 ms (7.2%) 
gantt
    title insecure-bank - break down per module: candidate=1.55.0-SNAPSHOT~34d74cfcd4, baseline=1.55.0-SNAPSHOT~85d85805f6

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.465 ms) : 0, 1465
crashtracking [candidate] (1.465 ms) : 0, 1465
BytebuddyAgent [baseline] (691.01 ms) : 0, 691010
BytebuddyAgent [candidate] (698.437 ms) : 0, 698437
GlobalTracer [baseline] (241.444 ms) : 0, 241444
GlobalTracer [candidate] (243.696 ms) : 0, 243696
AppSec [baseline] (32.321 ms) : 0, 32321
AppSec [candidate] (32.581 ms) : 0, 32581
Debugger [baseline] (6.401 ms) : 0, 6401
Debugger [candidate] (6.536 ms) : 0, 6536
Remote Config [baseline] (702.874 µs) : 0, 703
Remote Config [candidate] (703.033 µs) : 0, 703
Telemetry [baseline] (9.287 ms) : 0, 9287
Telemetry [candidate] (9.38 ms) : 0, 9380
Flare Poller [baseline] (9.522 ms) : 0, 9522
Flare Poller [candidate] (10.613 ms) : 0, 10613
section iast
crashtracking [baseline] (1.481 ms) : 0, 1481
crashtracking [candidate] (1.48 ms) : 0, 1480
BytebuddyAgent [baseline] (814.552 ms) : 0, 814552
BytebuddyAgent [candidate] (815.389 ms) : 0, 815389
GlobalTracer [baseline] (230.498 ms) : 0, 230498
GlobalTracer [candidate] (231.027 ms) : 0, 231027
AppSec [baseline] (35.024 ms) : 0, 35024
AppSec [candidate] (35.335 ms) : 0, 35335
Debugger [baseline] (6.114 ms) : 0, 6114
Debugger [candidate] (6.173 ms) : 0, 6173
Remote Config [baseline] (609.912 µs) : 0, 610
Remote Config [candidate] (612.1 µs) : 0, 612
Telemetry [baseline] (8.56 ms) : 0, 8560
Telemetry [candidate] (8.724 ms) : 0, 8724
Flare Poller [baseline] (4.215 ms) : 0, 4215
Flare Poller [candidate] (4.208 ms) : 0, 4208
IAST [baseline] (26.26 ms) : 0, 26260
IAST [candidate] (26.515 ms) : 0, 26515
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.55.0-SNAPSHOT~34d74cfcd4, baseline=1.55.0-SNAPSHOT~85d85805f6

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.025 s) : 0, 1025011
Total [baseline] (10.758 s) : 0, 10758355
Agent [candidate] (1.016 s) : 0, 1015627
Total [candidate] (10.672 s) : 0, 10671766
section appsec
Agent [baseline] (1.194 s) : 0, 1193887
Total [baseline] (11.029 s) : 0, 11029209
Agent [candidate] (1.2 s) : 0, 1199751
Total [candidate] (11.047 s) : 0, 11046905
section iast
Agent [baseline] (1.161 s) : 0, 1161374
Total [baseline] (11.086 s) : 0, 11085676
Agent [candidate] (1.151 s) : 0, 1150612
Total [candidate] (10.999 s) : 0, 10998994
section profiling
Agent [baseline] (1.163 s) : 0, 1163205
Total [baseline] (11.054 s) : 0, 11054300
Agent [candidate] (1.162 s) : 0, 1161685
Total [candidate] (11.071 s) : 0, 11071062
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.025 s -
Agent appsec 1.194 s 168.876 ms (16.5%)
Agent iast 1.161 s 136.363 ms (13.3%)
Agent profiling 1.163 s 138.194 ms (13.5%)
Total tracing 10.758 s -
Total appsec 11.029 s 270.854 ms (2.5%)
Total iast 11.086 s 327.321 ms (3.0%)
Total profiling 11.054 s 295.944 ms (2.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.016 s -
Agent appsec 1.2 s 184.125 ms (18.1%)
Agent iast 1.151 s 134.986 ms (13.3%)
Agent profiling 1.162 s 146.059 ms (14.4%)
Total tracing 10.672 s -
Total appsec 11.047 s 375.14 ms (3.5%)
Total iast 10.999 s 327.228 ms (3.1%)
Total profiling 11.071 s 399.297 ms (3.7%) 
gantt
    title petclinic - break down per module: candidate=1.55.0-SNAPSHOT~34d74cfcd4, baseline=1.55.0-SNAPSHOT~85d85805f6

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.473 ms) : 0, 1473
crashtracking [candidate] (1.458 ms) : 0, 1458
BytebuddyAgent [baseline] (698.513 ms) : 0, 698513
BytebuddyAgent [candidate] (692.443 ms) : 0, 692443
GlobalTracer [baseline] (243.352 ms) : 0, 243352
GlobalTracer [candidate] (241.635 ms) : 0, 241635
AppSec [baseline] (32.647 ms) : 0, 32647
AppSec [candidate] (32.247 ms) : 0, 32247
Debugger [baseline] (6.51 ms) : 0, 6510
Debugger [candidate] (6.479 ms) : 0, 6479
Remote Config [baseline] (712.345 µs) : 0, 712
Remote Config [candidate] (706.876 µs) : 0, 707
Telemetry [baseline] (9.394 ms) : 0, 9394
Telemetry [candidate] (9.216 ms) : 0, 9216
Flare Poller [baseline] (11.085 ms) : 0, 11085
Flare Poller [candidate] (10.248 ms) : 0, 10248
section appsec
crashtracking [baseline] (1.444 ms) : 0, 1444
crashtracking [candidate] (1.449 ms) : 0, 1449
BytebuddyAgent [baseline] (717.19 ms) : 0, 717190
BytebuddyAgent [candidate] (718.513 ms) : 0, 718513
GlobalTracer [baseline] (234.522 ms) : 0, 234522
GlobalTracer [candidate] (236.995 ms) : 0, 236995
AppSec [baseline] (175.72 ms) : 0, 175720
AppSec [candidate] (177.036 ms) : 0, 177036
Debugger [baseline] (6.146 ms) : 0, 6146
Debugger [candidate] (6.199 ms) : 0, 6199
Remote Config [baseline] (634.4 µs) : 0, 634
Remote Config [candidate] (637.395 µs) : 0, 637
Telemetry [baseline] (8.397 ms) : 0, 8397
Telemetry [candidate] (8.671 ms) : 0, 8671
Flare Poller [baseline] (3.986 ms) : 0, 3986
Flare Poller [candidate] (3.972 ms) : 0, 3972
IAST [baseline] (24.704 ms) : 0, 24704
IAST [candidate] (25.089 ms) : 0, 25089
section iast
crashtracking [baseline] (1.466 ms) : 0, 1466
crashtracking [candidate] (1.453 ms) : 0, 1453
BytebuddyAgent [baseline] (823.267 ms) : 0, 823267
BytebuddyAgent [candidate] (814.978 ms) : 0, 814978
GlobalTracer [baseline] (232.811 ms) : 0, 232811
GlobalTracer [candidate] (231.146 ms) : 0, 231146
AppSec [baseline] (35.596 ms) : 0, 35596
AppSec [candidate] (35.447 ms) : 0, 35447
Debugger [baseline] (6.181 ms) : 0, 6181
Debugger [candidate] (6.104 ms) : 0, 6104
Remote Config [baseline] (624.473 µs) : 0, 624
Remote Config [candidate] (603.378 µs) : 0, 603
Telemetry [baseline] (8.73 ms) : 0, 8730
Telemetry [candidate] (8.595 ms) : 0, 8595
Flare Poller [baseline] (4.222 ms) : 0, 4222
Flare Poller [candidate] (4.203 ms) : 0, 4203
IAST [baseline] (26.786 ms) : 0, 26786
IAST [candidate] (26.439 ms) : 0, 26439
section profiling
crashtracking [baseline] (1.444 ms) : 0, 1444
crashtracking [candidate] (1.434 ms) : 0, 1434
BytebuddyAgent [baseline] (721.86 ms) : 0, 721860
BytebuddyAgent [candidate] (721.523 ms) : 0, 721523
GlobalTracer [baseline] (218.098 ms) : 0, 218098
GlobalTracer [candidate] (217.307 ms) : 0, 217307
AppSec [baseline] (32.434 ms) : 0, 32434
AppSec [candidate] (32.199 ms) : 0, 32199
Debugger [baseline] (6.519 ms) : 0, 6519
Debugger [candidate] (7.29 ms) : 0, 7290
Remote Config [baseline] (832.905 µs) : 0, 833
Remote Config [candidate] (744.538 µs) : 0, 745
Telemetry [baseline] (15.91 ms) : 0, 15910
Telemetry [candidate] (15.251 ms) : 0, 15251
Flare Poller [baseline] (4.172 ms) : 0, 4172
Flare Poller [candidate] (4.143 ms) : 0, 4143
ProfilingAgent [baseline] (108.853 ms) : 0, 108853
ProfilingAgent [candidate] (107.883 ms) : 0, 107883
Profiling [baseline] (109.836 ms) : 0, 109836
Profiling [candidate] (109.674 ms) : 0, 109674
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/fix-iast-url-callsite
git_commit_date 1760389963 1760431385
git_commit_sha 85d8580 34d74cf
release_version 1.55.0-SNAPSHOT~85d85805f6 1.55.0-SNAPSHOT~34d74cfcd4
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1760433641 1760433641
ci_job_id 1177430605 1177430605
ci_pipeline_id 79204562 79204562
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-of3uw7cn 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-of3uw7cn 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 1 performance regressions! Performance is the same for 9 metrics, 12 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:insecure-bank:iast_FULL:high_load better
[-1250.995µs; -621.117µs] or [-8.341%; -4.141%]		 unstable
[-19.480op/s; +60.730op/s] or [-6.268%; +19.541%]		 14.062ms 331.406op/s 14.998ms 310.781op/s
scenario:load:petclinic:no_agent:high_load worse
[+1.570ms; +2.219ms] or [+4.293%; +6.067%]		 unstable
[-13.228op/s; +3.731op/s] or [-10.347%; +2.918%]		 38.465ms 123.101op/s 36.570ms 127.850op/s
scenario:load:petclinic:profiling:high_load better
[-2.630ms; -1.666ms] or [-5.320%; -3.371%]		 unstable
[-2.183op/s; +10.867op/s] or [-2.277%; +11.333%]		 47.282ms 100.228op/s 49.430ms 95.886op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.55.0-SNAPSHOT~34d74cfcd4, baseline=1.55.0-SNAPSHOT~85d85805f6
    dateFormat X
    axisFormat %s
section baseline
no_agent (36.57 ms) : 36275, 36866
.   : milestone, 36570,
appsec (48.033 ms) : 47605, 48462
.   : milestone, 48033,
code_origins (43.99 ms) : 43613, 44366
.   : milestone, 43990,
iast (44.524 ms) : 44126, 44921
.   : milestone, 44524,
profiling (49.43 ms) : 48954, 49905
.   : milestone, 49430,
tracing (41.833 ms) : 41480, 42186
.   : milestone, 41833,
section candidate
no_agent (38.465 ms) : 38158, 38771
.   : milestone, 38465,
appsec (46.631 ms) : 46221, 47041
.   : milestone, 46631,
code_origins (43.924 ms) : 43537, 44311
.   : milestone, 43924,
iast (45.363 ms) : 44985, 45740
.   : milestone, 45363,
profiling (47.282 ms) : 46863, 47700
.   : milestone, 47282,
tracing (42.578 ms) : 42215, 42942
.   : milestone, 42578,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 36.57 ms [36.275 ms, 36.866 ms] -
appsec 48.033 ms [47.605 ms, 48.462 ms] 11.463 ms (31.3%)
code_origins 43.99 ms [43.613 ms, 44.366 ms] 7.419 ms (20.3%)
iast 44.524 ms [44.126 ms, 44.921 ms] 7.953 ms (21.7%)
profiling 49.43 ms [48.954 ms, 49.905 ms] 12.859 ms (35.2%)
tracing 41.833 ms [41.48 ms, 42.186 ms] 5.263 ms (14.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 38.465 ms [38.158 ms, 38.771 ms] -
appsec 46.631 ms [46.221 ms, 47.041 ms] 8.167 ms (21.2%)
code_origins 43.924 ms [43.537 ms, 44.311 ms] 5.459 ms (14.2%)
iast 45.363 ms [44.985 ms, 45.74 ms] 6.898 ms (17.9%)
profiling 47.282 ms [46.863 ms, 47.7 ms] 8.817 ms (22.9%)
tracing 42.578 ms [42.215 ms, 42.942 ms] 4.114 ms (10.7%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.55.0-SNAPSHOT~34d74cfcd4, baseline=1.55.0-SNAPSHOT~85d85805f6
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.627 ms) : 4566, 4688
.   : milestone, 4627,
iast (9.983 ms) : 9812, 10155
.   : milestone, 9983,
iast_FULL (14.998 ms) : 14693, 15303
.   : milestone, 14998,
iast_GLOBAL (10.709 ms) : 10517, 10902
.   : milestone, 10709,
profiling (8.921 ms) : 8774, 9069
.   : milestone, 8921,
tracing (7.527 ms) : 7415, 7640
.   : milestone, 7527,
section candidate
no_agent (4.537 ms) : 4487, 4586
.   : milestone, 4537,
iast (9.66 ms) : 9494, 9825
.   : milestone, 9660,
iast_FULL (14.062 ms) : 13782, 14342
.   : milestone, 14062,
iast_GLOBAL (10.832 ms) : 10641, 11023
.   : milestone, 10832,
profiling (8.926 ms) : 8787, 9064
.   : milestone, 8926,
tracing (7.578 ms) : 7467, 7689
.   : milestone, 7578,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.627 ms [4.566 ms, 4.688 ms] -
iast 9.983 ms [9.812 ms, 10.155 ms] 5.356 ms (115.8%)
iast_FULL 14.998 ms [14.693 ms, 15.303 ms] 10.371 ms (224.1%)
iast_GLOBAL 10.709 ms [10.517 ms, 10.902 ms] 6.082 ms (131.5%)
profiling 8.921 ms [8.774 ms, 9.069 ms] 4.294 ms (92.8%)
tracing 7.527 ms [7.415 ms, 7.64 ms] 2.9 ms (62.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.537 ms [4.487 ms, 4.586 ms] -
iast 9.66 ms [9.494 ms, 9.825 ms] 5.123 ms (112.9%)
iast_FULL 14.062 ms [13.782 ms, 14.342 ms] 9.525 ms (210.0%)
iast_GLOBAL 10.832 ms [10.641 ms, 11.023 ms] 6.295 ms (138.8%)
profiling 8.926 ms [8.787 ms, 9.064 ms] 4.389 ms (96.7%)
tracing 7.578 ms [7.467 ms, 7.689 ms] 3.041 ms (67.0%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/fix-iast-url-callsite
git_commit_date 1760389963 1760431385
git_commit_sha 85d8580 34d74cf
release_version 1.55.0-SNAPSHOT~85d85805f6 1.55.0-SNAPSHOT~34d74cfcd4
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1760434206 1760434206
ci_job_id 1177430607 1177430607
ci_pipeline_id 79204562 79204562
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-2-t8oulj2y 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-2-t8oulj2y 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.55.0-SNAPSHOT~34d74cfcd4, baseline=1.55.0-SNAPSHOT~85d85805f6
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.477 ms) : 1466, 1489
.   : milestone, 1477,
appsec (3.737 ms) : 3518, 3956
.   : milestone, 3737,
iast (2.207 ms) : 2144, 2270
.   : milestone, 2207,
iast_GLOBAL (2.251 ms) : 2188, 2315
.   : milestone, 2251,
profiling (2.074 ms) : 2022, 2127
.   : milestone, 2074,
tracing (2.027 ms) : 1978, 2077
.   : milestone, 2027,
section candidate
no_agent (1.478 ms) : 1466, 1489
.   : milestone, 1478,
appsec (3.711 ms) : 3493, 3930
.   : milestone, 3711,
iast (2.211 ms) : 2148, 2275
.   : milestone, 2211,
iast_GLOBAL (2.251 ms) : 2188, 2315
.   : milestone, 2251,
profiling (2.057 ms) : 2006, 2108
.   : milestone, 2057,
tracing (2.018 ms) : 1969, 2067
.   : milestone, 2018,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.477 ms [1.466 ms, 1.489 ms] -
appsec 3.737 ms [3.518 ms, 3.956 ms] 2.26 ms (153.0%)
iast 2.207 ms [2.144 ms, 2.27 ms] 729.409 µs (49.4%)
iast_GLOBAL 2.251 ms [2.188 ms, 2.315 ms] 774.037 µs (52.4%)
profiling 2.074 ms [2.022 ms, 2.127 ms] 596.843 µs (40.4%)
tracing 2.027 ms [1.978 ms, 2.077 ms] 549.882 µs (37.2%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.478 ms [1.466 ms, 1.489 ms] -
appsec 3.711 ms [3.493 ms, 3.93 ms] 2.234 ms (151.2%)
iast 2.211 ms [2.148 ms, 2.275 ms] 733.8 µs (49.7%)
iast_GLOBAL 2.251 ms [2.188 ms, 2.315 ms] 773.55 µs (52.4%)
profiling 2.057 ms [2.006 ms, 2.108 ms] 579.7 µs (39.2%)
tracing 2.018 ms [1.969 ms, 2.067 ms] 540.326 µs (36.6%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.55.0-SNAPSHOT~34d74cfcd4, baseline=1.55.0-SNAPSHOT~85d85805f6
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.857 s) : 14857000, 14857000
.   : milestone, 14857000,
appsec (15.183 s) : 15183000, 15183000
.   : milestone, 15183000,
iast (18.909 s) : 18909000, 18909000
.   : milestone, 18909000,
iast_GLOBAL (18.244 s) : 18244000, 18244000
.   : milestone, 18244000,
profiling (15.494 s) : 15494000, 15494000
.   : milestone, 15494000,
tracing (15.046 s) : 15046000, 15046000
.   : milestone, 15046000,
section candidate
no_agent (14.763 s) : 14763000, 14763000
.   : milestone, 14763000,
appsec (14.952 s) : 14952000, 14952000
.   : milestone, 14952000,
iast (18.212 s) : 18212000, 18212000
.   : milestone, 18212000,
iast_GLOBAL (18.069 s) : 18069000, 18069000
.   : milestone, 18069000,
profiling (15.195 s) : 15195000, 15195000
.   : milestone, 15195000,
tracing (14.897 s) : 14897000, 14897000
.   : milestone, 14897000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.857 s [14.857 s, 14.857 s] -
appsec 15.183 s [15.183 s, 15.183 s] 326.0 ms (2.2%)
iast 18.909 s [18.909 s, 18.909 s] 4.052 s (27.3%)
iast_GLOBAL 18.244 s [18.244 s, 18.244 s] 3.387 s (22.8%)
profiling 15.494 s [15.494 s, 15.494 s] 637.0 ms (4.3%)
tracing 15.046 s [15.046 s, 15.046 s] 189.0 ms (1.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.763 s [14.763 s, 14.763 s] -
appsec 14.952 s [14.952 s, 14.952 s] 189.0 ms (1.3%)
iast 18.212 s [18.212 s, 18.212 s] 3.449 s (23.4%)
iast_GLOBAL 18.069 s [18.069 s, 18.069 s] 3.306 s (22.4%)
profiling 15.195 s [15.195 s, 15.195 s] 432.0 ms (2.9%)
tracing 14.897 s [14.897 s, 14.897 s] 134.0 ms (0.9%)

jandro996
jandro996 approved these changes Oct 10, 2025
View reviewed changes
Copy link
Member

@jandro996 jandro996 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

ValentinZakharov
ValentinZakharov approved these changes Oct 13, 2025
View reviewed changes
Copy link
Contributor

@ValentinZakharov ValentinZakharov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/fix-iast-url-callsite branch from 8a8fdc8 to 34d74cf Compare October 14, 2025 08:53
@manuel-alvarez-alvarez manuel-alvarez-alvarez merged commit c180b4f into master Oct 14, 2025
530 checks passed
@manuel-alvarez-alvarez manuel-alvarez-alvarez deleted the malvarez/fix-iast-url-callsite branch October 14, 2025 10:34
@github-actions github-actions bot added this to the 1.55.0 milestone Oct 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ValentinZakharov ValentinZakharov ValentinZakharov approved these changes

@jandro996 jandro996 jandro996 approved these changes

@smola smola Awaiting requested review from smola smola is a code owner automatically assigned from DataDog/asm-java

@robertpi robertpi Awaiting requested review from robertpi robertpi is a code owner automatically assigned from DataDog/asm-java

Assignees

No one assigned

Labels

comp: asm iast Application Security Management (IAST) type: bug Bug report and fix

Projects

None yet

Milestone

1.55.0

Development

Successfully merging this pull request may close these issues.

3 participants

@manuel-alvarez-alvarez @ValentinZakharov @jandro996