Add propagation to URI#toURL method #8146

manuel-alvarez-alvarez · 2025-01-03T10:56:25Z

What Does This Do

Adds propagation to the URI.toURL() method.

Motivation

From JDK 20, URL constructor with a single string is deprecated and the recommended way to construct the URL is to do it via URI.toURL()

Additional Notes

Contributor Checklist

Format the title according the contribution guidelines
Assign the type: and (comp: or inst:) labels in addition to any usefull labels
Don't use close, fix or any linking keywords when referencing an issue.
Use solves instead, and assign the PR milestone to the issue
Update the public documentation in case of new configuration flag or behavior

Jira ticket: [PROJ-IDENT]

pr-commenter · 2025-01-03T11:33:00Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/iast-uri-to-url
git_commit_date	1736331140	1736331587
git_commit_sha	`4905729`	`a2f0ccd`
release_version	1.45.0-SNAPSHOT~490572997a	1.45.0-SNAPSHOT~a2f0ccd9b7

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1736333876	1736333876
ci_job_id	758166857	758166857
ci_pipeline_id	52419314	52419314
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 58 metrics, 5 unstable metrics.

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.45.0-SNAPSHOT~a2f0ccd9b7, baseline=1.45.0-SNAPSHOT~490572997a

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.055 s) : 0, 1055058
Total [baseline] (10.484 s) : 0, 10483819
Agent [candidate] (1.059 s) : 0, 1058821
Total [candidate] (10.417 s) : 0, 10417011
section appsec
Agent [baseline] (1.201 s) : 0, 1201418
Total [baseline] (10.669 s) : 0, 10669050
Agent [candidate] (1.192 s) : 0, 1191982
Total [candidate] (10.719 s) : 0, 10718536
section iast
Agent [baseline] (1.181 s) : 0, 1181479
Total [baseline] (11.042 s) : 0, 11041614
Agent [candidate] (1.183 s) : 0, 1182760
Total [candidate] (11.056 s) : 0, 11055833
section profiling
Agent [baseline] (1.279 s) : 0, 1279398
Total [baseline] (10.723 s) : 0, 10722867
Agent [candidate] (1.274 s) : 0, 1273816
Total [candidate] (10.857 s) : 0, 10857014

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.055 s	-
Agent	appsec	1.201 s	146.36 ms (13.9%)
Agent	iast	1.181 s	126.421 ms (12.0%)
Agent	profiling	1.279 s	224.341 ms (21.3%)
Total	tracing	10.484 s	-
Total	appsec	10.669 s	185.232 ms (1.8%)
Total	iast	11.042 s	557.795 ms (5.3%)
Total	profiling	10.723 s	239.049 ms (2.3%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.059 s	-
Agent	appsec	1.192 s	133.161 ms (12.6%)
Agent	iast	1.183 s	123.939 ms (11.7%)
Agent	profiling	1.274 s	214.995 ms (20.3%)
Total	tracing	10.417 s	-
Total	appsec	10.719 s	301.525 ms (2.9%)
Total	iast	11.056 s	638.822 ms (6.1%)
Total	profiling	10.857 s	440.003 ms (4.2%)

gantt
    title petclinic - break down per module: candidate=1.45.0-SNAPSHOT~a2f0ccd9b7, baseline=1.45.0-SNAPSHOT~490572997a

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (714.056 ms) : 0, 714056
BytebuddyAgent [candidate] (716.336 ms) : 0, 716336
GlobalTracer [baseline] (256.034 ms) : 0, 256034
GlobalTracer [candidate] (256.882 ms) : 0, 256882
AppSec [baseline] (56.197 ms) : 0, 56197
AppSec [candidate] (57.619 ms) : 0, 57619
Remote Config [baseline] (725.292 µs) : 0, 725
Remote Config [candidate] (717.449 µs) : 0, 717
Telemetry [baseline] (13.066 ms) : 0, 13066
Telemetry [candidate] (12.204 ms) : 0, 12204
section appsec
BytebuddyAgent [baseline] (739.806 ms) : 0, 739806
BytebuddyAgent [candidate] (733.394 ms) : 0, 733394
GlobalTracer [baseline] (255.916 ms) : 0, 255916
GlobalTracer [candidate] (253.815 ms) : 0, 253815
AppSec [baseline] (171.444 ms) : 0, 171444
AppSec [candidate] (171.109 ms) : 0, 171109
IAST [baseline] (19.536 ms) : 0, 19536
IAST [candidate] (19.388 ms) : 0, 19388
Remote Config [baseline] (680.973 µs) : 0, 681
Remote Config [candidate] (668.94 µs) : 0, 669
Telemetry [baseline] (8.657 ms) : 0, 8657
Telemetry [candidate] (8.249 ms) : 0, 8249
section iast
BytebuddyAgent [baseline] (831.272 ms) : 0, 831272
BytebuddyAgent [candidate] (831.432 ms) : 0, 831432
GlobalTracer [baseline] (247.024 ms) : 0, 247024
GlobalTracer [candidate] (246.961 ms) : 0, 246961
AppSec [baseline] (57.907 ms) : 0, 57907
AppSec [candidate] (58.54 ms) : 0, 58540
IAST [baseline] (20.993 ms) : 0, 20993
IAST [candidate] (21.289 ms) : 0, 21289
Remote Config [baseline] (639.245 µs) : 0, 639
Remote Config [candidate] (666.703 µs) : 0, 667
Telemetry [baseline] (8.683 ms) : 0, 8683
Telemetry [candidate] (8.785 ms) : 0, 8785
section profiling
BytebuddyAgent [baseline] (707.117 ms) : 0, 707117
BytebuddyAgent [candidate] (702.526 ms) : 0, 702526
GlobalTracer [baseline] (372.453 ms) : 0, 372453
GlobalTracer [candidate] (371.088 ms) : 0, 371088
AppSec [baseline] (53.678 ms) : 0, 53678
AppSec [candidate] (54.026 ms) : 0, 54026
Remote Config [baseline] (660.608 µs) : 0, 661
Remote Config [candidate] (656.117 µs) : 0, 656
Telemetry [baseline] (7.984 ms) : 0, 7984
Telemetry [candidate] (8.039 ms) : 0, 8039
ProfilingAgent [baseline] (95.372 ms) : 0, 95372
ProfilingAgent [candidate] (95.66 ms) : 0, 95660
Profiling [baseline] (95.396 ms) : 0, 95396
Profiling [candidate] (95.684 ms) : 0, 95684

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.45.0-SNAPSHOT~a2f0ccd9b7, baseline=1.45.0-SNAPSHOT~490572997a

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.054 s) : 0, 1054079
Total [baseline] (8.613 s) : 0, 8613499
Agent [candidate] (1.056 s) : 0, 1056243
Total [candidate] (8.608 s) : 0, 8607614
section iast
Agent [baseline] (1.187 s) : 0, 1187140
Total [baseline] (9.222 s) : 0, 9222357
Agent [candidate] (1.183 s) : 0, 1183378
Total [candidate] (9.274 s) : 0, 9273957
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.189 s) : 0, 1188633
Total [baseline] (9.178 s) : 0, 9177784
Agent [candidate] (1.184 s) : 0, 1184280
Total [candidate] (9.162 s) : 0, 9161689
section iast_TELEMETRY_OFF
Agent [baseline] (1.181 s) : 0, 1180750
Total [baseline] (9.174 s) : 0, 9174329
Agent [candidate] (1.177 s) : 0, 1177252
Total [candidate] (9.155 s) : 0, 9155158

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.054 s	-
Agent	iast	1.187 s	133.062 ms (12.6%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.189 s	134.555 ms (12.8%)
Agent	iast_TELEMETRY_OFF	1.181 s	126.671 ms (12.0%)
Total	tracing	8.613 s	-
Total	iast	9.222 s	608.858 ms (7.1%)
Total	iast_HARDCODED_SECRET_DISABLED	9.178 s	564.286 ms (6.6%)
Total	iast_TELEMETRY_OFF	9.174 s	560.83 ms (6.5%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.056 s	-
Agent	iast	1.183 s	127.136 ms (12.0%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.184 s	128.037 ms (12.1%)
Agent	iast_TELEMETRY_OFF	1.177 s	121.01 ms (11.5%)
Total	tracing	8.608 s	-
Total	iast	9.274 s	666.344 ms (7.7%)
Total	iast_HARDCODED_SECRET_DISABLED	9.162 s	554.075 ms (6.4%)
Total	iast_TELEMETRY_OFF	9.155 s	547.544 ms (6.4%)

gantt
    title insecure-bank - break down per module: candidate=1.45.0-SNAPSHOT~a2f0ccd9b7, baseline=1.45.0-SNAPSHOT~490572997a

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (713.319 ms) : 0, 713319
BytebuddyAgent [candidate] (713.644 ms) : 0, 713644
GlobalTracer [baseline] (255.741 ms) : 0, 255741
GlobalTracer [candidate] (255.955 ms) : 0, 255955
AppSec [baseline] (56.653 ms) : 0, 56653
AppSec [candidate] (57.394 ms) : 0, 57394
Remote Config [baseline] (712.158 µs) : 0, 712
Remote Config [candidate] (714.831 µs) : 0, 715
Telemetry [baseline] (12.706 ms) : 0, 12706
Telemetry [candidate] (13.616 ms) : 0, 13616
section iast
BytebuddyAgent [baseline] (836.127 ms) : 0, 836127
BytebuddyAgent [candidate] (831.461 ms) : 0, 831461
GlobalTracer [baseline] (247.084 ms) : 0, 247084
GlobalTracer [candidate] (247.644 ms) : 0, 247644
AppSec [baseline] (58.265 ms) : 0, 58265
AppSec [candidate] (58.241 ms) : 0, 58241
Remote Config [baseline] (662.153 µs) : 0, 662
Remote Config [candidate] (667.361 µs) : 0, 667
Telemetry [baseline] (8.726 ms) : 0, 8726
Telemetry [candidate] (8.794 ms) : 0, 8794
IAST [baseline] (21.14 ms) : 0, 21140
IAST [candidate] (21.501 ms) : 0, 21501
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (836.07 ms) : 0, 836070
BytebuddyAgent [candidate] (834.259 ms) : 0, 834259
GlobalTracer [baseline] (248.207 ms) : 0, 248207
GlobalTracer [candidate] (246.874 ms) : 0, 246874
AppSec [baseline] (58.455 ms) : 0, 58455
AppSec [candidate] (57.609 ms) : 0, 57609
Remote Config [baseline] (651.043 µs) : 0, 651
Remote Config [candidate] (668.539 µs) : 0, 669
Telemetry [baseline] (8.812 ms) : 0, 8812
Telemetry [candidate] (8.755 ms) : 0, 8755
IAST [baseline] (21.348 ms) : 0, 21348
IAST [candidate] (21.055 ms) : 0, 21055
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (831.555 ms) : 0, 831555
BytebuddyAgent [candidate] (826.709 ms) : 0, 826709
GlobalTracer [baseline] (246.404 ms) : 0, 246404
GlobalTracer [candidate] (247.481 ms) : 0, 247481
AppSec [baseline] (57.778 ms) : 0, 57778
AppSec [candidate] (57.995 ms) : 0, 57995
Remote Config [baseline] (660.484 µs) : 0, 660
Remote Config [candidate] (648.323 µs) : 0, 648
Telemetry [baseline] (8.563 ms) : 0, 8563
Telemetry [candidate] (8.664 ms) : 0, 8664
IAST [baseline] (20.726 ms) : 0, 20726
IAST [candidate] (20.715 ms) : 0, 20715

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2025-01-08T10:30:19	2025-01-08T10:37:22
git_branch	master	malvarez/iast-uri-to-url
git_commit_date	1736331140	1736331587
git_commit_sha	`4905729`	`a2f0ccd`
release_version	1.45.0-SNAPSHOT~490572997a	1.45.0-SNAPSHOT~a2f0ccd9b7
start_time	2025-01-08T10:30:05	2025-01-08T10:37:09

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1736332997	1736332997
ci_job_id	758166858	758166858
ci_pipeline_id	52419314	52419314
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	iast	iast

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 16 unstable metrics.

scenario	Δ mean http_req_duration	Δ mean throughput	candidate mean http_req_duration	candidate mean throughput	baseline mean http_req_duration	baseline mean throughput
scenario:load:petclinic:profiling	better [-131.027µs; -79.511µs] or [-8.163%; -4.953%]	unstable [-353.055op/s; +792.616op/s] or [-12.357%; +27.742%]	1.500ms	3076.923op/s	1.605ms	2857.143op/s

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.45.0-SNAPSHOT~a2f0ccd9b7, baseline=1.45.0-SNAPSHOT~490572997a
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.378 ms) : 1358, 1398
.   : milestone, 1378,
appsec (1.755 ms) : 1731, 1780
.   : milestone, 1755,
appsec_no_iast (1.781 ms) : 1757, 1805
.   : milestone, 1781,
iast (1.512 ms) : 1488, 1535
.   : milestone, 1512,
profiling (1.605 ms) : 1581, 1629
.   : milestone, 1605,
tracing (1.501 ms) : 1476, 1525
.   : milestone, 1501,
section candidate
no_agent (1.364 ms) : 1345, 1384
.   : milestone, 1364,
appsec (1.76 ms) : 1735, 1785
.   : milestone, 1760,
appsec_no_iast (1.758 ms) : 1733, 1783
.   : milestone, 1758,
iast (1.497 ms) : 1474, 1520
.   : milestone, 1497,
profiling (1.5 ms) : 1476, 1524
.   : milestone, 1500,
tracing (1.506 ms) : 1481, 1530
.   : milestone, 1506,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.378 ms [1.358 ms, 1.398 ms]	-
appsec	1.755 ms [1.731 ms, 1.78 ms]	377.554 µs (27.4%)
appsec_no_iast	1.781 ms [1.757 ms, 1.805 ms]	403.005 µs (29.2%)
iast	1.512 ms [1.488 ms, 1.535 ms]	133.697 µs (9.7%)
profiling	1.605 ms [1.581 ms, 1.629 ms]	227.249 µs (16.5%)
tracing	1.501 ms [1.476 ms, 1.525 ms]	122.858 µs (8.9%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.364 ms [1.345 ms, 1.384 ms]	-
appsec	1.76 ms [1.735 ms, 1.785 ms]	395.431 µs (29.0%)
appsec_no_iast	1.758 ms [1.733 ms, 1.783 ms]	393.541 µs (28.8%)
iast	1.497 ms [1.474 ms, 1.52 ms]	132.637 µs (9.7%)
profiling	1.5 ms [1.476 ms, 1.524 ms]	135.627 µs (9.9%)
tracing	1.506 ms [1.481 ms, 1.53 ms]	141.363 µs (10.4%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.45.0-SNAPSHOT~a2f0ccd9b7, baseline=1.45.0-SNAPSHOT~490572997a
    dateFormat X
    axisFormat %s
section baseline
no_agent (380.783 µs) : 360, 402
.   : milestone, 381,
iast (500.0 µs) : 478, 522
.   : milestone, 500,
iast_FULL (658.487 µs) : 637, 680
.   : milestone, 658,
iast_GLOBAL (525.521 µs) : 504, 547
.   : milestone, 526,
iast_HARDCODED_SECRET_DISABLED (499.187 µs) : 477, 521
.   : milestone, 499,
iast_INACTIVE (460.283 µs) : 439, 482
.   : milestone, 460,
iast_TELEMETRY_OFF (485.564 µs) : 464, 507
.   : milestone, 486,
tracing (461.862 µs) : 441, 483
.   : milestone, 462,
section candidate
no_agent (380.415 µs) : 361, 400
.   : milestone, 380,
iast (504.236 µs) : 482, 526
.   : milestone, 504,
iast_FULL (665.352 µs) : 644, 687
.   : milestone, 665,
iast_GLOBAL (533.627 µs) : 511, 556
.   : milestone, 534,
iast_HARDCODED_SECRET_DISABLED (497.325 µs) : 476, 519
.   : milestone, 497,
iast_INACTIVE (470.43 µs) : 449, 492
.   : milestone, 470,
iast_TELEMETRY_OFF (483.644 µs) : 462, 505
.   : milestone, 484,
tracing (459.906 µs) : 439, 481
.   : milestone, 460,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	380.783 µs [359.953 µs, 401.613 µs]	-
iast	500.0 µs [478.04 µs, 521.96 µs]	119.217 µs (31.3%)
iast_FULL	658.487 µs [636.678 µs, 680.296 µs]	277.704 µs (72.9%)
iast_GLOBAL	525.521 µs [503.907 µs, 547.135 µs]	144.738 µs (38.0%)
iast_HARDCODED_SECRET_DISABLED	499.187 µs [477.452 µs, 520.922 µs]	118.404 µs (31.1%)
iast_INACTIVE	460.283 µs [438.826 µs, 481.74 µs]	79.5 µs (20.9%)
iast_TELEMETRY_OFF	485.564 µs [464.229 µs, 506.898 µs]	104.781 µs (27.5%)
tracing	461.862 µs [440.504 µs, 483.22 µs]	81.079 µs (21.3%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	380.415 µs [360.836 µs, 399.994 µs]	-
iast	504.236 µs [482.477 µs, 525.996 µs]	123.821 µs (32.5%)
iast_FULL	665.352 µs [643.671 µs, 687.033 µs]	284.937 µs (74.9%)
iast_GLOBAL	533.627 µs [511.118 µs, 556.136 µs]	153.212 µs (40.3%)
iast_HARDCODED_SECRET_DISABLED	497.325 µs [475.784 µs, 518.865 µs]	116.91 µs (30.7%)
iast_INACTIVE	470.43 µs [448.791 µs, 492.068 µs]	90.015 µs (23.7%)
iast_TELEMETRY_OFF	483.644 µs [462.373 µs, 504.916 µs]	103.229 µs (27.1%)
tracing	459.906 µs [438.62 µs, 481.193 µs]	79.492 µs (20.9%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/iast-uri-to-url
git_commit_date	1736331140	1736331587
git_commit_sha	`4905729`	`a2f0ccd`
release_version	1.45.0-SNAPSHOT~490572997a	1.45.0-SNAPSHOT~a2f0ccd9b7

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1736333523	1736333523
ci_job_id	758166859	758166859
ci_pipeline_id	52419314	52419314
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.45.0-SNAPSHOT~a2f0ccd9b7, baseline=1.45.0-SNAPSHOT~490572997a
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.942 s) : 14942000, 14942000
.   : milestone, 14942000,
appsec (14.981 s) : 14981000, 14981000
.   : milestone, 14981000,
iast (18.861 s) : 18861000, 18861000
.   : milestone, 18861000,
iast_GLOBAL (18.17 s) : 18170000, 18170000
.   : milestone, 18170000,
profiling (15.055 s) : 15055000, 15055000
.   : milestone, 15055000,
tracing (15.195 s) : 15195000, 15195000
.   : milestone, 15195000,
section candidate
no_agent (15.223 s) : 15223000, 15223000
.   : milestone, 15223000,
appsec (15.147 s) : 15147000, 15147000
.   : milestone, 15147000,
iast (18.749 s) : 18749000, 18749000
.   : milestone, 18749000,
iast_GLOBAL (17.685 s) : 17685000, 17685000
.   : milestone, 17685000,
profiling (15.85 s) : 15850000, 15850000
.   : milestone, 15850000,
tracing (14.992 s) : 14992000, 14992000
.   : milestone, 14992000,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.942 s [14.942 s, 14.942 s]	-
appsec	14.981 s [14.981 s, 14.981 s]	39.0 ms (0.3%)
iast	18.861 s [18.861 s, 18.861 s]	3.919 s (26.2%)
iast_GLOBAL	18.17 s [18.17 s, 18.17 s]	3.228 s (21.6%)
profiling	15.055 s [15.055 s, 15.055 s]	113.0 ms (0.8%)
tracing	15.195 s [15.195 s, 15.195 s]	253.0 ms (1.7%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.223 s [15.223 s, 15.223 s]	-
appsec	15.147 s [15.147 s, 15.147 s]	-76.0 ms (-0.5%)
iast	18.749 s [18.749 s, 18.749 s]	3.526 s (23.2%)
iast_GLOBAL	17.685 s [17.685 s, 17.685 s]	2.462 s (16.2%)
profiling	15.85 s [15.85 s, 15.85 s]	627.0 ms (4.1%)
tracing	14.992 s [14.992 s, 14.992 s]	-231.0 ms (-1.5%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.45.0-SNAPSHOT~a2f0ccd9b7, baseline=1.45.0-SNAPSHOT~490572997a
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.471 ms) : 1459, 1482
.   : milestone, 1471,
appsec (2.351 ms) : 2309, 2393
.   : milestone, 2351,
iast (2.103 ms) : 2050, 2157
.   : milestone, 2103,
iast_GLOBAL (2.135 ms) : 2081, 2189
.   : milestone, 2135,
profiling (1.948 ms) : 1906, 1991
.   : milestone, 1948,
tracing (1.936 ms) : 1894, 1978
.   : milestone, 1936,
section candidate
no_agent (1.474 ms) : 1462, 1485
.   : milestone, 1474,
appsec (2.36 ms) : 2317, 2402
.   : milestone, 2360,
iast (2.095 ms) : 2042, 2149
.   : milestone, 2095,
iast_GLOBAL (2.145 ms) : 2091, 2200
.   : milestone, 2145,
profiling (1.978 ms) : 1933, 2022
.   : milestone, 1978,
tracing (1.936 ms) : 1894, 1977
.   : milestone, 1936,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.471 ms [1.459 ms, 1.482 ms]	-
appsec	2.351 ms [2.309 ms, 2.393 ms]	880.086 µs (59.8%)
iast	2.103 ms [2.05 ms, 2.157 ms]	632.765 µs (43.0%)
iast_GLOBAL	2.135 ms [2.081 ms, 2.189 ms]	663.921 µs (45.1%)
profiling	1.948 ms [1.906 ms, 1.991 ms]	477.644 µs (32.5%)
tracing	1.936 ms [1.894 ms, 1.978 ms]	465.061 µs (31.6%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.474 ms [1.462 ms, 1.485 ms]	-
appsec	2.36 ms [2.317 ms, 2.402 ms]	886.183 µs (60.1%)
iast	2.095 ms [2.042 ms, 2.149 ms]	621.951 µs (42.2%)
iast_GLOBAL	2.145 ms [2.091 ms, 2.2 ms]	671.823 µs (45.6%)
profiling	1.978 ms [1.933 ms, 2.022 ms]	504.003 µs (34.2%)
tracing	1.936 ms [1.894 ms, 1.977 ms]	462.064 µs (31.4%)

Mariovido

LGTM

github-actions · 2025-01-08T12:44:38Z

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [com.google.api.grpc:proto-google-common-protos](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.50.0` -> `2.50.1` | | [com.google.cloud:google-cloud-core-http](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.49.0` -> `2.49.1` | | [com.google.cloud:google-cloud-core](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.49.0` -> `2.49.1` | | [com.google.api:gax](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.59.0` -> `2.59.1` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.44.1` -> `1.45.0` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.44.1` -> `1.45.0` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.47` -> `2.29.48` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.47` -> `2.29.48` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.47` -> `2.29.48` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.47` -> `2.29.48` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.47` -> `2.29.48` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.47` -> `2.29.48` | --- ### Release Notes <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.45.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.45.0): 1.45.0 ##### Breaking changes > \[!WARNING]\ > Support for custom scope manager using OpenTelemetry tracer artifact (`dd-trace-ot`) is dropped. > Tracing with OpenTracing API and custom scope manager will continue to work on 1.44.x releases. ##### Components ##### Application Security Management (IAST) - ✨ Add propagation to URI#toURL method ([#8146](DataDog/dd-trace-java#8146) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Increase IAST propagation to StringBuilder setLength ([#8119](DataDog/dd-trace-java#8119) - [@Mariovido](https://github.com/Mariovido)) - ✨ Increase IAST propagation to StringBuffer append ([#8082](DataDog/dd-trace-java#8082) - [@Mariovido](https://github.com/Mariovido)) - ✨ Handle IAST security controls custom validation and sanitization methods ([#7997](DataDog/dd-trace-java#7997) - [@jandro996](https://github.com/jandro996)) ##### Application Security Management (WAF) - ✨ Update user lifecycle tracking to V3 ([#8108](DataDog/dd-trace-java#8108) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Exploit prevention for Shell Injection / Command Injection ([#7615](DataDog/dd-trace-java#7615) - [@jandro996](https://github.com/jandro996)) ##### Build & Tooling - 💡 Support instrumentation of repackaged libraries ([#8153](DataDog/dd-trace-java#8153) - [@mcculls](https://github.com/mcculls)) - ✨ Configure native image build setting for JDK-22 based GraalVM ([#8092](DataDog/dd-trace-java#8092) - [@MattAlp](https://github.com/MattAlp)) ##### Database Monitoring - ✨ Add full APM/DBM mode for Oracle ([#8090](DataDog/dd-trace-java#8090) - [@nenadnoveljic](https://github.com/nenadnoveljic)) ##### Dynamic Instrumentation - 🐛 make local var hoisting disabled by default ([#8158](DataDog/dd-trace-java#8158) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Fix var hoisting issue when no previous store ([#8122](DataDog/dd-trace-java#8122) - [@jpbempel](https://github.com/jpbempel)) - ✨ Only decorate spans without code origin information ([#8105](DataDog/dd-trace-java#8105) - [@evanchooly](https://github.com/evanchooly)) - 🐛 Fix suspend Kotlin methods instrumentation ([#8080](DataDog/dd-trace-java#8080) - [@jpbempel](https://github.com/jpbempel)) - 🐛 Fix class file version detection ([#8057](DataDog/dd-trace-java#8057) - [@jpbempel](https://github.com/jpbempel)) ##### GraalVM native-image - ✨ Configure native image build setting for JDK-22 based GraalVM ([#8092](DataDog/dd-trace-java#8092) - [@MattAlp](https://github.com/MattAlp)) ##### ML Observability (LLMObs) - ✨🧪 Add LLMObs configuration ([#8076](DataDog/dd-trace-java#8076) - [@gary-huang](https://github.com/gary-huang)) ##### Metrics - Bump integrations-core submodule to 7.60.0 ([#8098](DataDog/dd-trace-java#8098) - [@mcculls](https://github.com/mcculls)) - Upgrade to java-dogstatsd-client v4.4.3 ([#8096](DataDog/dd-trace-java#8096) - [@mcculls](https://github.com/mcculls)) ##### OpenTracing - ⚠️🧹 Remove custom scope manager support ([#8164](DataDog/dd-trace-java#8164) - [@PerfectSlayer](https://github.com/PerfectSlayer)) ##### Telemetry - ✨ Retry telemetry requests if CI Visibility is enabled ([#8147](DataDog/dd-trace-java#8147) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add configurable Dependency service resolution period ([#8079](DataDog/dd-trace-java#8079) - [@jandro996](https://github.com/jandro996)) ##### Testing - 🐛 Remove restriction to not run vertx4 latest tests on java 17 ([#8133](DataDog/dd-trace-java#8133) - [@vandonr](https://github.com/vandonr)) ##### Tracer core - ✨ Defer remote components to avoid OkHttp class-loading side-effects ([#8131](DataDog/dd-trace-java#8131) - [@mcculls](https://github.com/mcculls)) - ✨ Improve Context API null handling and Javadoc ([#8129](DataDog/dd-trace-java#8129) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - 🐛⚡ Avoid performing blocking I/O operation on application thread ([#8120](DataDog/dd-trace-java#8120) - [@mcculls](https://github.com/mcculls)) - 💡 Introduce a shared context component, independent of tracing ([#8117](DataDog/dd-trace-java#8117) - [@mcculls](https://github.com/mcculls)) - ✨ Improves ServiceNameCollector ([#8109](DataDog/dd-trace-java#8109) - [@amarziali](https://github.com/amarziali)) - Upgrade to ASM 9.7.1 (adds new constant for Java 24) ([#8097](DataDog/dd-trace-java#8097) - [@mcculls](https://github.com/mcculls)) - 🐛 Dynamically evaluate service name for message consumers ([#8088](DataDog/dd-trace-java#8088) - [@amarziali](https://github.com/amarziali)) ##### Serverless - 🐛 Add avoid double instrumenting lambda non-streaming handlers. ([#8073](DataDog/dd-trace-java#8073) - [@purple4reina](https://github.com/purple4reina)) ##### Instrumentations ##### AWS SDK instrumentation - 💡 Instrument EMR's relocated AWS SDK ([#8157](DataDog/dd-trace-java#8157) - [@mcculls](https://github.com/mcculls)) ##### Eclipse Vert.x instrumentation - 🐛 Remove restriction to not run vertx4 latest tests on java 17 ([#8133](DataDog/dd-trace-java#8133) - [@vandonr](https://github.com/vandonr)) ##### JDBC instrumentation - ✨ Add full APM/DBM mode for Oracle ([#8090](DataDog/dd-trace-java#8090) - [@nenadnoveljic](https://github.com/nenadnoveljic)) ##### Jetty instrumentation - 🐛 Ensure jetty 12 has servlet.path starting with / ([#8093](DataDog/dd-trace-java#8093) - [@github-actions](https://github.com/github-actions)\[bot]) ##### JMS instrumentation - 🧹 Re-use `javax` JMS module for `jakarta` namespace ([#8155](DataDog/dd-trace-java#8155) - [@mcculls](https://github.com/mcculls)) - 🧹 Group `javax.jms` instrumentations under a single module ([#8154](DataDog/dd-trace-java#8154) - [@mcculls](https://github.com/mcculls)) ##### Reactor instrumentation - 🐛 Reactor: early propagate span in context when subscribing ([#8166](DataDog/dd-trace-java#8166) - [@amarziali](https://github.com/amarziali)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: ba2355aa4e2e39ab1fee27319cc4176238efd90b

manuel-alvarez-alvarez added type: enhancement comp: asm iast Application Security Management (IAST) labels Jan 3, 2025

manuel-alvarez-alvarez marked this pull request as ready for review January 3, 2025 10:56

manuel-alvarez-alvarez requested review from a team as code owners January 3, 2025 10:56

manuel-alvarez-alvarez requested review from smola and Mariovido January 3, 2025 10:56

manuel-alvarez-alvarez force-pushed the malvarez/iast-uri-to-url branch from c860ad3 to 46093d9 Compare January 3, 2025 10:58

Mariovido approved these changes Jan 7, 2025

View reviewed changes

manuel-alvarez-alvarez force-pushed the malvarez/iast-uri-to-url branch from 46093d9 to a2f0ccd Compare January 8, 2025 10:19

Add propagation to URI#toURL method

5bf9991

manuel-alvarez-alvarez force-pushed the malvarez/iast-uri-to-url branch from a2f0ccd to 5bf9991 Compare January 8, 2025 10:23

manuel-alvarez-alvarez added type: enhancement and removed type: enhancement labels Jan 8, 2025

manuel-alvarez-alvarez merged commit 9247ce3 into master Jan 8, 2025
149 of 150 checks passed

manuel-alvarez-alvarez deleted the malvarez/iast-uri-to-url branch January 8, 2025 12:45

github-actions bot added this to the 1.45.0 milestone Jan 8, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add propagation to URI#toURL method #8146

Add propagation to URI#toURL method #8146

manuel-alvarez-alvarez commented Jan 3, 2025

pr-commenter bot commented Jan 3, 2025 •

edited

Loading

Mariovido left a comment

github-actions bot commented Jan 8, 2025

Add propagation to URI#toURL method #8146

Add propagation to URI#toURL method #8146

Conversation

manuel-alvarez-alvarez commented Jan 3, 2025

What Does This Do

Motivation

Additional Notes

Contributor Checklist

pr-commenter bot commented Jan 3, 2025 • edited Loading

Benchmarks

Startup

Parameters

Summary

Load

Parameters

Summary

Dacapo

Parameters

Summary

Mariovido left a comment

Choose a reason for hiding this comment

github-actions bot commented Jan 8, 2025

pr-commenter bot commented Jan 3, 2025 •

edited

Loading