Extract Vert.x json body response schemas

[manuel-alvarez-alvarez]

What Does This Do

Adds response body extraction for Vert.x JSON endpoints to enable automatic API schema discovery and protection by the Web Application Firewall (WAF). Support is for Vert.x >= 4.x (leverages new JSON response API introduced in v4.x)

Motivation

Additional Notes

Contributor Checklist

• Format the title according the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any usefull labels
• Don't use close, fix or any linking keywords when referencing an issue.
  Use solves instead, and assign the PR milestone to the issue
• Update the CODEOWNERS file on source file addition, move, or deletion
• Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-57920

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/vertx-response-extraction
git_commit_date	1750835724	1750835738
git_commit_sha	c065926	bd96ea3
release_version	1.51.0-SNAPSHOT~c0659266e2	1.51.0-SNAPSHOT~bd96ea3c17

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1750837559	1750837559
ci_job_id	997274119	997274119
ci_pipeline_id	68693975	68693975
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-bziamzy-project-304-concurrent-0-89rzjbj2 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-bziamzy-project-304-concurrent-0-89rzjbj2 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 41 metrics, 12 unstable metrics.

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.51.0-SNAPSHOT~bd96ea3c17, baseline=1.51.0-SNAPSHOT~c0659266e2

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (994.126 ms) : 0, 994126
Total [baseline] (8.536 s) : 0, 8535539
Agent [candidate] (994.702 ms) : 0, 994702
Total [candidate] (8.515 s) : 0, 8515458
section iast
Agent [baseline] (1.144 s) : 0, 1144073
Total [baseline] (9.349 s) : 0, 9348730
Agent [candidate] (1.147 s) : 0, 1146764
Total [candidate] (9.254 s) : 0, 9254274

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	994.126 ms	-
Agent	iast	1.144 s	149.946 ms (15.1%)
Total	tracing	8.536 s	-
Total	iast	9.349 s	813.191 ms (9.5%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	994.702 ms	-
Agent	iast	1.147 s	152.063 ms (15.3%)
Total	tracing	8.515 s	-
Total	iast	9.254 s	738.816 ms (8.7%)

gantt
    title insecure-bank - break down per module: candidate=1.51.0-SNAPSHOT~bd96ea3c17, baseline=1.51.0-SNAPSHOT~c0659266e2

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (686.143 ms) : 0, 686143
BytebuddyAgent [candidate] (686.132 ms) : 0, 686132
GlobalTracer [baseline] (242.212 ms) : 0, 242212
GlobalTracer [candidate] (242.095 ms) : 0, 242095
AppSec [baseline] (30.05 ms) : 0, 30050
AppSec [candidate] (30.037 ms) : 0, 30037
Debugger [baseline] (6.056 ms) : 0, 6056
Debugger [candidate] (6.097 ms) : 0, 6097
Remote Config [baseline] (650.152 µs) : 0, 650
Remote Config [candidate] (660.364 µs) : 0, 660
Telemetry [baseline] (8.214 ms) : 0, 8214
Telemetry [candidate] (8.812 ms) : 0, 8812
section iast
BytebuddyAgent [baseline] (818.16 ms) : 0, 818160
BytebuddyAgent [candidate] (819.609 ms) : 0, 819609
GlobalTracer [baseline] (234.466 ms) : 0, 234466
GlobalTracer [candidate] (235.459 ms) : 0, 235459
AppSec [baseline] (27.207 ms) : 0, 27207
AppSec [candidate] (26.261 ms) : 0, 26261
Debugger [baseline] (5.929 ms) : 0, 5929
Debugger [candidate] (5.915 ms) : 0, 5915
Remote Config [baseline] (593.224 µs) : 0, 593
Remote Config [candidate] (598.121 µs) : 0, 598
Telemetry [baseline] (8.083 ms) : 0, 8083
Telemetry [candidate] (8.945 ms) : 0, 8945
IAST [baseline] (28.626 ms) : 0, 28626
IAST [candidate] (28.914 ms) : 0, 28914

Loading

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.51.0-SNAPSHOT~bd96ea3c17, baseline=1.51.0-SNAPSHOT~c0659266e2

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (994.002 ms) : 0, 994002
Total [baseline] (10.641 s) : 0, 10641351
Agent [candidate] (992.05 ms) : 0, 992050
Total [candidate] (10.646 s) : 0, 10646449
section appsec
Agent [baseline] (1.17 s) : 0, 1169663
Total [baseline] (10.685 s) : 0, 10685253
Agent [candidate] (1.183 s) : 0, 1182625
Total [candidate] (10.779 s) : 0, 10779350
section iast
Agent [baseline] (1.127 s) : 0, 1127300
Total [baseline] (10.854 s) : 0, 10853831
Agent [candidate] (1.137 s) : 0, 1136526
Total [candidate] (10.866 s) : 0, 10865714
section profiling
Agent [baseline] (1.239 s) : 0, 1239313
Total [baseline] (11.055 s) : 0, 11055120
Agent [candidate] (1.244 s) : 0, 1243615
Total [candidate] (11.102 s) : 0, 11102328

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	994.002 ms	-
Agent	appsec	1.17 s	175.661 ms (17.7%)
Agent	iast	1.127 s	133.299 ms (13.4%)
Agent	profiling	1.239 s	245.312 ms (24.7%)
Total	tracing	10.641 s	-
Total	appsec	10.685 s	43.902 ms (0.4%)
Total	iast	10.854 s	212.48 ms (2.0%)
Total	profiling	11.055 s	413.769 ms (3.9%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	992.05 ms	-
Agent	appsec	1.183 s	190.575 ms (19.2%)
Agent	iast	1.137 s	144.476 ms (14.6%)
Agent	profiling	1.244 s	251.565 ms (25.4%)
Total	tracing	10.646 s	-
Total	appsec	10.779 s	132.901 ms (1.2%)
Total	iast	10.866 s	219.265 ms (2.1%)
Total	profiling	11.102 s	455.878 ms (4.3%)

gantt
    title petclinic - break down per module: candidate=1.51.0-SNAPSHOT~bd96ea3c17, baseline=1.51.0-SNAPSHOT~c0659266e2

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (685.804 ms) : 0, 685804
BytebuddyAgent [candidate] (684.815 ms) : 0, 684815
GlobalTracer [baseline] (242.708 ms) : 0, 242708
GlobalTracer [candidate] (241.655 ms) : 0, 241655
AppSec [baseline] (29.767 ms) : 0, 29767
AppSec [candidate] (29.861 ms) : 0, 29861
Debugger [baseline] (6.026 ms) : 0, 6026
Debugger [candidate] (6.059 ms) : 0, 6059
Remote Config [baseline] (642.662 µs) : 0, 643
Remote Config [candidate] (654.877 µs) : 0, 655
Telemetry [baseline] (8.126 ms) : 0, 8126
Telemetry [candidate] (8.088 ms) : 0, 8088
section appsec
BytebuddyAgent [baseline] (707.829 ms) : 0, 707829
BytebuddyAgent [candidate] (717.155 ms) : 0, 717155
GlobalTracer [baseline] (234.956 ms) : 0, 234956
GlobalTracer [candidate] (237.696 ms) : 0, 237696
AppSec [baseline] (169.545 ms) : 0, 169545
AppSec [candidate] (169.839 ms) : 0, 169839
Debugger [baseline] (5.883 ms) : 0, 5883
Debugger [candidate] (5.926 ms) : 0, 5926
Remote Config [baseline] (598.721 µs) : 0, 599
Remote Config [candidate] (616.317 µs) : 0, 616
Telemetry [baseline] (8.127 ms) : 0, 8127
Telemetry [candidate] (8.311 ms) : 0, 8311
IAST [baseline] (21.932 ms) : 0, 21932
IAST [candidate] (22.132 ms) : 0, 22132
section iast
BytebuddyAgent [baseline] (805.121 ms) : 0, 805121
BytebuddyAgent [candidate] (811.84 ms) : 0, 811840
GlobalTracer [baseline] (232.15 ms) : 0, 232150
GlobalTracer [candidate] (234.147 ms) : 0, 234147
AppSec [baseline] (27.441 ms) : 0, 27441
AppSec [candidate] (26.676 ms) : 0, 26676
Debugger [baseline] (5.797 ms) : 0, 5797
Debugger [candidate] (5.825 ms) : 0, 5825
Remote Config [baseline] (578.318 µs) : 0, 578
Remote Config [candidate] (601.587 µs) : 0, 602
Telemetry [baseline] (7.796 ms) : 0, 7796
Telemetry [candidate] (7.869 ms) : 0, 7869
IAST [baseline] (27.648 ms) : 0, 27648
IAST [candidate] (28.647 ms) : 0, 28647
section profiling
BytebuddyAgent [baseline] (675.602 ms) : 0, 675602
BytebuddyAgent [candidate] (677.627 ms) : 0, 677627
GlobalTracer [baseline] (360.772 ms) : 0, 360772
GlobalTracer [candidate] (360.967 ms) : 0, 360967
AppSec [baseline] (30.876 ms) : 0, 30876
AppSec [candidate] (31.234 ms) : 0, 31234
Debugger [baseline] (11.77 ms) : 0, 11770
Debugger [candidate] (11.202 ms) : 0, 11202
Remote Config [baseline] (708.507 µs) : 0, 709
Remote Config [candidate] (657.076 µs) : 0, 657
Telemetry [baseline] (8.658 ms) : 0, 8658
Telemetry [candidate] (9.59 ms) : 0, 9590
ProfilingAgent [baseline] (102.309 ms) : 0, 102309
ProfilingAgent [candidate] (103.641 ms) : 0, 103641
Profiling [baseline] (102.335 ms) : 0, 102335
Profiling [candidate] (103.666 ms) : 0, 103666

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/vertx-response-extraction
git_commit_date	1750835724	1750835738
git_commit_sha	c065926	bd96ea3
release_version	1.51.0-SNAPSHOT~c0659266e2	1.51.0-SNAPSHOT~bd96ea3c17

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1750837237	1750837237
ci_job_id	997274120	997274120
ci_pipeline_id	68693975	68693975
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-vaym2f8s-project-304-concurrent-0-t95sgjje 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-vaym2f8s-project-304-concurrent-0-t95sgjje 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 2 performance regressions! Performance is the same for 10 metrics, 12 unstable metrics.

scenario	Δ mean http_req_duration	Δ mean throughput	candidate mean http_req_duration	candidate mean throughput	baseline mean http_req_duration	baseline mean throughput
scenario:load:insecure-bank:no_agent:high_load	worse [+101.228µs; +220.553µs] or [+2.297%; +5.006%]	unstable [-140.910op/s; +69.660op/s] or [-13.531%; +6.689%]	4.567ms	1005.750op/s	4.406ms	1041.375op/s
scenario:load:petclinic:profiling:high_load	worse [+2.182ms; +3.183ms] or [+4.555%; +6.643%]	unstable [-11.939op/s; +1.664op/s] or [-12.225%; +1.704%]	50.590ms	92.525op/s	47.908ms	97.662op/s

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~bd96ea3c17, baseline=1.51.0-SNAPSHOT~c0659266e2
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.406 ms) : 4347, 4465
.   : milestone, 4406,
iast (8.979 ms) : 8836, 9123
.   : milestone, 8979,
iast_FULL (13.91 ms) : 13638, 14181
.   : milestone, 13910,
iast_GLOBAL (9.8 ms) : 9614, 9987
.   : milestone, 9800,
profiling (8.313 ms) : 8173, 8454
.   : milestone, 8313,
tracing (7.783 ms) : 7670, 7896
.   : milestone, 7783,
section candidate
no_agent (4.567 ms) : 4515, 4619
.   : milestone, 4567,
iast (9.06 ms) : 8910, 9210
.   : milestone, 9060,
iast_FULL (13.623 ms) : 13355, 13890
.   : milestone, 13623,
iast_GLOBAL (9.831 ms) : 9662, 10000
.   : milestone, 9831,
profiling (8.526 ms) : 8392, 8661
.   : milestone, 8526,
tracing (7.59 ms) : 7476, 7704
.   : milestone, 7590,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	4.406 ms [4.347 ms, 4.465 ms]	-
iast	8.979 ms [8.836 ms, 9.123 ms]	4.573 ms (103.8%)
iast_FULL	13.91 ms [13.638 ms, 14.181 ms]	9.504 ms (215.7%)
iast_GLOBAL	9.8 ms [9.614 ms, 9.987 ms]	5.394 ms (122.4%)
profiling	8.313 ms [8.173 ms, 8.454 ms]	3.907 ms (88.7%)
tracing	7.783 ms [7.67 ms, 7.896 ms]	3.377 ms (76.6%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	4.567 ms [4.515 ms, 4.619 ms]	-
iast	9.06 ms [8.91 ms, 9.21 ms]	4.493 ms (98.4%)
iast_FULL	13.623 ms [13.355 ms, 13.89 ms]	9.056 ms (198.3%)
iast_GLOBAL	9.831 ms [9.662 ms, 10.0 ms]	5.264 ms (115.3%)
profiling	8.526 ms [8.392 ms, 8.661 ms]	3.96 ms (86.7%)
tracing	7.59 ms [7.476 ms, 7.704 ms]	3.023 ms (66.2%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~bd96ea3c17, baseline=1.51.0-SNAPSHOT~c0659266e2
    dateFormat X
    axisFormat %s
section baseline
no_agent (36.579 ms) : 36283, 36875
.   : milestone, 36579,
appsec (47.264 ms) : 46835, 47692
.   : milestone, 47264,
code_origins (45.701 ms) : 45314, 46088
.   : milestone, 45701,
iast (43.208 ms) : 42838, 43577
.   : milestone, 43208,
profiling (47.908 ms) : 47455, 48360
.   : milestone, 47908,
tracing (43.866 ms) : 43482, 44251
.   : milestone, 43866,
section candidate
no_agent (37.118 ms) : 36820, 37416
.   : milestone, 37118,
appsec (46.73 ms) : 46309, 47151
.   : milestone, 46730,
code_origins (45.146 ms) : 44763, 45529
.   : milestone, 45146,
iast (42.842 ms) : 42466, 43219
.   : milestone, 42842,
profiling (50.59 ms) : 50114, 51067
.   : milestone, 50590,
tracing (43.974 ms) : 43611, 44337
.   : milestone, 43974,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	36.579 ms [36.283 ms, 36.875 ms]	-
appsec	47.264 ms [46.835 ms, 47.692 ms]	10.685 ms (29.2%)
code_origins	45.701 ms [45.314 ms, 46.088 ms]	9.122 ms (24.9%)
iast	43.208 ms [42.838 ms, 43.577 ms]	6.628 ms (18.1%)
profiling	47.908 ms [47.455 ms, 48.36 ms]	11.329 ms (31.0%)
tracing	43.866 ms [43.482 ms, 44.251 ms]	7.287 ms (19.9%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	37.118 ms [36.82 ms, 37.416 ms]	-
appsec	46.73 ms [46.309 ms, 47.151 ms]	9.612 ms (25.9%)
code_origins	45.146 ms [44.763 ms, 45.529 ms]	8.028 ms (21.6%)
iast	42.842 ms [42.466 ms, 43.219 ms]	5.725 ms (15.4%)
profiling	50.59 ms [50.114 ms, 51.067 ms]	13.473 ms (36.3%)
tracing	43.974 ms [43.611 ms, 44.337 ms]	6.856 ms (18.5%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	malvarez/vertx-response-extraction
git_commit_date	1750835724	1750835738
git_commit_sha	c065926	bd96ea3
release_version	1.51.0-SNAPSHOT~c0659266e2	1.51.0-SNAPSHOT~bd96ea3c17

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1750837747	1750837747
ci_job_id	997274121	997274121
ci_pipeline_id	68693975	68693975
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-6z7wq9aq-project-304-concurrent-0-a4h098bf 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-6z7wq9aq-project-304-concurrent-0-a4h098bf 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~bd96ea3c17, baseline=1.51.0-SNAPSHOT~c0659266e2
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.883 s) : 14883000, 14883000
.   : milestone, 14883000,
appsec (14.617 s) : 14617000, 14617000
.   : milestone, 14617000,
iast (18.319 s) : 18319000, 18319000
.   : milestone, 18319000,
iast_GLOBAL (17.867 s) : 17867000, 17867000
.   : milestone, 17867000,
profiling (15.205 s) : 15205000, 15205000
.   : milestone, 15205000,
tracing (15.054 s) : 15054000, 15054000
.   : milestone, 15054000,
section candidate
no_agent (15.529 s) : 15529000, 15529000
.   : milestone, 15529000,
appsec (14.95 s) : 14950000, 14950000
.   : milestone, 14950000,
iast (18.283 s) : 18283000, 18283000
.   : milestone, 18283000,
iast_GLOBAL (17.863 s) : 17863000, 17863000
.   : milestone, 17863000,
profiling (15.915 s) : 15915000, 15915000
.   : milestone, 15915000,
tracing (14.601 s) : 14601000, 14601000
.   : milestone, 14601000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.883 s [14.883 s, 14.883 s]	-
appsec	14.617 s [14.617 s, 14.617 s]	-266.0 ms (-1.8%)
iast	18.319 s [18.319 s, 18.319 s]	3.436 s (23.1%)
iast_GLOBAL	17.867 s [17.867 s, 17.867 s]	2.984 s (20.0%)
profiling	15.205 s [15.205 s, 15.205 s]	322.0 ms (2.2%)
tracing	15.054 s [15.054 s, 15.054 s]	171.0 ms (1.1%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.529 s [15.529 s, 15.529 s]	-
appsec	14.95 s [14.95 s, 14.95 s]	-579.0 ms (-3.7%)
iast	18.283 s [18.283 s, 18.283 s]	2.754 s (17.7%)
iast_GLOBAL	17.863 s [17.863 s, 17.863 s]	2.334 s (15.0%)
profiling	15.915 s [15.915 s, 15.915 s]	386.0 ms (2.5%)
tracing	14.601 s [14.601 s, 14.601 s]	-928.0 ms (-6.0%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~bd96ea3c17, baseline=1.51.0-SNAPSHOT~c0659266e2
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.483 ms) : 1471, 1495
.   : milestone, 1483,
appsec (2.408 ms) : 2359, 2456
.   : milestone, 2408,
iast (2.192 ms) : 2131, 2253
.   : milestone, 2192,
iast_GLOBAL (2.234 ms) : 2172, 2295
.   : milestone, 2234,
profiling (2.039 ms) : 1990, 2089
.   : milestone, 2039,
tracing (2.002 ms) : 1954, 2049
.   : milestone, 2002,
section candidate
no_agent (1.479 ms) : 1468, 1491
.   : milestone, 1479,
appsec (2.406 ms) : 2358, 2455
.   : milestone, 2406,
iast (2.189 ms) : 2128, 2250
.   : milestone, 2189,
iast_GLOBAL (2.239 ms) : 2178, 2301
.   : milestone, 2239,
profiling (2.029 ms) : 1980, 2078
.   : milestone, 2029,
tracing (2.021 ms) : 1974, 2069
.   : milestone, 2021,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.483 ms [1.471 ms, 1.495 ms]	-
appsec	2.408 ms [2.359 ms, 2.456 ms]	924.685 µs (62.4%)
iast	2.192 ms [2.131 ms, 2.253 ms]	709.086 µs (47.8%)
iast_GLOBAL	2.234 ms [2.172 ms, 2.295 ms]	750.686 µs (50.6%)
profiling	2.039 ms [1.99 ms, 2.089 ms]	556.266 µs (37.5%)
tracing	2.002 ms [1.954 ms, 2.049 ms]	518.647 µs (35.0%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.479 ms [1.468 ms, 1.491 ms]	-
appsec	2.406 ms [2.358 ms, 2.455 ms]	927.144 µs (62.7%)
iast	2.189 ms [2.128 ms, 2.25 ms]	709.651 µs (48.0%)
iast_GLOBAL	2.239 ms [2.178 ms, 2.301 ms]	760.029 µs (51.4%)
profiling	2.029 ms [1.98 ms, 2.078 ms]	550.047 µs (37.2%)
tracing	2.021 ms [1.974 ms, 2.069 ms]	541.891 µs (36.6%)

[jandro996]

Correct me if I'm wrong but I feel that we are missing this part of the RFC

DD_API_SECURITY_PARSE_RESPONSE_BODY: this is a configuration option which libraries with the ability to parse the response body must implement to allow the user to disable this feature. With a true, or equivalent value, response body parsing should be enabled. If implemented, the default value of this configuration option must be true.

There is also a system test that validates this
tests/appsec/api_security/test_schemas.py::Test_Schema_Response_Body_env_var::test_request_method

[manuel-alvarez-alvarez]

Correct me if I'm wrong but I feel that we are missing this part of the RFC

DD_API_SECURITY_PARSE_RESPONSE_BODY: this is a configuration option which libraries with the ability to parse the response body must implement to allow the user to disable this feature. With a true, or equivalent value, response body parsing should be enabled. If implemented, the default value of this configuration option must be true.

There is also a system test that validates this tests/appsec/api_security/test_schemas.py::Test_Schema_Response_Body_env_var::test_request_method

Yep, parsing the body is not going to be implemented in the library at the moment.

[jandro996]

LGTM! just a bunch of questions