Skip to content

Extract Jersey json body response schemas #9014

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Jun 27, 2025
Merged

Extract Jersey json body response schemas #9014

merged 10 commits into from
Jun 27, 2025

Conversation

jandro996
Copy link
Member

@jandro996 jandro996 commented Jun 20, 2025
edited by jira bot
Loading

What Does This Do

Adds response body extraction for Jersey JSON endpoints to enable automatic API schema discovery and protection by the Web Application Firewall (WAF).

Motivation

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-57909

@jandro996 jandro996 added type: enhancement Enhancements and improvements inst: jax-ws JAX-WS instrumentation comp: asm waf Application Security Management (WAF) labels Jun 20, 2025
@jandro996 jandro996 force-pushed the alejandro.gonzalez/api-sec-jersey-response-schema branch from 3c78ad2 to 2aeb457 Compare June 20, 2025 07:14
@pr-commenter
Copy link

pr-commenter bot commented Jun 20, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/api-sec-jersey-response-schema
git_commit_date 1751033772 1751033791
git_commit_sha 640fc88 0e8d218
release_version 1.51.0-SNAPSHOT~640fc88be4 1.51.0-SNAPSHOT~0e8d21806f
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1751035631 1751035631
ci_job_id 1002536579 1002536579
ci_pipeline_id 68994488 68994488
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-tcrivaq7-project-304-concurrent-0-3pafubkf 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-tcrivaq7-project-304-concurrent-0-3pafubkf 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 45 metrics, 8 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~640fc88be4

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (995.097 ms) : 0, 995097
Total [baseline] (10.536 s) : 0, 10535691
Agent [candidate] (995.476 ms) : 0, 995476
Total [candidate] (10.565 s) : 0, 10564912
section appsec
Agent [baseline] (1.174 s) : 0, 1173561
Total [baseline] (10.707 s) : 0, 10707093
Agent [candidate] (1.174 s) : 0, 1173734
Total [candidate] (10.756 s) : 0, 10755575
section iast
Agent [baseline] (1.131 s) : 0, 1130578
Total [baseline] (10.803 s) : 0, 10802810
Agent [candidate] (1.145 s) : 0, 1145143
Total [candidate] (10.882 s) : 0, 10882481
section profiling
Agent [baseline] (1.253 s) : 0, 1252705
Total [baseline] (10.921 s) : 0, 10920633
Agent [candidate] (1.243 s) : 0, 1242878
Total [candidate] (10.944 s) : 0, 10944177
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 995.097 ms -
Agent appsec 1.174 s 178.464 ms (17.9%)
Agent iast 1.131 s 135.481 ms (13.6%)
Agent profiling 1.253 s 257.608 ms (25.9%)
Total tracing 10.536 s -
Total appsec 10.707 s 171.402 ms (1.6%)
Total iast 10.803 s 267.119 ms (2.5%)
Total profiling 10.921 s 384.941 ms (3.7%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 995.476 ms -
Agent appsec 1.174 s 178.259 ms (17.9%)
Agent iast 1.145 s 149.668 ms (15.0%)
Agent profiling 1.243 s 247.403 ms (24.9%)
Total tracing 10.565 s -
Total appsec 10.756 s 190.664 ms (1.8%)
Total iast 10.882 s 317.569 ms (3.0%)
Total profiling 10.944 s 379.265 ms (3.6%) 
gantt
    title petclinic - break down per module: candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~640fc88be4

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (686.756 ms) : 0, 686756
BytebuddyAgent [candidate] (687.215 ms) : 0, 687215
GlobalTracer [baseline] (242.319 ms) : 0, 242319
GlobalTracer [candidate] (242.445 ms) : 0, 242445
AppSec [baseline] (30.297 ms) : 0, 30297
AppSec [candidate] (30.173 ms) : 0, 30173
Debugger [baseline] (6.063 ms) : 0, 6063
Debugger [candidate] (6.0 ms) : 0, 6000
Remote Config [baseline] (670.375 µs) : 0, 670
Remote Config [candidate] (676.51 µs) : 0, 677
Telemetry [baseline] (8.227 ms) : 0, 8227
Telemetry [candidate] (8.197 ms) : 0, 8197
section appsec
BytebuddyAgent [baseline] (710.17 ms) : 0, 710170
BytebuddyAgent [candidate] (709.853 ms) : 0, 709853
GlobalTracer [baseline] (235.21 ms) : 0, 235210
GlobalTracer [candidate] (235.364 ms) : 0, 235364
IAST [baseline] (21.953 ms) : 0, 21953
IAST [candidate] (21.91 ms) : 0, 21910
AppSec [baseline] (170.931 ms) : 0, 170931
AppSec [candidate] (171.199 ms) : 0, 171199
Debugger [baseline] (5.792 ms) : 0, 5792
Debugger [candidate] (5.816 ms) : 0, 5816
Remote Config [baseline] (626.301 µs) : 0, 626
Remote Config [candidate] (608.401 µs) : 0, 608
Telemetry [baseline] (8.112 ms) : 0, 8112
Telemetry [candidate] (8.178 ms) : 0, 8178
section iast
BytebuddyAgent [baseline] (808.221 ms) : 0, 808221
BytebuddyAgent [candidate] (818.794 ms) : 0, 818794
GlobalTracer [baseline] (232.416 ms) : 0, 232416
GlobalTracer [candidate] (234.516 ms) : 0, 234516
IAST [baseline] (27.581 ms) : 0, 27581
IAST [candidate] (28.209 ms) : 0, 28209
AppSec [baseline] (27.451 ms) : 0, 27451
AppSec [candidate] (28.176 ms) : 0, 28176
Debugger [baseline] (5.789 ms) : 0, 5789
Debugger [candidate] (5.895 ms) : 0, 5895
Remote Config [baseline] (574.128 µs) : 0, 574
Remote Config [candidate] (586.982 µs) : 0, 587
Telemetry [baseline] (7.904 ms) : 0, 7904
Telemetry [candidate] (8.038 ms) : 0, 8038
section profiling
BytebuddyAgent [baseline] (683.217 ms) : 0, 683217
BytebuddyAgent [candidate] (678.146 ms) : 0, 678146
GlobalTracer [baseline] (362.818 ms) : 0, 362818
GlobalTracer [candidate] (360.624 ms) : 0, 360624
AppSec [baseline] (34.017 ms) : 0, 34017
AppSec [candidate] (32.961 ms) : 0, 32961
Debugger [baseline] (6.951 ms) : 0, 6951
Debugger [candidate] (11.18 ms) : 0, 11180
Remote Config [baseline] (676.497 µs) : 0, 676
Remote Config [candidate] (661.248 µs) : 0, 661
Telemetry [baseline] (10.998 ms) : 0, 10998
Telemetry [candidate] (8.005 ms) : 0, 8005
ProfilingAgent [baseline] (104.417 ms) : 0, 104417
ProfilingAgent [candidate] (102.691 ms) : 0, 102691
Profiling [baseline] (104.442 ms) : 0, 104442
Profiling [candidate] (102.715 ms) : 0, 102715
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~640fc88be4

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.003 s) : 0, 1002907
Total [baseline] (8.573 s) : 0, 8572650
Agent [candidate] (1.001 s) : 0, 1001117
Total [candidate] (8.602 s) : 0, 8602042
section iast
Agent [baseline] (1.131 s) : 0, 1130677
Total [baseline] (9.298 s) : 0, 9298275
Agent [candidate] (1.13 s) : 0, 1130439
Total [candidate] (9.252 s) : 0, 9252232
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.003 s -
Agent iast 1.131 s 127.77 ms (12.7%)
Total tracing 8.573 s -
Total iast 9.298 s 725.624 ms (8.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.001 s -
Agent iast 1.13 s 129.322 ms (12.9%)
Total tracing 8.602 s -
Total iast 9.252 s 650.189 ms (7.6%) 
gantt
    title insecure-bank - break down per module: candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~640fc88be4

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (692.814 ms) : 0, 692814
BytebuddyAgent [candidate] (691.642 ms) : 0, 691642
GlobalTracer [baseline] (243.401 ms) : 0, 243401
GlobalTracer [candidate] (242.926 ms) : 0, 242926
AppSec [baseline] (30.659 ms) : 0, 30659
AppSec [candidate] (30.573 ms) : 0, 30573
Debugger [baseline] (6.106 ms) : 0, 6106
Debugger [candidate] (6.096 ms) : 0, 6096
Remote Config [baseline] (672.574 µs) : 0, 673
Remote Config [candidate] (685.301 µs) : 0, 685
Telemetry [baseline] (8.29 ms) : 0, 8290
Telemetry [candidate] (8.292 ms) : 0, 8292
section iast
BytebuddyAgent [baseline] (807.284 ms) : 0, 807284
BytebuddyAgent [candidate] (807.903 ms) : 0, 807903
GlobalTracer [baseline] (232.53 ms) : 0, 232530
GlobalTracer [candidate] (232.462 ms) : 0, 232462
IAST [baseline] (27.229 ms) : 0, 27229
IAST [candidate] (26.77 ms) : 0, 26770
AppSec [baseline] (28.558 ms) : 0, 28558
AppSec [candidate] (28.429 ms) : 0, 28429
Debugger [baseline] (5.841 ms) : 0, 5841
Debugger [candidate] (5.741 ms) : 0, 5741
Remote Config [baseline] (584.601 µs) : 0, 585
Remote Config [candidate] (581.697 µs) : 0, 582
Telemetry [baseline] (7.997 ms) : 0, 7997
Telemetry [candidate] (7.883 ms) : 0, 7883
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/api-sec-jersey-response-schema
git_commit_date 1751030275 1751033791
git_commit_sha 01ada42 0e8d218
release_version 1.51.0-SNAPSHOT~01ada424eb 1.51.0-SNAPSHOT~0e8d21806f
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1751035238 1751035238
ci_job_id 1002536580 1002536580
ci_pipeline_id 68994488 68994488
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-tcrivaq7-project-304-concurrent-1-ercvkeqe 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-tcrivaq7-project-304-concurrent-1-ercvkeqe 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 1 performance regressions! Performance is the same for 9 metrics, 12 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:petclinic:code_origins:high_load worse
[+1.969ms; +2.809ms] or [+4.532%; +6.466%]		 unstable
[-13.356op/s; +2.156op/s] or [-12.403%; +2.002%]		 45.831ms 102.088op/s 43.442ms 107.688op/s
scenario:load:petclinic:profiling:high_load better
[-2.670ms; -1.662ms] or [-5.451%; -3.392%]		 unstable
[-2.913op/s; +11.763op/s] or [-3.049%; +12.312%]		 46.820ms 99.963op/s 48.986ms 95.537op/s
scenario:load:petclinic:tracing:high_load better
[-2.672ms; -1.873ms] or [-5.912%; -4.144%]		 unstable
[-2.322op/s; +13.322op/s] or [-2.244%; +12.872%]		 42.927ms 109.000op/s 45.200ms 103.500op/s
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~01ada424eb
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.251 ms) : 4204, 4298
.   : milestone, 4251,
iast (9.341 ms) : 9175, 9506
.   : milestone, 9341,
iast_FULL (13.978 ms) : 13695, 14261
.   : milestone, 13978,
iast_GLOBAL (9.853 ms) : 9683, 10022
.   : milestone, 9853,
profiling (8.698 ms) : 8557, 8839
.   : milestone, 8698,
tracing (7.624 ms) : 7517, 7732
.   : milestone, 7624,
section candidate
no_agent (4.235 ms) : 4183, 4288
.   : milestone, 4235,
iast (9.076 ms) : 8931, 9222
.   : milestone, 9076,
iast_FULL (14.095 ms) : 13813, 14376
.   : milestone, 14095,
iast_GLOBAL (10.11 ms) : 9933, 10287
.   : milestone, 10110,
profiling (8.603 ms) : 8472, 8733
.   : milestone, 8603,
tracing (7.627 ms) : 7510, 7743
.   : milestone, 7627,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.251 ms [4.204 ms, 4.298 ms] -
iast 9.341 ms [9.175 ms, 9.506 ms] 5.09 ms (119.7%)
iast_FULL 13.978 ms [13.695 ms, 14.261 ms] 9.727 ms (228.8%)
iast_GLOBAL 9.853 ms [9.683 ms, 10.022 ms] 5.602 ms (131.8%)
profiling 8.698 ms [8.557 ms, 8.839 ms] 4.448 ms (104.6%)
tracing 7.624 ms [7.517 ms, 7.732 ms] 3.374 ms (79.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.235 ms [4.183 ms, 4.288 ms] -
iast 9.076 ms [8.931 ms, 9.222 ms] 4.841 ms (114.3%)
iast_FULL 14.095 ms [13.813 ms, 14.376 ms] 9.859 ms (232.8%)
iast_GLOBAL 10.11 ms [9.933 ms, 10.287 ms] 5.875 ms (138.7%)
profiling 8.603 ms [8.472 ms, 8.733 ms] 4.368 ms (103.1%)
tracing 7.627 ms [7.51 ms, 7.743 ms] 3.391 ms (80.1%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~01ada424eb
    dateFormat X
    axisFormat %s
section baseline
no_agent (37.217 ms) : 36920, 37515
.   : milestone, 37217,
appsec (47.392 ms) : 46971, 47813
.   : milestone, 47392,
code_origins (43.442 ms) : 43072, 43812
.   : milestone, 43442,
iast (44.004 ms) : 43626, 44383
.   : milestone, 44004,
profiling (48.986 ms) : 48550, 49423
.   : milestone, 48986,
tracing (45.2 ms) : 44817, 45582
.   : milestone, 45200,
section candidate
no_agent (38.213 ms) : 37906, 38520
.   : milestone, 38213,
appsec (47.126 ms) : 46705, 47548
.   : milestone, 47126,
code_origins (45.831 ms) : 45421, 46240
.   : milestone, 45831,
iast (44.227 ms) : 43839, 44614
.   : milestone, 44227,
profiling (46.82 ms) : 46322, 47319
.   : milestone, 46820,
tracing (42.927 ms) : 42567, 43286
.   : milestone, 42927,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 37.217 ms [36.92 ms, 37.515 ms] -
appsec 47.392 ms [46.971 ms, 47.813 ms] 10.175 ms (27.3%)
code_origins 43.442 ms [43.072 ms, 43.812 ms] 6.224 ms (16.7%)
iast 44.004 ms [43.626 ms, 44.383 ms] 6.787 ms (18.2%)
profiling 48.986 ms [48.55 ms, 49.423 ms] 11.769 ms (31.6%)
tracing 45.2 ms [44.817 ms, 45.582 ms] 7.982 ms (21.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 38.213 ms [37.906 ms, 38.52 ms] -
appsec 47.126 ms [46.705 ms, 47.548 ms] 8.913 ms (23.3%)
code_origins 45.831 ms [45.421 ms, 46.24 ms] 7.617 ms (19.9%)
iast 44.227 ms [43.839 ms, 44.614 ms] 6.013 ms (15.7%)
profiling 46.82 ms [46.322 ms, 47.319 ms] 8.607 ms (22.5%)
tracing 42.927 ms [42.567 ms, 43.286 ms] 4.714 ms (12.3%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/api-sec-jersey-response-schema
git_commit_date 1751033772 1751033791
git_commit_sha 640fc88 0e8d218
release_version 1.51.0-SNAPSHOT~640fc88be4 1.51.0-SNAPSHOT~0e8d21806f
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1751035864 1751035864
ci_job_id 1002536581 1002536581
ci_pipeline_id 68994488 68994488
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-bpyswchx-project-304-concurrent-0-p3hqdu8x 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-bpyswchx-project-304-concurrent-0-p3hqdu8x 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~640fc88be4
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.912 s) : 14912000, 14912000
.   : milestone, 14912000,
appsec (14.573 s) : 14573000, 14573000
.   : milestone, 14573000,
iast (18.56 s) : 18560000, 18560000
.   : milestone, 18560000,
iast_GLOBAL (18.001 s) : 18001000, 18001000
.   : milestone, 18001000,
profiling (15.131 s) : 15131000, 15131000
.   : milestone, 15131000,
tracing (14.83 s) : 14830000, 14830000
.   : milestone, 14830000,
section candidate
no_agent (15.007 s) : 15007000, 15007000
.   : milestone, 15007000,
appsec (14.751 s) : 14751000, 14751000
.   : milestone, 14751000,
iast (17.957 s) : 17957000, 17957000
.   : milestone, 17957000,
iast_GLOBAL (17.853 s) : 17853000, 17853000
.   : milestone, 17853000,
profiling (15.183 s) : 15183000, 15183000
.   : milestone, 15183000,
tracing (15.005 s) : 15005000, 15005000
.   : milestone, 15005000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.912 s [14.912 s, 14.912 s] -
appsec 14.573 s [14.573 s, 14.573 s] -339.0 ms (-2.3%)
iast 18.56 s [18.56 s, 18.56 s] 3.648 s (24.5%)
iast_GLOBAL 18.001 s [18.001 s, 18.001 s] 3.089 s (20.7%)
profiling 15.131 s [15.131 s, 15.131 s] 219.0 ms (1.5%)
tracing 14.83 s [14.83 s, 14.83 s] -82.0 ms (-0.5%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.007 s [15.007 s, 15.007 s] -
appsec 14.751 s [14.751 s, 14.751 s] -256.0 ms (-1.7%)
iast 17.957 s [17.957 s, 17.957 s] 2.95 s (19.7%)
iast_GLOBAL 17.853 s [17.853 s, 17.853 s] 2.846 s (19.0%)
profiling 15.183 s [15.183 s, 15.183 s] 176.0 ms (1.2%)
tracing 15.005 s [15.005 s, 15.005 s] -2.0 ms (-0.0%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~640fc88be4
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.485 ms) : 1473, 1496
.   : milestone, 1485,
appsec (2.42 ms) : 2372, 2469
.   : milestone, 2420,
iast (2.191 ms) : 2130, 2253
.   : milestone, 2191,
iast_GLOBAL (2.241 ms) : 2180, 2303
.   : milestone, 2241,
profiling (2.047 ms) : 1997, 2097
.   : milestone, 2047,
tracing (2.015 ms) : 1967, 2062
.   : milestone, 2015,
section candidate
no_agent (1.485 ms) : 1474, 1497
.   : milestone, 1485,
appsec (2.417 ms) : 2368, 2466
.   : milestone, 2417,
iast (2.203 ms) : 2142, 2265
.   : milestone, 2203,
iast_GLOBAL (2.238 ms) : 2177, 2300
.   : milestone, 2238,
profiling (2.042 ms) : 1993, 2092
.   : milestone, 2042,
tracing (2.023 ms) : 1976, 2071
.   : milestone, 2023,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.485 ms [1.473 ms, 1.496 ms] -
appsec 2.42 ms [2.372 ms, 2.469 ms] 935.459 µs (63.0%)
iast 2.191 ms [2.13 ms, 2.253 ms] 706.548 µs (47.6%)
iast_GLOBAL 2.241 ms [2.18 ms, 2.303 ms] 756.504 µs (50.9%)
profiling 2.047 ms [1.997 ms, 2.097 ms] 561.749 µs (37.8%)
tracing 2.015 ms [1.967 ms, 2.062 ms] 530.067 µs (35.7%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.485 ms [1.474 ms, 1.497 ms] -
appsec 2.417 ms [2.368 ms, 2.466 ms] 931.54 µs (62.7%)
iast 2.203 ms [2.142 ms, 2.265 ms] 717.807 µs (48.3%)
iast_GLOBAL 2.238 ms [2.177 ms, 2.3 ms] 752.788 µs (50.7%)
profiling 2.042 ms [1.993 ms, 2.092 ms] 556.999 µs (37.5%)
tracing 2.023 ms [1.976 ms, 2.071 ms] 538.055 µs (36.2%)

@jandro996 jandro996 changed the title Extract Jersdey json body response schemas Extract Jersey json body response schemas Jun 20, 2025
@jandro996 jandro996 mentioned this pull request Jun 20, 2025
Merged
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/vertx-response-extraction branch 9 times, most recently from ac7c355 to bd96ea3 Compare June 25, 2025 07:15
Base automatically changed from malvarez/vertx-response-extraction to master June 25, 2025 08:25
@jandro996 jandro996 force-pushed the alejandro.gonzalez/api-sec-jersey-response-schema branch from 8e2219c to db61f58 Compare June 26, 2025 06:30
@jandro996 jandro996 marked this pull request as ready for review June 27, 2025 05:42
@jandro996 jandro996 requested review from a team as code owners June 27, 2025 05:42
@jandro996 jandro996 requested a review from dougqh June 27, 2025 05:42
manuel-alvarez-alvarez
manuel-alvarez-alvarez reviewed Jun 27, 2025
View reviewed changes
...3/src/main/java/datadog/trace/instrumentation/jakarta3/MessageBodyWriterInstrumentation.java Outdated
@Advice.Argument(4) MediaType mediaType,
@ActiveRequestContext RequestContext reqCtx,
@Advice.Thrown Throwable t) {
if (t != null) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should be building method enter advices this cases, so we don´t write the response to the output (in case it needs to be blocked),

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok!

@jandro996 jandro996 merged commit 46d0949 into master Jun 27, 2025
508 checks passed
@jandro996 jandro996 deleted the alejandro.gonzalez/api-sec-jersey-response-schema branch June 27, 2025 17:55
@github-actions github-actions bot added this to the 1.51.0 milestone Jun 27, 2025
jandro996 added a commit that referenced this pull request Jul 3, 2025
@jandro996
Extract RestEasy json body response schemas (#9015)
5353d51 
What Does This Do
Adds smoke test to probe that response body extraction for RestEasy JSON endpoints to enable automatic API schema discovery and protection by the Web Application Firewall (WAF) was covered with the instrumentation done in #9014

Jira ticket: APPSEC-57916
svc-squareup-copybara pushed a commit to cashapp/misk that referenced this pull request Jul 10, 2025
@github-cash-renovate-jvm-2 @svc-squareup-copybara
This PR contains the following updates:
48e635d 
| Package | Type | Package file | Manager | Update | Change |
|---|---|---|---|---|---|
|
[com.google.errorprone:error_prone_annotations](https://errorprone.info)
([source](https://github.com/google/error-prone)) | dependencies |
misk/gradle/libs.versions.toml | gradle | minor | `2.39.0` -> `2.40.0` |
|
[org.apache.commons:commons-lang3](https://commons.apache.org/proper/commons-lang/)
([source](https://gitbox.apache.org/repos/asf/commons-lang.git)) |
dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`3.17.0` -> `3.18.0` |
|
[org.jetbrains.kotlinx.binary-compatibility-validator](https://github.com/Kotlin/binary-compatibility-validator)
| plugin | misk/gradle/libs.versions.toml | gradle | patch | `0.18.0` ->
`0.18.1` |
| [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java)
| dependencies | misk/gradle/libs.versions.toml | gradle | minor |
`1.50.1` -> `1.51.0` |
| [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
|
[software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava)
| dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |
| [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) |
dependencies | misk/gradle/libs.versions.toml | gradle | patch |
`2.31.77` -> `2.31.78` |

---

### Release Notes

<details>
<summary>google/error-prone
(com.google.errorprone:error_prone_annotations)</summary>

###
[`v2.40.0`](https://github.com/google/error-prone/releases/tag/v2.40.0):
Error Prone 2.40.0

Changes:

- Bug fixes and improvements
- Releases (including snapshots) have migrated from [OSSRH to the
Central Publisher
Portal](https://central.sonatype.org/pages/ossrh-eol/#process-to-migrate)

Full changelog:
google/error-prone@v2.39.0...v2.40.0

</details>

<details>
<summary>Kotlin/binary-compatibility-validator
(org.jetbrains.kotlinx.binary-compatibility-validator)</summary>

###
[`v0.18.1`](https://github.com/Kotlin/binary-compatibility-validator/releases/tag/0.18.1)

[Compare
Source](Kotlin/binary-compatibility-validator@0.18.0...0.18.1)

#### What's Changed

- Fixed a bug preventing use of cross-compilation support during KLIB
dump validation
\[[#&#8203;304](https://github.com/Kotlin/binary-compatibility-validator/issues/304)]\[[#&#8203;306](https://github.com/Kotlin/binary-compatibility-validator/issues/306)]

</details>

<details>
<summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary>

###
[`v1.51.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.51.0):
1.51.0

### Components

#### Application Security Management (IAST)

- 🐛 Fix verify error when ctor params are used after a call site
([#&#8203;9083](DataDog/dd-trace-java#9083) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- 🐛 Limit the maximum size of the location path in IAST
vulnerabilities
([#&#8203;9028](DataDog/dd-trace-java#9028) -
[@&#8203;jandro996](https://github.com/jandro996))
- 🐛 Fix IAST gRPC handler with null superclass
([#&#8203;8984](DataDog/dd-trace-java#8984) -
[@&#8203;smola](https://github.com/smola))
- ✨ Optimize IAST Vulnerability Detection
([#&#8203;8885](DataDog/dd-trace-java#8885) -
[@&#8203;jandro996](https://github.com/jandro996))

#### Application Security Management (WAF)

- ✨ Upgrade libddwaf-java to 15.0.0
([#&#8203;9022](DataDog/dd-trace-java#9022) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))
- ✨ Extract RestEasy json body response schemas
([#&#8203;9015](DataDog/dd-trace-java#9015) -
[@&#8203;jandro996](https://github.com/jandro996))
- ✨ Extract Jersey json body response schemas
([#&#8203;9014](DataDog/dd-trace-java#9014) -
[@&#8203;jandro996](https://github.com/jandro996))
- ✨ Extract Ratpack json body response schemas
([#&#8203;9013](DataDog/dd-trace-java#9013) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Enable API Security by default and make it lazy loading
([#&#8203;9009](DataDog/dd-trace-java#9009) -
[@&#8203;smola](https://github.com/smola))
- ✨ Extract Vert.x json body response schemas
([#&#8203;9001](DataDog/dd-trace-java#9001) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Extract Play json body response schemas
([#&#8203;8995](DataDog/dd-trace-java#8995) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- 🐛 Fix Jackson nodes introspection for request/response schema
extraction
([#&#8203;8980](DataDog/dd-trace-java#8980) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Extract Spring json body response schemas
([#&#8203;8938](DataDog/dd-trace-java#8938) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))
- ✨ Default obfuscation regexp update
([#&#8203;8937](DataDog/dd-trace-java#8937) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

#### Build & Tooling

- ✨ Cancel GitLab running pipeline on new PR push
([#&#8203;9023](DataDog/dd-trace-java#9023) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer))
- ✨ Migrate publishing to Maven Central Portal
([#&#8203;8807](DataDog/dd-trace-java#8807) -
[@&#8203;sarahchen6](https://github.com/sarahchen6))

#### Continuous Integration Visibility

- 🐛 Fix Test Optimization to work with JDK 24
([#&#8203;9114](DataDog/dd-trace-java#9114) -
[@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog))
- ✨ Add repo root as safe directory on git client creation
([#&#8203;9033](DataDog/dd-trace-java#9033) -
[@&#8203;daniel-mohedano](https://github.com/daniel-mohedano))
- ✨ Add PR number tag and improve PR information building
([#&#8203;8990](DataDog/dd-trace-java#8990) -
[@&#8203;daniel-mohedano](https://github.com/daniel-mohedano))
- ✨ Update impacted tests logic
([#&#8203;8923](DataDog/dd-trace-java#8923) -
[@&#8203;daniel-mohedano](https://github.com/daniel-mohedano))

#### Data Streams Monitoring

- 🧹 Clean up DSM context injection
([#&#8203;8776](DataDog/dd-trace-java#8776) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer))

#### Database Monitoring

- 🐛 Set trace\_injected in try block
([#&#8203;9025](DataDog/dd-trace-java#9025) -
[@&#8203;natashadada](https://github.com/natashadada))

#### Dynamic Instrumentation

- 🐛 Add source file tracking enable option
([#&#8203;9115](DataDog/dd-trace-java#9115) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ Add java.util.Date support
([#&#8203;9111](DataDog/dd-trace-java#9111) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ Update file probe format
([#&#8203;9047](DataDog/dd-trace-java#9047) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ add safe local var hoisting
([#&#8203;9034](DataDog/dd-trace-java#9034) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- 🧹 Add new config for debugger upload interval
([#&#8203;8959](DataDog/dd-trace-java#8959) -
[@&#8203;jpbempel](https://github.com/jpbempel))
- ✨ Enable Code Origin with Dynamic instrumentation
([#&#8203;8940](DataDog/dd-trace-java#8940) -
[@&#8203;jpbempel](https://github.com/jpbempel))

#### ML Observability (LLMObs)

- 💡 LLM Observability SDK
([#&#8203;8781](DataDog/dd-trace-java#8781) -
[@&#8203;gary-huang](https://github.com/gary-huang),
[@&#8203;nayeem-kamal](https://github.com/nayeem-kamal))

#### Metrics

- 🐛 Ensure client stat reporter is started when the agent is not
available at bootstrap
([#&#8203;9082](DataDog/dd-trace-java#9082) -
[@&#8203;amarziali](https://github.com/amarziali))
- ✨ Create metric: appsec.waf.config\_errors
([#&#8203;8394](DataDog/dd-trace-java#8394) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

#### Platform components

- ✨ Introduce environment component
([#&#8203;9071](DataDog/dd-trace-java#9071) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer))

#### Profiling

- 🐛 Remove annoying warning for smap event parsing
([#&#8203;9119](DataDog/dd-trace-java#9119) -
[@&#8203;jbachorik](https://github.com/jbachorik))
- 🐛 Fix ByteCountingInputStream when reading past EOF
([#&#8203;8988](DataDog/dd-trace-java#8988) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### Realtime User Monitoring

- ✨ Add RUM SDK injection for servlet based web servers
([#&#8203;9110](DataDog/dd-trace-java#9110) -
[@&#8203;PerfectSlayer](https://github.com/PerfectSlayer)
[@&#8203;amarziali](https://github.com/amarziali))

#### Telemetry

- ✨ Update the config origin metric to match what it's mapping
([#&#8203;9045](DataDog/dd-trace-java#9045) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

#### Testing

- ✨ Add testing for latest stable version (JDK 24)
([#&#8203;8875](DataDog/dd-trace-java#8875) -
[@&#8203;sarahchen6](https://github.com/sarahchen6))

#### Trace context propagation

- 🐛 Fix bug with dropping baggage when
`TracePropagationBehaviorExtract=IGNORE`
([#&#8203;9037](DataDog/dd-trace-java#9037) -
[@&#8203;mhlidd](https://github.com/mhlidd))
- 🐛 Fix ArrayIndexOutOfBoundsException in PercentEscaper
([#&#8203;9032](DataDog/dd-trace-java#9032) -
[@&#8203;mhlidd](https://github.com/mhlidd))

#### Tracer core

- 🐛 Fix `Error` handling for trace interceptors
([#&#8203;9097](DataDog/dd-trace-java#9097) -
[@&#8203;AlexeyKuznetsov-DD](https://github.com/AlexeyKuznetsov-DD))
- 💡 Add wildcard feature for `DD_TRACE_HEADER_TAGS` and enabling
for Http Response headers
([#&#8203;9067](DataDog/dd-trace-java#9067) -
[@&#8203;mhlidd](https://github.com/mhlidd))

#### Tracer public API

- 💡 Add LLM Observability SDK
([#&#8203;8781](DataDog/dd-trace-java#8781) -
[@&#8203;gary-huang](https://github.com/gary-huang))

### Instrumentations

#### Akka instrumentation

- 🐛 Fix NPE in akka-http and pekko-http integrations
([#&#8203;9019](DataDog/dd-trace-java#9019) -
[@&#8203;mcculls](https://github.com/mcculls))

#### Eclipse Vert.x instrumentation

- ✨ Extract Vert.x json body response schemas
([#&#8203;9001](DataDog/dd-trace-java#9001) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))
- ✨ Write http.route tag as soon as possible in vert.x
([#&#8203;8952](DataDog/dd-trace-java#8952) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### JAX-WS instrumentation

- 💡⚠️ Enable jax-ws integration by default
([#&#8203;9030](DataDog/dd-trace-java#9030) -
[@&#8203;bm1549](https://github.com/bm1549))
- ✨ Extract Jersey json body response schemas
([#&#8203;9014](DataDog/dd-trace-java#9014) -
[@&#8203;jandro996](https://github.com/jandro996))

#### Mule instrumentation

- 🐛 Propagate grizzly http span in filters if nothing is active
([#&#8203;9016](DataDog/dd-trace-java#9016) -
[@&#8203;amarziali](https://github.com/amarziali))

#### Play Framework instrumentation

- ✨ Extract Play json body response schemas
([#&#8203;8995](DataDog/dd-trace-java#8995) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### Ratpack instrumentation

- ✨ Extract Ratpack json body response schemas
([#&#8203;9013](DataDog/dd-trace-java#9013) -
[@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez))

#### Spring instrumentation

- ✨ Extract Spring json body response schemas
([#&#8203;8938](DataDog/dd-trace-java#8938) -
[@&#8203;sezen-datadog](https://github.com/sezen-datadog))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am
every weekday" in timezone Australia/Melbourne, Automerge - At any time
(no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://github.com/renovatebot/renovate).

GitOrigin-RevId: 649b690d4c9d7dcb572c457f0802b42b8e3e682e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@dougqh dougqh Awaiting requested review from dougqh dougqh is a code owner automatically assigned from DataDog/apm-java

Assignees
No one assigned
Labels
comp: asm waf Application Security Management (WAF) inst: jax-ws JAX-WS instrumentation type: enhancement Enhancements and improvements
Projects
None yet
Milestone
1.51.0
Development

Successfully merging this pull request may close these issues.
2 participants
@jandro996 @manuel-alvarez-alvarez