Skip to content

feat(appsec): expose server.io.fs.file_write address for write file operations#11084

Open
jandro996 wants to merge 8 commits intomasterfrom
alejandro.gonzalez/APPSEC-61874
Open

feat(appsec): expose server.io.fs.file_write address for write file operations#11084
jandro996 wants to merge 8 commits intomasterfrom
alejandro.gonzalez/APPSEC-61874

Conversation

@jandro996
Copy link
Copy Markdown
Member

@jandro996 jandro996 commented Apr 13, 2026
edited
Loading

What Does This Do

  • Adds server.io.fs.file_write as a new IG address, distinct from the existing server.io.fs.file (reads)
  • FileOutputStream call sites now publish both server.io.fs.file and server.io.fs.file_write via a new fileWritten() event; read call sites (FileInputStream, File,
    Path) remain on server.io.fs.file only
  • Adds the dog-920-110 Zipslip detection rule (from DataDog/appsec-event-rules#282) which requires both a .zip upload and a path-traversal write

Address behaviour per operation

Operation server.io.fs.file server.io.fs.file_write
Read (FileInputStream, File, Path)
Write (FileOutputStream) ✓ (backwards compat) ✓ (new)

Additional Notes

Write operations continue to publish server.io.fs.file in addition to the new server.io.fs.file_write. This preserves backwards compatibility: existing rules such as
rasp-930-100 (LFI exploit, lfi_detector@v2) keep firing for write operations without any rule changes. New rules can use server.io.fs.file_write to target writes
specifically.

Contributor Checklist

Jira Ticket: APPSEC-61874

@jandro996
feat(appsec): expose server.io.fs.file_write address for write file o…
41a1d29 
…perations

FileOutputStream call sites now publish server.io.fs.file_write instead of
server.io.fs.file, allowing detection rules to distinguish between read and
write operations. Adds the dog-920-110 Zipslip rule that uses the new address.
@jandro996 jandro996 added type: enhancement Enhancements and improvements comp: asm waf Application Security Management (WAF) labels Apr 13, 2026
@jandro996
refactor: rename FileLoadedRaspHelper to FileIORaspHelper
51f5aa8 
The class now handles both read and write file operations so the old
name was misleading. FileIORaspHelper better reflects its responsibility.
@jandro996
fix(appsec): publish server.io.fs.file alongside server.io.fs.file_wr…
5070900 
…ite on writes

File write events now populate both addresses so that existing rules using
server.io.fs.file continue to fire for write operations, while new rules can
use server.io.fs.file_write to target writes specifically.
@jandro996
Fix CI test failures for file_write RASP event
cff741f 
- Add FILE_WRITTEN_ID to InstrumentationGateway callback-wrapping switch so
  exceptions in fileWritten() callbacks are properly caught (fixes
  InstrumentationGatewayTest#testThrowableBlocking)
- Change rasp-930-101 smoke test rule from lfi_detector to match_regex
  operator, since lfi_detector only supports server.io.fs.file as
  resource address; match_regex on server.io.fs.file_write with
  path-traversal regex correctly detects ../../../etc/passwd patterns
@jandro996
ci: retrigger pipeline
ffe4802
@jandro996
ci: retrigger pipeline
1ab7899
@pr-commenter
Copy link
Copy Markdown

pr-commenter bot commented Apr 13, 2026
edited
Loading

Benchmarks

⚠️ Warning: Baseline build not found for merge-base commit. Comparing against the latest commit on master instead.

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/APPSEC-61874
git_commit_date 1775834061 1776082155
git_commit_sha 5ab378f 26fc058
release_version 1.62.0-SNAPSHOT~5ab378f780 1.62.0-SNAPSHOT~26fc058201
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1776083826 1776083826
ci_job_id 1589219852 1589219852
ci_pipeline_id 107346666 107346666
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-wsr3c2dr 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-wsr3c2dr 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 59 metrics, 12 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.62.0-SNAPSHOT~26fc058201, baseline=1.62.0-SNAPSHOT~5ab378f780

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.058 s) : 0, 1057757
Total [baseline] (8.837 s) : 0, 8837414
Agent [candidate] (1.056 s) : 0, 1055641
Total [candidate] (8.842 s) : 0, 8842047
section iast
Agent [baseline] (1.224 s) : 0, 1224269
Total [baseline] (9.563 s) : 0, 9562601
Agent [candidate] (1.223 s) : 0, 1223013
Total [candidate] (9.542 s) : 0, 9541510
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.058 s -
Agent iast 1.224 s 166.513 ms (15.7%)
Total tracing 8.837 s -
Total iast 9.563 s 725.187 ms (8.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.056 s -
Agent iast 1.223 s 167.372 ms (15.9%)
Total tracing 8.842 s -
Total iast 9.542 s 699.464 ms (7.9%) 
gantt
    title insecure-bank - break down per module: candidate=1.62.0-SNAPSHOT~26fc058201, baseline=1.62.0-SNAPSHOT~5ab378f780

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.233 ms) : 0, 1233
crashtracking [candidate] (1.244 ms) : 0, 1244
BytebuddyAgent [baseline] (632.353 ms) : 0, 632353
BytebuddyAgent [candidate] (631.732 ms) : 0, 631732
AgentMeter [baseline] (29.333 ms) : 0, 29333
AgentMeter [candidate] (29.38 ms) : 0, 29380
GlobalTracer [baseline] (248.728 ms) : 0, 248728
GlobalTracer [candidate] (248.45 ms) : 0, 248450
AppSec [baseline] (32.106 ms) : 0, 32106
AppSec [candidate] (32.332 ms) : 0, 32332
Debugger [baseline] (59.236 ms) : 0, 59236
Debugger [candidate] (58.933 ms) : 0, 58933
Remote Config [baseline] (603.363 µs) : 0, 603
Remote Config [candidate] (590.028 µs) : 0, 590
Telemetry [baseline] (8.057 ms) : 0, 8057
Telemetry [candidate] (8.007 ms) : 0, 8007
Flare Poller [baseline] (9.896 ms) : 0, 9896
Flare Poller [candidate] (8.885 ms) : 0, 8885
section iast
crashtracking [baseline] (1.232 ms) : 0, 1232
crashtracking [candidate] (1.228 ms) : 0, 1228
BytebuddyAgent [baseline] (801.484 ms) : 0, 801484
BytebuddyAgent [candidate] (802.003 ms) : 0, 802003
AgentMeter [baseline] (11.362 ms) : 0, 11362
AgentMeter [candidate] (11.379 ms) : 0, 11379
GlobalTracer [baseline] (239.453 ms) : 0, 239453
GlobalTracer [candidate] (238.431 ms) : 0, 238431
IAST [baseline] (25.868 ms) : 0, 25868
IAST [candidate] (25.838 ms) : 0, 25838
AppSec [baseline] (30.416 ms) : 0, 30416
AppSec [candidate] (31.122 ms) : 0, 31122
Debugger [baseline] (60.745 ms) : 0, 60745
Debugger [candidate] (60.575 ms) : 0, 60575
Remote Config [baseline] (1.152 ms) : 0, 1152
Remote Config [candidate] (1.081 ms) : 0, 1081
Telemetry [baseline] (12.458 ms) : 0, 12458
Telemetry [candidate] (11.739 ms) : 0, 11739
Flare Poller [baseline] (3.674 ms) : 0, 3674
Flare Poller [candidate] (3.446 ms) : 0, 3446
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.62.0-SNAPSHOT~26fc058201, baseline=1.62.0-SNAPSHOT~5ab378f780

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.057 s) : 0, 1056826
Total [baseline] (11.089 s) : 0, 11088941
Agent [candidate] (1.055 s) : 0, 1054879
Total [candidate] (11.128 s) : 0, 11127594
section appsec
Agent [baseline] (1.244 s) : 0, 1243849
Total [baseline] (11.162 s) : 0, 11161965
Agent [candidate] (1.255 s) : 0, 1254591
Total [candidate] (11.115 s) : 0, 11115269
section iast
Agent [baseline] (1.224 s) : 0, 1224381
Total [baseline] (11.279 s) : 0, 11279321
Agent [candidate] (1.224 s) : 0, 1223722
Total [candidate] (11.303 s) : 0, 11303222
section profiling
Agent [baseline] (1.185 s) : 0, 1185183
Total [baseline] (11.169 s) : 0, 11168836
Agent [candidate] (1.181 s) : 0, 1180917
Total [candidate] (11.153 s) : 0, 11153161
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.057 s -
Agent appsec 1.244 s 187.023 ms (17.7%)
Agent iast 1.224 s 167.555 ms (15.9%)
Agent profiling 1.185 s 128.357 ms (12.1%)
Total tracing 11.089 s -
Total appsec 11.162 s 73.024 ms (0.7%)
Total iast 11.279 s 190.38 ms (1.7%)
Total profiling 11.169 s 79.895 ms (0.7%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.055 s -
Agent appsec 1.255 s 199.712 ms (18.9%)
Agent iast 1.224 s 168.843 ms (16.0%)
Agent profiling 1.181 s 126.038 ms (11.9%)
Total tracing 11.128 s -
Total appsec 11.115 s -12.325 ms (-0.1%)
Total iast 11.303 s 175.628 ms (1.6%)
Total profiling 11.153 s 25.567 ms (0.2%) 
gantt
    title petclinic - break down per module: candidate=1.62.0-SNAPSHOT~26fc058201, baseline=1.62.0-SNAPSHOT~5ab378f780

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.225 ms) : 0, 1225
crashtracking [candidate] (1.216 ms) : 0, 1216
BytebuddyAgent [baseline] (631.903 ms) : 0, 631903
BytebuddyAgent [candidate] (630.812 ms) : 0, 630812
AgentMeter [baseline] (29.336 ms) : 0, 29336
AgentMeter [candidate] (29.341 ms) : 0, 29341
GlobalTracer [baseline] (248.816 ms) : 0, 248816
GlobalTracer [candidate] (249.443 ms) : 0, 249443
AppSec [baseline] (31.925 ms) : 0, 31925
AppSec [candidate] (32.47 ms) : 0, 32470
Debugger [baseline] (59.807 ms) : 0, 59807
Debugger [candidate] (60.191 ms) : 0, 60191
Remote Config [baseline] (598.485 µs) : 0, 598
Remote Config [candidate] (617.226 µs) : 0, 617
Telemetry [baseline] (8.048 ms) : 0, 8048
Telemetry [candidate] (8.116 ms) : 0, 8116
Flare Poller [baseline] (9.077 ms) : 0, 9077
Flare Poller [candidate] (6.702 ms) : 0, 6702
section appsec
crashtracking [baseline] (1.214 ms) : 0, 1214
crashtracking [candidate] (1.242 ms) : 0, 1242
BytebuddyAgent [baseline] (659.386 ms) : 0, 659386
BytebuddyAgent [candidate] (665.626 ms) : 0, 665626
AgentMeter [baseline] (11.981 ms) : 0, 11981
AgentMeter [candidate] (12.145 ms) : 0, 12145
GlobalTracer [baseline] (248.526 ms) : 0, 248526
GlobalTracer [candidate] (250.127 ms) : 0, 250127
AppSec [baseline] (183.854 ms) : 0, 183854
AppSec [candidate] (185.313 ms) : 0, 185313
Debugger [baseline] (65.556 ms) : 0, 65556
Debugger [candidate] (66.352 ms) : 0, 66352
Remote Config [baseline] (614.772 µs) : 0, 615
Remote Config [candidate] (603.621 µs) : 0, 604
Telemetry [baseline] (8.569 ms) : 0, 8569
Telemetry [candidate] (8.484 ms) : 0, 8484
Flare Poller [baseline] (3.515 ms) : 0, 3515
Flare Poller [candidate] (3.54 ms) : 0, 3540
IAST [baseline] (24.449 ms) : 0, 24449
IAST [candidate] (24.702 ms) : 0, 24702
section iast
crashtracking [baseline] (1.226 ms) : 0, 1226
crashtracking [candidate] (1.241 ms) : 0, 1241
BytebuddyAgent [baseline] (799.722 ms) : 0, 799722
BytebuddyAgent [candidate] (800.193 ms) : 0, 800193
AgentMeter [baseline] (11.448 ms) : 0, 11448
AgentMeter [candidate] (11.415 ms) : 0, 11415
GlobalTracer [baseline] (240.456 ms) : 0, 240456
GlobalTracer [candidate] (239.207 ms) : 0, 239207
AppSec [baseline] (31.884 ms) : 0, 31884
AppSec [candidate] (30.561 ms) : 0, 30561
Debugger [baseline] (61.339 ms) : 0, 61339
Debugger [candidate] (62.305 ms) : 0, 62305
Remote Config [baseline] (548.713 µs) : 0, 549
Remote Config [candidate] (1.095 ms) : 0, 1095
Telemetry [baseline] (11.904 ms) : 0, 11904
Telemetry [candidate] (12.384 ms) : 0, 12384
Flare Poller [baseline] (3.435 ms) : 0, 3435
Flare Poller [candidate] (3.471 ms) : 0, 3471
IAST [baseline] (25.942 ms) : 0, 25942
IAST [candidate] (25.822 ms) : 0, 25822
section profiling
ProfilingAgent [baseline] (95.14 ms) : 0, 95140
ProfilingAgent [candidate] (93.89 ms) : 0, 93890
crashtracking [baseline] (1.171 ms) : 0, 1171
crashtracking [candidate] (1.173 ms) : 0, 1173
BytebuddyAgent [baseline] (691.119 ms) : 0, 691119
BytebuddyAgent [candidate] (688.78 ms) : 0, 688780
AgentMeter [baseline] (9.067 ms) : 0, 9067
AgentMeter [candidate] (9.139 ms) : 0, 9139
GlobalTracer [baseline] (207.046 ms) : 0, 207046
GlobalTracer [candidate] (206.563 ms) : 0, 206563
AppSec [baseline] (32.577 ms) : 0, 32577
AppSec [candidate] (32.782 ms) : 0, 32782
Debugger [baseline] (65.863 ms) : 0, 65863
Debugger [candidate] (65.541 ms) : 0, 65541
Remote Config [baseline] (573.592 µs) : 0, 574
Remote Config [candidate] (581.568 µs) : 0, 582
Telemetry [baseline] (7.839 ms) : 0, 7839
Telemetry [candidate] (7.84 ms) : 0, 7840
Flare Poller [baseline] (3.554 ms) : 0, 3554
Flare Poller [candidate] (3.599 ms) : 0, 3599
Profiling [baseline] (95.728 ms) : 0, 95728
Profiling [candidate] (94.456 ms) : 0, 94456
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/APPSEC-61874
git_commit_date 1775834061 1776082155
git_commit_sha 5ab378f 26fc058
release_version 1.62.0-SNAPSHOT~5ab378f780 1.62.0-SNAPSHOT~26fc058201
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1776084394 1776084394
ci_job_id 1589219853 1589219853
ci_pipeline_id 107346666 107346666
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-h7nl0fcb 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-h7nl0fcb 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 1 performance regressions! Performance is the same for 18 metrics, 17 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:petclinic:profiling:high_load worse
[+1.031ms; +1.976ms] or [+5.783%; +11.078%]		 unsure
[+0.439ms; +1.909ms] or [+1.495%; +6.497%]		 unstable
[-45.744op/s; +13.494op/s] or [-17.895%; +5.279%]		 19.340ms 30.549ms 239.500op/s 17.836ms 29.375ms 255.625op/s
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~26fc058201, baseline=1.62.0-SNAPSHOT~5ab378f780
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.233 ms) : 1221, 1245
.   : milestone, 1233,
iast (3.319 ms) : 3274, 3363
.   : milestone, 3319,
iast_FULL (6.154 ms) : 6090, 6218
.   : milestone, 6154,
iast_GLOBAL (3.665 ms) : 3608, 3722
.   : milestone, 3665,
profiling (2.262 ms) : 2240, 2285
.   : milestone, 2262,
tracing (1.866 ms) : 1851, 1882
.   : milestone, 1866,
section candidate
no_agent (1.231 ms) : 1220, 1243
.   : milestone, 1231,
iast (3.418 ms) : 3368, 3467
.   : milestone, 3418,
iast_FULL (6.076 ms) : 6014, 6138
.   : milestone, 6076,
iast_GLOBAL (3.658 ms) : 3596, 3720
.   : milestone, 3658,
profiling (2.374 ms) : 2352, 2397
.   : milestone, 2374,
tracing (1.846 ms) : 1831, 1861
.   : milestone, 1846,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.233 ms [1.221 ms, 1.245 ms] -
iast 3.319 ms [3.274 ms, 3.363 ms] 2.086 ms (169.2%)
iast_FULL 6.154 ms [6.09 ms, 6.218 ms] 4.921 ms (399.2%)
iast_GLOBAL 3.665 ms [3.608 ms, 3.722 ms] 2.432 ms (197.2%)
profiling 2.262 ms [2.24 ms, 2.285 ms] 1.029 ms (83.5%)
tracing 1.866 ms [1.851 ms, 1.882 ms] 633.455 µs (51.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.231 ms [1.22 ms, 1.243 ms] -
iast 3.418 ms [3.368 ms, 3.467 ms] 2.186 ms (177.5%)
iast_FULL 6.076 ms [6.014 ms, 6.138 ms] 4.845 ms (393.4%)
iast_GLOBAL 3.658 ms [3.596 ms, 3.72 ms] 2.427 ms (197.1%)
profiling 2.374 ms [2.352 ms, 2.397 ms] 1.143 ms (92.8%)
tracing 1.846 ms [1.831 ms, 1.861 ms] 614.514 µs (49.9%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~26fc058201, baseline=1.62.0-SNAPSHOT~5ab378f780
    dateFormat X
    axisFormat %s
section baseline
no_agent (19.587 ms) : 19386, 19788
.   : milestone, 19587,
appsec (18.788 ms) : 18599, 18976
.   : milestone, 18788,
code_origins (18.152 ms) : 17972, 18333
.   : milestone, 18152,
iast (18.322 ms) : 18140, 18503
.   : milestone, 18322,
profiling (18.252 ms) : 18071, 18433
.   : milestone, 18252,
tracing (18.195 ms) : 18015, 18375
.   : milestone, 18195,
section candidate
no_agent (19.378 ms) : 19179, 19576
.   : milestone, 19378,
appsec (18.813 ms) : 18626, 19000
.   : milestone, 18813,
code_origins (18.16 ms) : 17983, 18336
.   : milestone, 18160,
iast (18.368 ms) : 18183, 18553
.   : milestone, 18368,
profiling (19.489 ms) : 19292, 19685
.   : milestone, 19489,
tracing (17.859 ms) : 17684, 18034
.   : milestone, 17859,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.587 ms [19.386 ms, 19.788 ms] -
appsec 18.788 ms [18.599 ms, 18.976 ms] -799.042 µs (-4.1%)
code_origins 18.152 ms [17.972 ms, 18.333 ms] -1.434 ms (-7.3%)
iast 18.322 ms [18.14 ms, 18.503 ms] -1.265 ms (-6.5%)
profiling 18.252 ms [18.071 ms, 18.433 ms] -1.335 ms (-6.8%)
tracing 18.195 ms [18.015 ms, 18.375 ms] -1.392 ms (-7.1%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.378 ms [19.179 ms, 19.576 ms] -
appsec 18.813 ms [18.626 ms, 19.0 ms] -564.59 µs (-2.9%)
code_origins 18.16 ms [17.983 ms, 18.336 ms] -1.218 ms (-6.3%)
iast 18.368 ms [18.183 ms, 18.553 ms] -1.009 ms (-5.2%)
profiling 19.489 ms [19.292 ms, 19.685 ms] 110.901 µs (0.6%)
tracing 17.859 ms [17.684 ms, 18.034 ms] -1.519 ms (-7.8%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/APPSEC-61874
git_commit_date 1775834061 1776082155
git_commit_sha 5ab378f 26fc058
release_version 1.62.0-SNAPSHOT~5ab378f780 1.62.0-SNAPSHOT~26fc058201
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1776084074 1776084074
ci_job_id 1589219854 1589219854
ci_pipeline_id 107346666 107346666
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-2-z4pfa6wd 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-2-z4pfa6wd 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~26fc058201, baseline=1.62.0-SNAPSHOT~5ab378f780
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.494 ms) : 1483, 1506
.   : milestone, 1494,
appsec (3.834 ms) : 3609, 4058
.   : milestone, 3834,
iast (2.299 ms) : 2229, 2368
.   : milestone, 2299,
iast_GLOBAL (2.34 ms) : 2270, 2410
.   : milestone, 2340,
profiling (2.112 ms) : 2056, 2167
.   : milestone, 2112,
tracing (2.1 ms) : 2047, 2154
.   : milestone, 2100,
section candidate
no_agent (1.497 ms) : 1485, 1509
.   : milestone, 1497,
appsec (3.867 ms) : 3643, 4090
.   : milestone, 3867,
iast (2.285 ms) : 2215, 2354
.   : milestone, 2285,
iast_GLOBAL (2.33 ms) : 2260, 2400
.   : milestone, 2330,
profiling (2.111 ms) : 2056, 2166
.   : milestone, 2111,
tracing (2.095 ms) : 2041, 2149
.   : milestone, 2095,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.494 ms [1.483 ms, 1.506 ms] -
appsec 3.834 ms [3.609 ms, 4.058 ms] 2.339 ms (156.5%)
iast 2.299 ms [2.229 ms, 2.368 ms] 804.2 µs (53.8%)
iast_GLOBAL 2.34 ms [2.27 ms, 2.41 ms] 845.457 µs (56.6%)
profiling 2.112 ms [2.056 ms, 2.167 ms] 617.473 µs (41.3%)
tracing 2.1 ms [2.047 ms, 2.154 ms] 606.041 µs (40.6%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.497 ms [1.485 ms, 1.509 ms] -
appsec 3.867 ms [3.643 ms, 4.09 ms] 2.37 ms (158.3%)
iast 2.285 ms [2.215 ms, 2.354 ms] 787.718 µs (52.6%)
iast_GLOBAL 2.33 ms [2.26 ms, 2.4 ms] 832.721 µs (55.6%)
profiling 2.111 ms [2.056 ms, 2.166 ms] 613.945 µs (41.0%)
tracing 2.095 ms [2.041 ms, 2.149 ms] 598.156 µs (40.0%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~26fc058201, baseline=1.62.0-SNAPSHOT~5ab378f780
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.363 s) : 15363000, 15363000
.   : milestone, 15363000,
appsec (14.465 s) : 14465000, 14465000
.   : milestone, 14465000,
iast (18.666 s) : 18666000, 18666000
.   : milestone, 18666000,
iast_GLOBAL (18.001 s) : 18001000, 18001000
.   : milestone, 18001000,
profiling (14.883 s) : 14883000, 14883000
.   : milestone, 14883000,
tracing (14.726 s) : 14726000, 14726000
.   : milestone, 14726000,
section candidate
no_agent (15.617 s) : 15617000, 15617000
.   : milestone, 15617000,
appsec (14.542 s) : 14542000, 14542000
.   : milestone, 14542000,
iast (18.722 s) : 18722000, 18722000
.   : milestone, 18722000,
iast_GLOBAL (17.87 s) : 17870000, 17870000
.   : milestone, 17870000,
profiling (15.131 s) : 15131000, 15131000
.   : milestone, 15131000,
tracing (15.026 s) : 15026000, 15026000
.   : milestone, 15026000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.363 s [15.363 s, 15.363 s] -
appsec 14.465 s [14.465 s, 14.465 s] -898.0 ms (-5.8%)
iast 18.666 s [18.666 s, 18.666 s] 3.303 s (21.5%)
iast_GLOBAL 18.001 s [18.001 s, 18.001 s] 2.638 s (17.2%)
profiling 14.883 s [14.883 s, 14.883 s] -480.0 ms (-3.1%)
tracing 14.726 s [14.726 s, 14.726 s] -637.0 ms (-4.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.617 s [15.617 s, 15.617 s] -
appsec 14.542 s [14.542 s, 14.542 s] -1.075 s (-6.9%)
iast 18.722 s [18.722 s, 18.722 s] 3.105 s (19.9%)
iast_GLOBAL 17.87 s [17.87 s, 17.87 s] 2.253 s (14.4%)
profiling 15.131 s [15.131 s, 15.131 s] -486.0 ms (-3.1%)
tracing 15.026 s [15.026 s, 15.026 s] -591.0 ms (-3.8%)

@jandro996
fix(appsec-smoke): use lfi_detector for server.io.fs.file_write test …
741deb9 
…rule

match_regex is a WAF operator not evaluated in RASP ephemeral mode.
Switch rasp-930-101 back to lfi_detector with server.io.fs.file_write
as resource — lfi_detector is a RASP operator that works in ephemeral
mode and accepts any string address as the file path resource.
@jandro996
fix(appsec-smoke): simplify LFI write test to use rasp-930-100 trigger
26fc058 
server.io.fs.file_write is a new address not yet registered in the ddwaf
binary as a RASP ephemeral address, so WAF rules using it as a trigger
are not evaluated in RASP mode. The smoke test now verifies that
FileOutputStream write operations are intercepted and blocked by RASP via
the backwards-compat server.io.fs.file address (rasp-930-100), which is
the correct behaviour given the current ddwaf version.
@jandro996 jandro996 marked this pull request as ready for review April 13, 2026 13:15
@jandro996 jandro996 requested review from a team as code owners April 13, 2026 13:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@manuel-alvarez-alvarez manuel-alvarez-alvarez Awaiting requested review from manuel-alvarez-alvarez manuel-alvarez-alvarez is a code owner automatically assigned from DataDog/asm-java

@claponcet claponcet Awaiting requested review from claponcet claponcet is a code owner automatically assigned from DataDog/asm-java

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

comp: asm waf Application Security Management (WAF) type: enhancement Enhancements and improvements

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jandro996