Skip to content

Extract Jersey json body response schemas #9014

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Jun 27, 2025
Merged

Extract Jersey json body response schemas #9014

merged 10 commits into from
Jun 27, 2025

Conversation

jandro996
Copy link
Member

@jandro996 jandro996 commented Jun 20, 2025
edited by atlassian bot
Loading

What Does This Do

Adds response body extraction for Jersey JSON endpoints to enable automatic API schema discovery and protection by the Web Application Firewall (WAF).

Motivation

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-57909
@jandro996 jandro996 added type: enhancement Enhancements and improvements inst: jax-ws JAX-WS instrumentation comp: asm waf Application Security Management (WAF) labels Jun 20, 2025
@jandro996 jandro996 force-pushed the alejandro.gonzalez/api-sec-jersey-response-schema branch from 3c78ad2 to 2aeb457 Compare June 20, 2025 07:14
@pr-commenter
Copy link

pr-commenter bot commented Jun 20, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/api-sec-jersey-response-schema
git_commit_date 1751033772 1751033791
git_commit_sha 640fc88 0e8d218
release_version 1.51.0-SNAPSHOT~640fc88be4 1.51.0-SNAPSHOT~0e8d21806f
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1751035631 1751035631
ci_job_id 1002536579 1002536579
ci_pipeline_id 68994488 68994488
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-tcrivaq7-project-304-concurrent-0-3pafubkf 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-tcrivaq7-project-304-concurrent-0-3pafubkf 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 45 metrics, 8 unstable metrics.

Startup time reports for petclinic 
gantt title petclinic - global startup overhead: candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~640fc88be4 dateFormat X axisFormat %s section tracing Agent [baseline] (995.097 ms) : 0, 995097 Total [baseline] (10.536 s) : 0, 10535691 Agent [candidate] (995.476 ms) : 0, 995476 Total [candidate] (10.565 s) : 0, 10564912 section appsec Agent [baseline] (1.174 s) : 0, 1173561 Total [baseline] (10.707 s) : 0, 10707093 Agent [candidate] (1.174 s) : 0, 1173734 Total [candidate] (10.756 s) : 0, 10755575 section iast Agent [baseline] (1.131 s) : 0, 1130578 Total [baseline] (10.803 s) : 0, 10802810 Agent [candidate] (1.145 s) : 0, 1145143 Total [candidate] (10.882 s) : 0, 10882481 section profiling Agent [baseline] (1.253 s) : 0, 1252705 Total [baseline] (10.921 s) : 0, 10920633 Agent [candidate] (1.243 s) : 0, 1242878 Total [candidate] (10.944 s) : 0, 10944177
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 995.097 ms -
Agent appsec 1.174 s 178.464 ms (17.9%)
Agent iast 1.131 s 135.481 ms (13.6%)
Agent profiling 1.253 s 257.608 ms (25.9%)
Total tracing 10.536 s -
Total appsec 10.707 s 171.402 ms (1.6%)
Total iast 10.803 s 267.119 ms (2.5%)
Total profiling 10.921 s 384.941 ms (3.7%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 995.476 ms -
Agent appsec 1.174 s 178.259 ms (17.9%)
Agent iast 1.145 s 149.668 ms (15.0%)
Agent profiling 1.243 s 247.403 ms (24.9%)
Total tracing 10.565 s -
Total appsec 10.756 s 190.664 ms (1.8%)
Total iast 10.882 s 317.569 ms (3.0%)
Total profiling 10.944 s 379.265 ms (3.6%) 
gantt title petclinic - break down per module: candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~640fc88be4 dateFormat X axisFormat %s section tracing BytebuddyAgent [baseline] (686.756 ms) : 0, 686756 BytebuddyAgent [candidate] (687.215 ms) : 0, 687215 GlobalTracer [baseline] (242.319 ms) : 0, 242319 GlobalTracer [candidate] (242.445 ms) : 0, 242445 AppSec [baseline] (30.297 ms) : 0, 30297 AppSec [candidate] (30.173 ms) : 0, 30173 Debugger [baseline] (6.063 ms) : 0, 6063 Debugger [candidate] (6.0 ms) : 0, 6000 Remote Config [baseline] (670.375 µs) : 0, 670 Remote Config [candidate] (676.51 µs) : 0, 677 Telemetry [baseline] (8.227 ms) : 0, 8227 Telemetry [candidate] (8.197 ms) : 0, 8197 section appsec BytebuddyAgent [baseline] (710.17 ms) : 0, 710170 BytebuddyAgent [candidate] (709.853 ms) : 0, 709853 GlobalTracer [baseline] (235.21 ms) : 0, 235210 GlobalTracer [candidate] (235.364 ms) : 0, 235364 IAST [baseline] (21.953 ms) : 0, 21953 IAST [candidate] (21.91 ms) : 0, 21910 AppSec [baseline] (170.931 ms) : 0, 170931 AppSec [candidate] (171.199 ms) : 0, 171199 Debugger [baseline] (5.792 ms) : 0, 5792 Debugger [candidate] (5.816 ms) : 0, 5816 Remote Config [baseline] (626.301 µs) : 0, 626 Remote Config [candidate] (608.401 µs) : 0, 608 Telemetry [baseline] (8.112 ms) : 0, 8112 Telemetry [candidate] (8.178 ms) : 0, 8178 section iast BytebuddyAgent [baseline] (808.221 ms) : 0, 808221 BytebuddyAgent [candidate] (818.794 ms) : 0, 818794 GlobalTracer [baseline] (232.416 ms) : 0, 232416 GlobalTracer [candidate] (234.516 ms) : 0, 234516 IAST [baseline] (27.581 ms) : 0, 27581 IAST [candidate] (28.209 ms) : 0, 28209 AppSec [baseline] (27.451 ms) : 0, 27451 AppSec [candidate] (28.176 ms) : 0, 28176 Debugger [baseline] (5.789 ms) : 0, 5789 Debugger [candidate] (5.895 ms) : 0, 5895 Remote Config [baseline] (574.128 µs) : 0, 574 Remote Config [candidate] (586.982 µs) : 0, 587 Telemetry [baseline] (7.904 ms) : 0, 7904 Telemetry [candidate] (8.038 ms) : 0, 8038 section profiling BytebuddyAgent [baseline] (683.217 ms) : 0, 683217 BytebuddyAgent [candidate] (678.146 ms) : 0, 678146 GlobalTracer [baseline] (362.818 ms) : 0, 362818 GlobalTracer [candidate] (360.624 ms) : 0, 360624 AppSec [baseline] (34.017 ms) : 0, 34017 AppSec [candidate] (32.961 ms) : 0, 32961 Debugger [baseline] (6.951 ms) : 0, 6951 Debugger [candidate] (11.18 ms) : 0, 11180 Remote Config [baseline] (676.497 µs) : 0, 676 Remote Config [candidate] (661.248 µs) : 0, 661 Telemetry [baseline] (10.998 ms) : 0, 10998 Telemetry [candidate] (8.005 ms) : 0, 8005 ProfilingAgent [baseline] (104.417 ms) : 0, 104417 ProfilingAgent [candidate] (102.691 ms) : 0, 102691 Profiling [baseline] (104.442 ms) : 0, 104442 Profiling [candidate] (102.715 ms) : 0, 102715
Loading
Startup time reports for insecure-bank 
gantt title insecure-bank - global startup overhead: candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~640fc88be4 dateFormat X axisFormat %s section tracing Agent [baseline] (1.003 s) : 0, 1002907 Total [baseline] (8.573 s) : 0, 8572650 Agent [candidate] (1.001 s) : 0, 1001117 Total [candidate] (8.602 s) : 0, 8602042 section iast Agent [baseline] (1.131 s) : 0, 1130677 Total [baseline] (9.298 s) : 0, 9298275 Agent [candidate] (1.13 s) : 0, 1130439 Total [candidate] (9.252 s) : 0, 9252232
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.003 s -
Agent iast 1.131 s 127.77 ms (12.7%)
Total tracing 8.573 s -
Total iast 9.298 s 725.624 ms (8.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.001 s -
Agent iast 1.13 s 129.322 ms (12.9%)
Total tracing 8.602 s -
Total iast 9.252 s 650.189 ms (7.6%) 
gantt title insecure-bank - break down per module: candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~640fc88be4 dateFormat X axisFormat %s section tracing BytebuddyAgent [baseline] (692.814 ms) : 0, 692814 BytebuddyAgent [candidate] (691.642 ms) : 0, 691642 GlobalTracer [baseline] (243.401 ms) : 0, 243401 GlobalTracer [candidate] (242.926 ms) : 0, 242926 AppSec [baseline] (30.659 ms) : 0, 30659 AppSec [candidate] (30.573 ms) : 0, 30573 Debugger [baseline] (6.106 ms) : 0, 6106 Debugger [candidate] (6.096 ms) : 0, 6096 Remote Config [baseline] (672.574 µs) : 0, 673 Remote Config [candidate] (685.301 µs) : 0, 685 Telemetry [baseline] (8.29 ms) : 0, 8290 Telemetry [candidate] (8.292 ms) : 0, 8292 section iast BytebuddyAgent [baseline] (807.284 ms) : 0, 807284 BytebuddyAgent [candidate] (807.903 ms) : 0, 807903 GlobalTracer [baseline] (232.53 ms) : 0, 232530 GlobalTracer [candidate] (232.462 ms) : 0, 232462 IAST [baseline] (27.229 ms) : 0, 27229 IAST [candidate] (26.77 ms) : 0, 26770 AppSec [baseline] (28.558 ms) : 0, 28558 AppSec [candidate] (28.429 ms) : 0, 28429 Debugger [baseline] (5.841 ms) : 0, 5841 Debugger [candidate] (5.741 ms) : 0, 5741 Remote Config [baseline] (584.601 µs) : 0, 585 Remote Config [candidate] (581.697 µs) : 0, 582 Telemetry [baseline] (7.997 ms) : 0, 7997 Telemetry [candidate] (7.883 ms) : 0, 7883
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/api-sec-jersey-response-schema
git_commit_date 1751030275 1751033791
git_commit_sha 01ada42 0e8d218
release_version 1.51.0-SNAPSHOT~01ada424eb 1.51.0-SNAPSHOT~0e8d21806f
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1751035238 1751035238
ci_job_id 1002536580 1002536580
ci_pipeline_id 68994488 68994488
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-tcrivaq7-project-304-concurrent-1-ercvkeqe 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-tcrivaq7-project-304-concurrent-1-ercvkeqe 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 1 performance regressions! Performance is the same for 9 metrics, 12 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:petclinic:code_origins:high_load worse
[+1.969ms; +2.809ms] or [+4.532%; +6.466%]		 unstable
[-13.356op/s; +2.156op/s] or [-12.403%; +2.002%]		 45.831ms 102.088op/s 43.442ms 107.688op/s
scenario:load:petclinic:profiling:high_load better
[-2.670ms; -1.662ms] or [-5.451%; -3.392%]		 unstable
[-2.913op/s; +11.763op/s] or [-3.049%; +12.312%]		 46.820ms 99.963op/s 48.986ms 95.537op/s
scenario:load:petclinic:tracing:high_load better
[-2.672ms; -1.873ms] or [-5.912%; -4.144%]		 unstable
[-2.322op/s; +13.322op/s] or [-2.244%; +12.872%]		 42.927ms 109.000op/s 45.200ms 103.500op/s
Request duration reports for insecure-bank 
gantt title insecure-bank - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~01ada424eb dateFormat X axisFormat %s section baseline no_agent (4.251 ms) : 4204, 4298 . : milestone, 4251, iast (9.341 ms) : 9175, 9506 . : milestone, 9341, iast_FULL (13.978 ms) : 13695, 14261 . : milestone, 13978, iast_GLOBAL (9.853 ms) : 9683, 10022 . : milestone, 9853, profiling (8.698 ms) : 8557, 8839 . : milestone, 8698, tracing (7.624 ms) : 7517, 7732 . : milestone, 7624, section candidate no_agent (4.235 ms) : 4183, 4288 . : milestone, 4235, iast (9.076 ms) : 8931, 9222 . : milestone, 9076, iast_FULL (14.095 ms) : 13813, 14376 . : milestone, 14095, iast_GLOBAL (10.11 ms) : 9933, 10287 . : milestone, 10110, profiling (8.603 ms) : 8472, 8733 . : milestone, 8603, tracing (7.627 ms) : 7510, 7743 . : milestone, 7627,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.251 ms [4.204 ms, 4.298 ms] -
iast 9.341 ms [9.175 ms, 9.506 ms] 5.09 ms (119.7%)
iast_FULL 13.978 ms [13.695 ms, 14.261 ms] 9.727 ms (228.8%)
iast_GLOBAL 9.853 ms [9.683 ms, 10.022 ms] 5.602 ms (131.8%)
profiling 8.698 ms [8.557 ms, 8.839 ms] 4.448 ms (104.6%)
tracing 7.624 ms [7.517 ms, 7.732 ms] 3.374 ms (79.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.235 ms [4.183 ms, 4.288 ms] -
iast 9.076 ms [8.931 ms, 9.222 ms] 4.841 ms (114.3%)
iast_FULL 14.095 ms [13.813 ms, 14.376 ms] 9.859 ms (232.8%)
iast_GLOBAL 10.11 ms [9.933 ms, 10.287 ms] 5.875 ms (138.7%)
profiling 8.603 ms [8.472 ms, 8.733 ms] 4.368 ms (103.1%)
tracing 7.627 ms [7.51 ms, 7.743 ms] 3.391 ms (80.1%)
Request duration reports for petclinic 
gantt title petclinic - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~01ada424eb dateFormat X axisFormat %s section baseline no_agent (37.217 ms) : 36920, 37515 . : milestone, 37217, appsec (47.392 ms) : 46971, 47813 . : milestone, 47392, code_origins (43.442 ms) : 43072, 43812 . : milestone, 43442, iast (44.004 ms) : 43626, 44383 . : milestone, 44004, profiling (48.986 ms) : 48550, 49423 . : milestone, 48986, tracing (45.2 ms) : 44817, 45582 . : milestone, 45200, section candidate no_agent (38.213 ms) : 37906, 38520 . : milestone, 38213, appsec (47.126 ms) : 46705, 47548 . : milestone, 47126, code_origins (45.831 ms) : 45421, 46240 . : milestone, 45831, iast (44.227 ms) : 43839, 44614 . : milestone, 44227, profiling (46.82 ms) : 46322, 47319 . : milestone, 46820, tracing (42.927 ms) : 42567, 43286 . : milestone, 42927,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 37.217 ms [36.92 ms, 37.515 ms] -
appsec 47.392 ms [46.971 ms, 47.813 ms] 10.175 ms (27.3%)
code_origins 43.442 ms [43.072 ms, 43.812 ms] 6.224 ms (16.7%)
iast 44.004 ms [43.626 ms, 44.383 ms] 6.787 ms (18.2%)
profiling 48.986 ms [48.55 ms, 49.423 ms] 11.769 ms (31.6%)
tracing 45.2 ms [44.817 ms, 45.582 ms] 7.982 ms (21.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 38.213 ms [37.906 ms, 38.52 ms] -
appsec 47.126 ms [46.705 ms, 47.548 ms] 8.913 ms (23.3%)
code_origins 45.831 ms [45.421 ms, 46.24 ms] 7.617 ms (19.9%)
iast 44.227 ms [43.839 ms, 44.614 ms] 6.013 ms (15.7%)
profiling 46.82 ms [46.322 ms, 47.319 ms] 8.607 ms (22.5%)
tracing 42.927 ms [42.567 ms, 43.286 ms] 4.714 ms (12.3%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/api-sec-jersey-response-schema
git_commit_date 1751033772 1751033791
git_commit_sha 640fc88 0e8d218
release_version 1.51.0-SNAPSHOT~640fc88be4 1.51.0-SNAPSHOT~0e8d21806f
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1751035864 1751035864
ci_job_id 1002536581 1002536581
ci_pipeline_id 68994488 68994488
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-bpyswchx-project-304-concurrent-0-p3hqdu8x 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-bpyswchx-project-304-concurrent-0-p3hqdu8x 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava 
gantt title biojava - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~640fc88be4 dateFormat X axisFormat %s section baseline no_agent (14.912 s) : 14912000, 14912000 . : milestone, 14912000, appsec (14.573 s) : 14573000, 14573000 . : milestone, 14573000, iast (18.56 s) : 18560000, 18560000 . : milestone, 18560000, iast_GLOBAL (18.001 s) : 18001000, 18001000 . : milestone, 18001000, profiling (15.131 s) : 15131000, 15131000 . : milestone, 15131000, tracing (14.83 s) : 14830000, 14830000 . : milestone, 14830000, section candidate no_agent (15.007 s) : 15007000, 15007000 . : milestone, 15007000, appsec (14.751 s) : 14751000, 14751000 . : milestone, 14751000, iast (17.957 s) : 17957000, 17957000 . : milestone, 17957000, iast_GLOBAL (17.853 s) : 17853000, 17853000 . : milestone, 17853000, profiling (15.183 s) : 15183000, 15183000 . : milestone, 15183000, tracing (15.005 s) : 15005000, 15005000 . : milestone, 15005000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.912 s [14.912 s, 14.912 s] -
appsec 14.573 s [14.573 s, 14.573 s] -339.0 ms (-2.3%)
iast 18.56 s [18.56 s, 18.56 s] 3.648 s (24.5%)
iast_GLOBAL 18.001 s [18.001 s, 18.001 s] 3.089 s (20.7%)
profiling 15.131 s [15.131 s, 15.131 s] 219.0 ms (1.5%)
tracing 14.83 s [14.83 s, 14.83 s] -82.0 ms (-0.5%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.007 s [15.007 s, 15.007 s] -
appsec 14.751 s [14.751 s, 14.751 s] -256.0 ms (-1.7%)
iast 17.957 s [17.957 s, 17.957 s] 2.95 s (19.7%)
iast_GLOBAL 17.853 s [17.853 s, 17.853 s] 2.846 s (19.0%)
profiling 15.183 s [15.183 s, 15.183 s] 176.0 ms (1.2%)
tracing 15.005 s [15.005 s, 15.005 s] -2.0 ms (-0.0%)
Execution time for tomcat 
gantt title tomcat - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~0e8d21806f, baseline=1.51.0-SNAPSHOT~640fc88be4 dateFormat X axisFormat %s section baseline no_agent (1.485 ms) : 1473, 1496 . : milestone, 1485, appsec (2.42 ms) : 2372, 2469 . : milestone, 2420, iast (2.191 ms) : 2130, 2253 . : milestone, 2191, iast_GLOBAL (2.241 ms) : 2180, 2303 . : milestone, 2241, profiling (2.047 ms) : 1997, 2097 . : milestone, 2047, tracing (2.015 ms) : 1967, 2062 . : milestone, 2015, section candidate no_agent (1.485 ms) : 1474, 1497 . : milestone, 1485, appsec (2.417 ms) : 2368, 2466 . : milestone, 2417, iast (2.203 ms) : 2142, 2265 . : milestone, 2203, iast_GLOBAL (2.238 ms) : 2177, 2300 . : milestone, 2238, profiling (2.042 ms) : 1993, 2092 . : milestone, 2042, tracing (2.023 ms) : 1976, 2071 . : milestone, 2023,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.485 ms [1.473 ms, 1.496 ms] -
appsec 2.42 ms [2.372 ms, 2.469 ms] 935.459 µs (63.0%)
iast 2.191 ms [2.13 ms, 2.253 ms] 706.548 µs (47.6%)
iast_GLOBAL 2.241 ms [2.18 ms, 2.303 ms] 756.504 µs (50.9%)
profiling 2.047 ms [1.997 ms, 2.097 ms] 561.749 µs (37.8%)
tracing 2.015 ms [1.967 ms, 2.062 ms] 530.067 µs (35.7%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.485 ms [1.474 ms, 1.497 ms] -
appsec 2.417 ms [2.368 ms, 2.466 ms] 931.54 µs (62.7%)
iast 2.203 ms [2.142 ms, 2.265 ms] 717.807 µs (48.3%)
iast_GLOBAL 2.238 ms [2.177 ms, 2.3 ms] 752.788 µs (50.7%)
profiling 2.042 ms [1.993 ms, 2.092 ms] 556.999 µs (37.5%)
tracing 2.023 ms [1.976 ms, 2.071 ms] 538.055 µs (36.2%)
@jandro996 jandro996 changed the title Extract Jersdey json body response schemas Extract Jersey json body response schemas Jun 20, 2025
@jandro996 jandro996 mentioned this pull request Jun 20, 2025
Merged
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/vertx-response-extraction branch 9 times, most recently from ac7c355 to bd96ea3 Compare June 25, 2025 07:15
Base automatically changed from malvarez/vertx-response-extraction to master June 25, 2025 08:25
@jandro996 jandro996 force-pushed the alejandro.gonzalez/api-sec-jersey-response-schema branch from 8e2219c to db61f58 Compare June 26, 2025 06:30
@jandro996 jandro996 marked this pull request as ready for review June 27, 2025 05:42
@jandro996 jandro996 requested review from a team as code owners June 27, 2025 05:42
@jandro996 jandro996 requested a review from dougqh June 27, 2025 05:42
manuel-alvarez-alvarez
manuel-alvarez-alvarez reviewed Jun 27, 2025
View reviewed changes
...3/src/main/java/datadog/trace/instrumentation/jakarta3/MessageBodyWriterInstrumentation.java Outdated
@Advice.Argument(4) MediaType mediaType,
@ActiveRequestContext RequestContext reqCtx,
@Advice.Thrown Throwable t) {
if (t != null) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should be building method enter advices this cases, so we don´t write the response to the output (in case it needs to be blocked),
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok!
@jandro996 jandro996 merged commit 46d0949 into master Jun 27, 2025
508 checks passed
@jandro996 jandro996 deleted the alejandro.gonzalez/api-sec-jersey-response-schema branch June 27, 2025 17:55
@github-actions github-actions bot added this to the 1.51.0 milestone Jun 27, 2025
jandro996 added a commit that referenced this pull request Jul 3, 2025
@jandro996
Extract RestEasy json body response schemas (#9015)
5353d51 
What Does This Do Adds smoke test to probe that response body extraction for RestEasy JSON endpoints to enable automatic API schema discovery and protection by the Web Application Firewall (WAF) was covered with the instrumentation done in #9014 Jira ticket: APPSEC-57916
svc-squareup-copybara pushed a commit to cashapp/misk that referenced this pull request Jul 10, 2025
@github-cash-renovate-jvm-2 @svc-squareup-copybara
This PR contains the following updates:
48e635d 
| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [com.google.errorprone:error_prone_annotations](https://errorprone.info) ([source](https://github.com/google/error-prone)) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.39.0` -> `2.40.0` | | [org.apache.commons:commons-lang3](https://commons.apache.org/proper/commons-lang/) ([source](https://gitbox.apache.org/repos/asf/commons-lang.git)) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.17.0` -> `3.18.0` | | [org.jetbrains.kotlinx.binary-compatibility-validator](https://github.com/Kotlin/binary-compatibility-validator) | plugin | misk/gradle/libs.versions.toml | gradle | patch | `0.18.0` -> `0.18.1` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.50.1` -> `1.51.0` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.77` -> `2.31.78` | | [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.77` -> `2.31.78` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.77` -> `2.31.78` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.77` -> `2.31.78` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.77` -> `2.31.78` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.77` -> `2.31.78` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.77` -> `2.31.78` | --- ### Release Notes <details> <summary>google/error-prone (com.google.errorprone:error_prone_annotations)</summary> ### [`v2.40.0`](https://github.com/google/error-prone/releases/tag/v2.40.0): Error Prone 2.40.0 Changes: - Bug fixes and improvements - Releases (including snapshots) have migrated from [OSSRH to the Central Publisher Portal](https://central.sonatype.org/pages/ossrh-eol/#process-to-migrate) Full changelog: google/error-prone@v2.39.0...v2.40.0 </details> <details> <summary>Kotlin/binary-compatibility-validator (org.jetbrains.kotlinx.binary-compatibility-validator)</summary> ### [`v0.18.1`](https://github.com/Kotlin/binary-compatibility-validator/releases/tag/0.18.1) [Compare Source](Kotlin/binary-compatibility-validator@0.18.0...0.18.1) #### What's Changed - Fixed a bug preventing use of cross-compilation support during KLIB dump validation \[[#&#8203;304](https://github.com/Kotlin/binary-compatibility-validator/issues/304)]\[[#&#8203;306](https://github.com/Kotlin/binary-compatibility-validator/issues/306)] </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.51.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.51.0): 1.51.0 ### Components #### Application Security Management (IAST) - 🐛 Fix verify error when ctor params are used after a call site ([#&#8203;9083](DataDog/dd-trace-java#9083) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - 🐛 Limit the maximum size of the location path in IAST vulnerabilities ([#&#8203;9028](DataDog/dd-trace-java#9028) - [@&#8203;jandro996](https://github.com/jandro996)) - 🐛 Fix IAST gRPC handler with null superclass ([#&#8203;8984](DataDog/dd-trace-java#8984) - [@&#8203;smola](https://github.com/smola)) - ✨ Optimize IAST Vulnerability Detection ([#&#8203;8885](DataDog/dd-trace-java#8885) - [@&#8203;jandro996](https://github.com/jandro996)) #### Application Security Management (WAF) - ✨ Upgrade libddwaf-java to 15.0.0 ([#&#8203;9022](DataDog/dd-trace-java#9022) - [@&#8203;sezen-datadog](https://github.com/sezen-datadog)) - ✨ Extract RestEasy json body response schemas ([#&#8203;9015](DataDog/dd-trace-java#9015) - [@&#8203;jandro996](https://github.com/jandro996)) - ✨ Extract Jersey json body response schemas ([#&#8203;9014](DataDog/dd-trace-java#9014) - [@&#8203;jandro996](https://github.com/jandro996)) - ✨ Extract Ratpack json body response schemas ([#&#8203;9013](DataDog/dd-trace-java#9013) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Enable API Security by default and make it lazy loading ([#&#8203;9009](DataDog/dd-trace-java#9009) - [@&#8203;smola](https://github.com/smola)) - ✨ Extract Vert.x json body response schemas ([#&#8203;9001](DataDog/dd-trace-java#9001) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Extract Play json body response schemas ([#&#8203;8995](DataDog/dd-trace-java#8995) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - 🐛 Fix Jackson nodes introspection for request/response schema extraction ([#&#8203;8980](DataDog/dd-trace-java#8980) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Extract Spring json body response schemas ([#&#8203;8938](DataDog/dd-trace-java#8938) - [@&#8203;sezen-datadog](https://github.com/sezen-datadog)) - ✨ Default obfuscation regexp update ([#&#8203;8937](DataDog/dd-trace-java#8937) - [@&#8203;sezen-datadog](https://github.com/sezen-datadog)) #### Build & Tooling - ✨ Cancel GitLab running pipeline on new PR push ([#&#8203;9023](DataDog/dd-trace-java#9023) - [@&#8203;PerfectSlayer](https://github.com/PerfectSlayer)) - ✨ Migrate publishing to Maven Central Portal ([#&#8203;8807](DataDog/dd-trace-java#8807) - [@&#8203;sarahchen6](https://github.com/sarahchen6)) #### Continuous Integration Visibility - 🐛 Fix Test Optimization to work with JDK 24 ([#&#8203;9114](DataDog/dd-trace-java#9114) - [@&#8203;nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add repo root as safe directory on git client creation ([#&#8203;9033](DataDog/dd-trace-java#9033) - [@&#8203;daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Add PR number tag and improve PR information building ([#&#8203;8990](DataDog/dd-trace-java#8990) - [@&#8203;daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Update impacted tests logic ([#&#8203;8923](DataDog/dd-trace-java#8923) - [@&#8203;daniel-mohedano](https://github.com/daniel-mohedano)) #### Data Streams Monitoring - 🧹 Clean up DSM context injection ([#&#8203;8776](DataDog/dd-trace-java#8776) - [@&#8203;PerfectSlayer](https://github.com/PerfectSlayer)) #### Database Monitoring - 🐛 Set trace\_injected in try block ([#&#8203;9025](DataDog/dd-trace-java#9025) - [@&#8203;natashadada](https://github.com/natashadada)) #### Dynamic Instrumentation - 🐛 Add source file tracking enable option ([#&#8203;9115](DataDog/dd-trace-java#9115) - [@&#8203;jpbempel](https://github.com/jpbempel)) - ✨ Add java.util.Date support ([#&#8203;9111](DataDog/dd-trace-java#9111) - [@&#8203;jpbempel](https://github.com/jpbempel)) - ✨ Update file probe format ([#&#8203;9047](DataDog/dd-trace-java#9047) - [@&#8203;jpbempel](https://github.com/jpbempel)) - ✨ add safe local var hoisting ([#&#8203;9034](DataDog/dd-trace-java#9034) - [@&#8203;jpbempel](https://github.com/jpbempel)) - 🧹 Add new config for debugger upload interval ([#&#8203;8959](DataDog/dd-trace-java#8959) - [@&#8203;jpbempel](https://github.com/jpbempel)) - ✨ Enable Code Origin with Dynamic instrumentation ([#&#8203;8940](DataDog/dd-trace-java#8940) - [@&#8203;jpbempel](https://github.com/jpbempel)) #### ML Observability (LLMObs) - 💡 LLM Observability SDK ([#&#8203;8781](DataDog/dd-trace-java#8781) - [@&#8203;gary-huang](https://github.com/gary-huang), [@&#8203;nayeem-kamal](https://github.com/nayeem-kamal)) #### Metrics - 🐛 Ensure client stat reporter is started when the agent is not available at bootstrap ([#&#8203;9082](DataDog/dd-trace-java#9082) - [@&#8203;amarziali](https://github.com/amarziali)) - ✨ Create metric: appsec.waf.config\_errors ([#&#8203;8394](DataDog/dd-trace-java#8394) - [@&#8203;sezen-datadog](https://github.com/sezen-datadog)) #### Platform components - ✨ Introduce environment component ([#&#8203;9071](DataDog/dd-trace-java#9071) - [@&#8203;PerfectSlayer](https://github.com/PerfectSlayer)) #### Profiling - 🐛 Remove annoying warning for smap event parsing ([#&#8203;9119](DataDog/dd-trace-java#9119) - [@&#8203;jbachorik](https://github.com/jbachorik)) - 🐛 Fix ByteCountingInputStream when reading past EOF ([#&#8203;8988](DataDog/dd-trace-java#8988) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### Realtime User Monitoring - ✨ Add RUM SDK injection for servlet based web servers ([#&#8203;9110](DataDog/dd-trace-java#9110) - [@&#8203;PerfectSlayer](https://github.com/PerfectSlayer) [@&#8203;amarziali](https://github.com/amarziali)) #### Telemetry - ✨ Update the config origin metric to match what it's mapping ([#&#8203;9045](DataDog/dd-trace-java#9045) - [@&#8203;sezen-datadog](https://github.com/sezen-datadog)) #### Testing - ✨ Add testing for latest stable version (JDK 24) ([#&#8203;8875](DataDog/dd-trace-java#8875) - [@&#8203;sarahchen6](https://github.com/sarahchen6)) #### Trace context propagation - 🐛 Fix bug with dropping baggage when `TracePropagationBehaviorExtract=IGNORE` ([#&#8203;9037](DataDog/dd-trace-java#9037) - [@&#8203;mhlidd](https://github.com/mhlidd)) - 🐛 Fix ArrayIndexOutOfBoundsException in PercentEscaper ([#&#8203;9032](DataDog/dd-trace-java#9032) - [@&#8203;mhlidd](https://github.com/mhlidd)) #### Tracer core - 🐛 Fix `Error` handling for trace interceptors ([#&#8203;9097](DataDog/dd-trace-java#9097) - [@&#8203;AlexeyKuznetsov-DD](https://github.com/AlexeyKuznetsov-DD)) - 💡 Add wildcard feature for `DD_TRACE_HEADER_TAGS` and enabling for Http Response headers ([#&#8203;9067](DataDog/dd-trace-java#9067) - [@&#8203;mhlidd](https://github.com/mhlidd)) #### Tracer public API - 💡 Add LLM Observability SDK ([#&#8203;8781](DataDog/dd-trace-java#8781) - [@&#8203;gary-huang](https://github.com/gary-huang)) ### Instrumentations #### Akka instrumentation - 🐛 Fix NPE in akka-http and pekko-http integrations ([#&#8203;9019](DataDog/dd-trace-java#9019) - [@&#8203;mcculls](https://github.com/mcculls)) #### Eclipse Vert.x instrumentation - ✨ Extract Vert.x json body response schemas ([#&#8203;9001](DataDog/dd-trace-java#9001) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Write http.route tag as soon as possible in vert.x ([#&#8203;8952](DataDog/dd-trace-java#8952) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### JAX-WS instrumentation - 💡⚠️ Enable jax-ws integration by default ([#&#8203;9030](DataDog/dd-trace-java#9030) - [@&#8203;bm1549](https://github.com/bm1549)) - ✨ Extract Jersey json body response schemas ([#&#8203;9014](DataDog/dd-trace-java#9014) - [@&#8203;jandro996](https://github.com/jandro996)) #### Mule instrumentation - 🐛 Propagate grizzly http span in filters if nothing is active ([#&#8203;9016](DataDog/dd-trace-java#9016) - [@&#8203;amarziali](https://github.com/amarziali)) #### Play Framework instrumentation - ✨ Extract Play json body response schemas ([#&#8203;8995](DataDog/dd-trace-java#8995) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### Ratpack instrumentation - ✨ Extract Ratpack json body response schemas ([#&#8203;9013](DataDog/dd-trace-java#9013) - [@&#8203;manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### Spring instrumentation - ✨ Extract Spring json body response schemas ([#&#8203;8938](DataDog/dd-trace-java#8938) - [@&#8203;sezen-datadog](https://github.com/sezen-datadog)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 649b690d4c9d7dcb572c457f0802b42b8e3e682e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

comp: asm waf Application Security Management (WAF) inst: jax-ws JAX-WS instrumentation type: enhancement Enhancements and improvements

2 participants

@jandro996 @manuel-alvarez-alvarez