Add IAST taint tracking for DB values

[Mariovido]

What Does This Do

This PR introduces a solution to taint database values. The goal is to detect potential security vulnerabilities, specifically SQL Injection and XSS as a first step. Key changes include:

• New source has been created to differentiate taint values that come from the database: sql.row.value
• Instrumentation of the ResultSet methods that return a String
  • Maximum number of row tainted per ResultSet will be given by this environment variable: DD_IAST_DB_ROWS_TO_TAINT (default 1)
• Detection of the SQL Injection and XSS vulnerabilities with taint values that have the previous source

Motivation

This will increase the number of detections for the first two types of vulnerabilities (SQL Injection and XSS). Apart from that, this will improve our propagation taint tracking.

Additional Notes

See the RFC where this change is documented: RFC

Contributor Checklist

• Format the title according the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any usefull labels
• Squash your commits prior merging or merge using GitHub's Squash and merge
• Don't use close, fix or any linking keywords when referencing an issue.
  Use solves instead, and assign the PR milestone to the issue
• Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-55328

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	mario.vidal/taint_db_values_iast
git_commit_date	1734944119	1735313019
git_commit_sha	46b5986	75b3a8b
release_version	1.45.0-SNAPSHOT~46b5986f6a	1.45.0-SNAPSHOT~75b3a8b07f

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1735315446	1735315446
ci_job_id	750140087	750140087
ci_pipeline_id	51848486	51848486
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 5 performance regressions! Performance is the same for 53 metrics, 5 unstable metrics.

scenario	Δ mean execution_time	candidate mean execution_time	baseline mean execution_time
scenario:startup:insecure-bank:iast:IAST	worse [+2.690ms; +3.852ms] or [+12.849%; +18.404%]	24.203ms	20.932ms
scenario:startup:insecure-bank:iast_HARDCODED_SECRET_DISABLED:IAST	worse [+2.551ms; +3.422ms] or [+12.039%; +16.150%]	24.173ms	21.187ms
scenario:startup:insecure-bank:iast_TELEMETRY_OFF:IAST	worse [+2.472ms; +2.970ms] or [+11.924%; +14.328%]	23.453ms	20.732ms
scenario:startup:petclinic:appsec:IAST	worse [+2.330ms; +3.237ms] or [+11.906%; +16.539%]	22.355ms	19.571ms
scenario:startup:petclinic:iast:IAST	worse [+2.731ms; +3.526ms] or [+12.964%; +16.736%]	24.197ms	21.069ms

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.45.0-SNAPSHOT~75b3a8b07f, baseline=1.45.0-SNAPSHOT~46b5986f6a

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.059 s) : 0, 1058575
Total [baseline] (10.39 s) : 0, 10389510
Agent [candidate] (1.053 s) : 0, 1053106
Total [candidate] (10.337 s) : 0, 10336649
section appsec
Agent [baseline] (1.185 s) : 0, 1184926
Total [baseline] (10.717 s) : 0, 10717162
Agent [candidate] (1.194 s) : 0, 1194160
Total [candidate] (10.694 s) : 0, 10693824
section iast
Agent [baseline] (1.184 s) : 0, 1184411
Total [baseline] (10.977 s) : 0, 10976577
Agent [candidate] (1.194 s) : 0, 1193860
Total [candidate] (11.052 s) : 0, 11052092
section profiling
Agent [baseline] (1.271 s) : 0, 1270503
Total [baseline] (10.767 s) : 0, 10767096
Agent [candidate] (1.287 s) : 0, 1287265
Total [candidate] (10.892 s) : 0, 10892376

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.059 s	-
Agent	appsec	1.185 s	126.351 ms (11.9%)
Agent	iast	1.184 s	125.836 ms (11.9%)
Agent	profiling	1.271 s	211.929 ms (20.0%)
Total	tracing	10.39 s	-
Total	appsec	10.717 s	327.652 ms (3.2%)
Total	iast	10.977 s	587.068 ms (5.7%)
Total	profiling	10.767 s	377.586 ms (3.6%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.053 s	-
Agent	appsec	1.194 s	141.054 ms (13.4%)
Agent	iast	1.194 s	140.754 ms (13.4%)
Agent	profiling	1.287 s	234.159 ms (22.2%)
Total	tracing	10.337 s	-
Total	appsec	10.694 s	357.175 ms (3.5%)
Total	iast	11.052 s	715.443 ms (6.9%)
Total	profiling	10.892 s	555.727 ms (5.4%)

gantt
    title petclinic - break down per module: candidate=1.45.0-SNAPSHOT~75b3a8b07f, baseline=1.45.0-SNAPSHOT~46b5986f6a

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (715.653 ms) : 0, 715653
BytebuddyAgent [candidate] (712.82 ms) : 0, 712820
GlobalTracer [baseline] (257.368 ms) : 0, 257368
GlobalTracer [candidate] (255.489 ms) : 0, 255489
AppSec [baseline] (57.886 ms) : 0, 57886
AppSec [candidate] (57.349 ms) : 0, 57349
Remote Config [baseline] (684.451 µs) : 0, 684
Remote Config [candidate] (685.254 µs) : 0, 685
Telemetry [baseline] (11.963 ms) : 0, 11963
Telemetry [candidate] (11.807 ms) : 0, 11807
section appsec
BytebuddyAgent [baseline] (728.473 ms) : 0, 728473
BytebuddyAgent [candidate] (734.383 ms) : 0, 734383
GlobalTracer [baseline] (252.339 ms) : 0, 252339
GlobalTracer [candidate] (254.305 ms) : 0, 254305
AppSec [baseline] (170.47 ms) : 0, 170470
AppSec [candidate] (170.782 ms) : 0, 170782
Remote Config [baseline] (665.148 µs) : 0, 665
Remote Config [candidate] (657.923 µs) : 0, 658
Telemetry [baseline] (8.311 ms) : 0, 8311
Telemetry [candidate] (7.803 ms) : 0, 7803
IAST [baseline] (19.571 ms) : 0, 19571
IAST [candidate] (22.355 ms) : 0, 22355
section iast
BytebuddyAgent [baseline] (833.843 ms) : 0, 833843
BytebuddyAgent [candidate] (840.082 ms) : 0, 840082
GlobalTracer [baseline] (247.502 ms) : 0, 247502
GlobalTracer [candidate] (247.675 ms) : 0, 247675
AppSec [baseline] (57.895 ms) : 0, 57895
AppSec [candidate] (57.65 ms) : 0, 57650
Remote Config [baseline] (660.421 µs) : 0, 660
Remote Config [candidate] (655.514 µs) : 0, 656
Telemetry [baseline] (8.488 ms) : 0, 8488
Telemetry [candidate] (8.461 ms) : 0, 8461
IAST [baseline] (21.069 ms) : 0, 21069
IAST [candidate] (24.197 ms) : 0, 24197
section profiling
BytebuddyAgent [baseline] (700.745 ms) : 0, 700745
BytebuddyAgent [candidate] (710.347 ms) : 0, 710347
GlobalTracer [baseline] (370.18 ms) : 0, 370180
GlobalTracer [candidate] (374.278 ms) : 0, 374278
AppSec [baseline] (53.982 ms) : 0, 53982
AppSec [candidate] (54.429 ms) : 0, 54429
Remote Config [baseline] (645.736 µs) : 0, 646
Remote Config [candidate] (669.078 µs) : 0, 669
Telemetry [baseline] (7.784 ms) : 0, 7784
Telemetry [candidate] (7.9 ms) : 0, 7900
ProfilingAgent [baseline] (95.48 ms) : 0, 95480
ProfilingAgent [candidate] (97.486 ms) : 0, 97486
Profiling [baseline] (95.504 ms) : 0, 95504
Profiling [candidate] (97.51 ms) : 0, 97510

Loading

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.45.0-SNAPSHOT~75b3a8b07f, baseline=1.45.0-SNAPSHOT~46b5986f6a

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.054 s) : 0, 1053517
Total [baseline] (8.625 s) : 0, 8625280
Agent [candidate] (1.054 s) : 0, 1053538
Total [candidate] (8.619 s) : 0, 8618518
section iast
Agent [baseline] (1.175 s) : 0, 1175487
Total [baseline] (9.264 s) : 0, 9264180
Agent [candidate] (1.192 s) : 0, 1192463
Total [candidate] (9.215 s) : 0, 9215047
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.178 s) : 0, 1178446
Total [baseline] (9.176 s) : 0, 9175536
Agent [candidate] (1.181 s) : 0, 1181377
Total [candidate] (9.165 s) : 0, 9164740
section iast_TELEMETRY_OFF
Agent [baseline] (1.172 s) : 0, 1172309
Total [baseline] (9.19 s) : 0, 9189538
Agent [candidate] (1.177 s) : 0, 1176687
Total [candidate] (9.198 s) : 0, 9198497

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.054 s	-
Agent	iast	1.175 s	121.97 ms (11.6%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.178 s	124.929 ms (11.9%)
Agent	iast_TELEMETRY_OFF	1.172 s	118.792 ms (11.3%)
Total	tracing	8.625 s	-
Total	iast	9.264 s	638.9 ms (7.4%)
Total	iast_HARDCODED_SECRET_DISABLED	9.176 s	550.256 ms (6.4%)
Total	iast_TELEMETRY_OFF	9.19 s	564.258 ms (6.5%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.054 s	-
Agent	iast	1.192 s	138.925 ms (13.2%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.181 s	127.839 ms (12.1%)
Agent	iast_TELEMETRY_OFF	1.177 s	123.149 ms (11.7%)
Total	tracing	8.619 s	-
Total	iast	9.215 s	596.529 ms (6.9%)
Total	iast_HARDCODED_SECRET_DISABLED	9.165 s	546.222 ms (6.3%)
Total	iast_TELEMETRY_OFF	9.198 s	579.979 ms (6.7%)

gantt
    title insecure-bank - break down per module: candidate=1.45.0-SNAPSHOT~75b3a8b07f, baseline=1.45.0-SNAPSHOT~46b5986f6a

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (712.088 ms) : 0, 712088
BytebuddyAgent [candidate] (713.142 ms) : 0, 713142
GlobalTracer [baseline] (255.717 ms) : 0, 255717
GlobalTracer [candidate] (255.654 ms) : 0, 255654
AppSec [baseline] (58.114 ms) : 0, 58114
AppSec [candidate] (59.404 ms) : 0, 59404
Remote Config [baseline] (684.867 µs) : 0, 685
Remote Config [candidate] (689.017 µs) : 0, 689
Telemetry [baseline] (11.989 ms) : 0, 11989
Telemetry [candidate] (9.734 ms) : 0, 9734
section iast
BytebuddyAgent [baseline] (826.83 ms) : 0, 826830
BytebuddyAgent [candidate] (837.277 ms) : 0, 837277
GlobalTracer [baseline] (246.119 ms) : 0, 246119
GlobalTracer [candidate] (248.374 ms) : 0, 248374
AppSec [baseline] (57.663 ms) : 0, 57663
AppSec [candidate] (58.288 ms) : 0, 58288
IAST [baseline] (20.932 ms) : 0, 20932
IAST [candidate] (24.203 ms) : 0, 24203
Remote Config [baseline] (663.976 µs) : 0, 664
Remote Config [candidate] (656.557 µs) : 0, 657
Telemetry [baseline] (8.445 ms) : 0, 8445
Telemetry [candidate] (8.545 ms) : 0, 8545
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (828.436 ms) : 0, 828436
BytebuddyAgent [candidate] (828.815 ms) : 0, 828815
GlobalTracer [baseline] (246.734 ms) : 0, 246734
GlobalTracer [candidate] (246.36 ms) : 0, 246360
AppSec [baseline] (58.083 ms) : 0, 58083
AppSec [candidate] (57.908 ms) : 0, 57908
IAST [baseline] (21.187 ms) : 0, 21187
IAST [candidate] (24.173 ms) : 0, 24173
Remote Config [baseline] (646.005 µs) : 0, 646
Remote Config [candidate] (664.89 µs) : 0, 665
Telemetry [baseline] (8.458 ms) : 0, 8458
Telemetry [candidate] (8.484 ms) : 0, 8484
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (824.279 ms) : 0, 824279
BytebuddyAgent [candidate] (825.503 ms) : 0, 825503
GlobalTracer [baseline] (246.046 ms) : 0, 246046
GlobalTracer [candidate] (246.099 ms) : 0, 246099
AppSec [baseline] (57.459 ms) : 0, 57459
AppSec [candidate] (57.582 ms) : 0, 57582
IAST [baseline] (20.732 ms) : 0, 20732
IAST [candidate] (23.453 ms) : 0, 23453
Remote Config [baseline] (660.5 µs) : 0, 660
Remote Config [candidate] (650.431 µs) : 0, 650
Telemetry [baseline] (8.266 ms) : 0, 8266
Telemetry [candidate] (8.4 ms) : 0, 8400

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2024-12-27T15:34:28	2024-12-27T15:41:27
git_branch	master	mario.vidal/taint_db_values_iast
git_commit_date	1734944119	1735313019
git_commit_sha	46b5986	75b3a8b
release_version	1.45.0-SNAPSHOT~46b5986f6a	1.45.0-SNAPSHOT~75b3a8b07f
start_time	2024-12-27T15:34:14	2024-12-27T15:41:13

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1735314443	1735314443
ci_job_id	750140088	750140088
ci_pipeline_id	51848486	51848486
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	iast	iast

Summary

Found 1 performance improvements and 2 performance regressions! Performance is the same for 8 metrics, 17 unstable metrics.

scenario	Δ mean http_req_duration	Δ mean throughput	candidate mean http_req_duration	candidate mean throughput	baseline mean http_req_duration	baseline mean throughput
scenario:load:insecure-bank:iast_FULL	worse [+68.021µs; +114.524µs] or [+10.437%; +17.572%]	unstable [-2346.157op/s; +441.395op/s] or [-35.192%; +6.621%]	743.016µs	5714.286op/s	651.744µs	6666.667op/s
scenario:load:insecure-bank:iast_GLOBAL	worse [+16.560µs; +63.656µs] or [+3.201%; +12.305%]	unstable [-3232.224op/s; +1349.871op/s] or [-40.403%; +16.873%]	557.441µs	7058.824op/s	517.333µs	8000.000op/s
scenario:load:petclinic:profiling	better [-83.398µs; -31.432µs] or [-5.325%; -2.007%]	unstable [-442.401op/s; +670.321op/s] or [-14.931%; +22.623%]	1.509ms	3076.923op/s	1.566ms	2962.963op/s

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.45.0-SNAPSHOT~75b3a8b07f, baseline=1.45.0-SNAPSHOT~46b5986f6a
    dateFormat X
    axisFormat %s
section baseline
no_agent (379.839 µs) : 359, 400
.   : milestone, 380,
iast (491.01 µs) : 469, 513
.   : milestone, 491,
iast_FULL (651.744 µs) : 630, 673
.   : milestone, 652,
iast_GLOBAL (517.333 µs) : 496, 539
.   : milestone, 517,
iast_HARDCODED_SECRET_DISABLED (491.982 µs) : 471, 513
.   : milestone, 492,
iast_INACTIVE (446.747 µs) : 426, 468
.   : milestone, 447,
iast_TELEMETRY_OFF (474.766 µs) : 453, 496
.   : milestone, 475,
tracing (448.274 µs) : 427, 469
.   : milestone, 448,
section candidate
no_agent (377.309 µs) : 358, 397
.   : milestone, 377,
iast (496.92 µs) : 475, 518
.   : milestone, 497,
iast_FULL (743.016 µs) : 721, 765
.   : milestone, 743,
iast_GLOBAL (557.441 µs) : 535, 580
.   : milestone, 557,
iast_HARDCODED_SECRET_DISABLED (499.532 µs) : 478, 521
.   : milestone, 500,
iast_INACTIVE (458.73 µs) : 436, 481
.   : milestone, 459,
iast_TELEMETRY_OFF (487.68 µs) : 466, 509
.   : milestone, 488,
tracing (448.068 µs) : 427, 469
.   : milestone, 448,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	379.839 µs [359.382 µs, 400.296 µs]	-
iast	491.01 µs [469.361 µs, 512.659 µs]	111.171 µs (29.3%)
iast_FULL	651.744 µs [630.234 µs, 673.253 µs]	271.904 µs (71.6%)
iast_GLOBAL	517.333 µs [496.0 µs, 538.667 µs]	137.494 µs (36.2%)
iast_HARDCODED_SECRET_DISABLED	491.982 µs [470.691 µs, 513.273 µs]	112.143 µs (29.5%)
iast_INACTIVE	446.747 µs [425.759 µs, 467.734 µs]	66.908 µs (17.6%)
iast_TELEMETRY_OFF	474.766 µs [453.411 µs, 496.121 µs]	94.927 µs (25.0%)
tracing	448.274 µs [427.095 µs, 469.453 µs]	68.435 µs (18.0%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	377.309 µs [357.623 µs, 396.996 µs]	-
iast	496.92 µs [475.4 µs, 518.44 µs]	119.611 µs (31.7%)
iast_FULL	743.016 µs [721.311 µs, 764.721 µs]	365.707 µs (96.9%)
iast_GLOBAL	557.441 µs [535.022 µs, 579.861 µs]	180.132 µs (47.7%)
iast_HARDCODED_SECRET_DISABLED	499.532 µs [478.248 µs, 520.816 µs]	122.222 µs (32.4%)
iast_INACTIVE	458.73 µs [436.06 µs, 481.4 µs]	81.42 µs (21.6%)
iast_TELEMETRY_OFF	487.68 µs [466.215 µs, 509.146 µs]	110.371 µs (29.3%)
tracing	448.068 µs [427.102 µs, 469.035 µs]	70.759 µs (18.8%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.45.0-SNAPSHOT~75b3a8b07f, baseline=1.45.0-SNAPSHOT~46b5986f6a
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.359 ms) : 1339, 1379
.   : milestone, 1359,
appsec (1.765 ms) : 1739, 1790
.   : milestone, 1765,
appsec_no_iast (1.764 ms) : 1740, 1788
.   : milestone, 1764,
iast (1.505 ms) : 1482, 1528
.   : milestone, 1505,
profiling (1.566 ms) : 1541, 1591
.   : milestone, 1566,
tracing (1.488 ms) : 1463, 1513
.   : milestone, 1488,
section candidate
no_agent (1.346 ms) : 1326, 1365
.   : milestone, 1346,
appsec (1.737 ms) : 1712, 1762
.   : milestone, 1737,
appsec_no_iast (1.75 ms) : 1726, 1774
.   : milestone, 1750,
iast (1.513 ms) : 1488, 1538
.   : milestone, 1513,
profiling (1.509 ms) : 1485, 1532
.   : milestone, 1509,
tracing (1.482 ms) : 1458, 1506
.   : milestone, 1482,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.359 ms [1.339 ms, 1.379 ms]	-
appsec	1.765 ms [1.739 ms, 1.79 ms]	405.818 µs (29.9%)
appsec_no_iast	1.764 ms [1.74 ms, 1.788 ms]	404.842 µs (29.8%)
iast	1.505 ms [1.482 ms, 1.528 ms]	145.778 µs (10.7%)
profiling	1.566 ms [1.541 ms, 1.591 ms]	206.974 µs (15.2%)
tracing	1.488 ms [1.463 ms, 1.513 ms]	128.684 µs (9.5%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.346 ms [1.326 ms, 1.365 ms]	-
appsec	1.737 ms [1.712 ms, 1.762 ms]	391.169 µs (29.1%)
appsec_no_iast	1.75 ms [1.726 ms, 1.774 ms]	403.935 µs (30.0%)
iast	1.513 ms [1.488 ms, 1.538 ms]	167.371 µs (12.4%)
profiling	1.509 ms [1.485 ms, 1.532 ms]	162.654 µs (12.1%)
tracing	1.482 ms [1.458 ms, 1.506 ms]	135.973 µs (10.1%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	mario.vidal/taint_db_values_iast
git_commit_date	1734944119	1735313019
git_commit_sha	46b5986	75b3a8b
release_version	1.45.0-SNAPSHOT~46b5986f6a	1.45.0-SNAPSHOT~75b3a8b07f

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1735315017	1735315017
ci_job_id	750140089	750140089
ci_pipeline_id	51848486	51848486
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.45.0-SNAPSHOT~75b3a8b07f, baseline=1.45.0-SNAPSHOT~46b5986f6a
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.296 s) : 15296000, 15296000
.   : milestone, 15296000,
appsec (14.99 s) : 14990000, 14990000
.   : milestone, 14990000,
iast (19.181 s) : 19181000, 19181000
.   : milestone, 19181000,
iast_GLOBAL (17.984 s) : 17984000, 17984000
.   : milestone, 17984000,
profiling (15.129 s) : 15129000, 15129000
.   : milestone, 15129000,
tracing (14.927 s) : 14927000, 14927000
.   : milestone, 14927000,
section candidate
no_agent (15.324 s) : 15324000, 15324000
.   : milestone, 15324000,
appsec (15.092 s) : 15092000, 15092000
.   : milestone, 15092000,
iast (18.87 s) : 18870000, 18870000
.   : milestone, 18870000,
iast_GLOBAL (18.199 s) : 18199000, 18199000
.   : milestone, 18199000,
profiling (15.743 s) : 15743000, 15743000
.   : milestone, 15743000,
tracing (14.784 s) : 14784000, 14784000
.   : milestone, 14784000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.296 s [15.296 s, 15.296 s]	-
appsec	14.99 s [14.99 s, 14.99 s]	-306.0 ms (-2.0%)
iast	19.181 s [19.181 s, 19.181 s]	3.885 s (25.4%)
iast_GLOBAL	17.984 s [17.984 s, 17.984 s]	2.688 s (17.6%)
profiling	15.129 s [15.129 s, 15.129 s]	-167.0 ms (-1.1%)
tracing	14.927 s [14.927 s, 14.927 s]	-369.0 ms (-2.4%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.324 s [15.324 s, 15.324 s]	-
appsec	15.092 s [15.092 s, 15.092 s]	-232.0 ms (-1.5%)
iast	18.87 s [18.87 s, 18.87 s]	3.546 s (23.1%)
iast_GLOBAL	18.199 s [18.199 s, 18.199 s]	2.875 s (18.8%)
profiling	15.743 s [15.743 s, 15.743 s]	419.0 ms (2.7%)
tracing	14.784 s [14.784 s, 14.784 s]	-540.0 ms (-3.5%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.45.0-SNAPSHOT~75b3a8b07f, baseline=1.45.0-SNAPSHOT~46b5986f6a
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.474 ms) : 1463, 1486
.   : milestone, 1474,
appsec (2.354 ms) : 2312, 2396
.   : milestone, 2354,
iast (2.105 ms) : 2052, 2158
.   : milestone, 2105,
iast_GLOBAL (2.139 ms) : 2086, 2193
.   : milestone, 2139,
profiling (1.983 ms) : 1939, 2027
.   : milestone, 1983,
tracing (1.942 ms) : 1901, 1982
.   : milestone, 1942,
section candidate
no_agent (1.478 ms) : 1467, 1490
.   : milestone, 1478,
appsec (2.354 ms) : 2312, 2396
.   : milestone, 2354,
iast (2.089 ms) : 2037, 2142
.   : milestone, 2089,
iast_GLOBAL (2.15 ms) : 2095, 2204
.   : milestone, 2150,
profiling (1.99 ms) : 1946, 2034
.   : milestone, 1990,
tracing (1.932 ms) : 1892, 1972
.   : milestone, 1932,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.474 ms [1.463 ms, 1.486 ms]	-
appsec	2.354 ms [2.312 ms, 2.396 ms]	879.684 µs (59.7%)
iast	2.105 ms [2.052 ms, 2.158 ms]	630.655 µs (42.8%)
iast_GLOBAL	2.139 ms [2.086 ms, 2.193 ms]	665.324 µs (45.1%)
profiling	1.983 ms [1.939 ms, 2.027 ms]	508.526 µs (34.5%)
tracing	1.942 ms [1.901 ms, 1.982 ms]	467.517 µs (31.7%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.478 ms [1.467 ms, 1.49 ms]	-
appsec	2.354 ms [2.312 ms, 2.396 ms]	875.775 µs (59.2%)
iast	2.089 ms [2.037 ms, 2.142 ms]	611.133 µs (41.3%)
iast_GLOBAL	2.15 ms [2.095 ms, 2.204 ms]	671.347 µs (45.4%)
profiling	1.99 ms [1.946 ms, 2.034 ms]	511.752 µs (34.6%)
tracing	1.932 ms [1.892 ms, 1.972 ms]	453.581 µs (30.7%)

[smola]

Suggested change

	super("jdbc", "resultset");
	super("jdbc", "jdbc-resultset", "iast-resultset");

[smola]

Just so that we have an IAST specific switch to disable at some point.

[Mariovido]

Changed!