[ASM] IAST: Add web form tests #6276
Conversation
Datadog ReportBranch report: ❌ 6 Failed (0 Known Flaky), 454086 Passed, 2749 Skipped, 19h 53m 24.74s Total Time ❌ Failed Tests (6)
|
Execution-Time Benchmarks Report ⏱️Execution-time results for samples comparing the following branches/commits: Execution-time benchmarks measure the whole time it takes to execute a program. And are intended to measure the one-off costs. Cases where the execution time results for the PR are worse than latest master results are shown in red. The following thresholds were used for comparing the execution times:
Note that these results are based on a single point-in-time result for each branch. For full results, see the dashboard. Graphs show the p99 interval based on the mean and StdDev of the test run, as well as the mean value of the run (shown as a diamond below the graph). gantt
title Execution time (ms) FakeDbCommand (.NET Framework 4.6.2)
dateFormat X
axisFormat %s
todayMarker off
section Baseline
This PR (6276) - mean (72ms) : 64, 80
. : milestone, 72,
master - mean (71ms) : 65, 77
. : milestone, 71,
section CallTarget+Inlining+NGEN
This PR (6276) - mean (1,110ms) : 1092, 1129
. : milestone, 1110,
master - mean (1,106ms) : 1082, 1131
. : milestone, 1106,
gantt
title Execution time (ms) FakeDbCommand (.NET Core 3.1)
dateFormat X
axisFormat %s
todayMarker off
section Baseline
This PR (6276) - mean (109ms) : 106, 112
. : milestone, 109,
master - mean (108ms) : 106, 110
. : milestone, 108,
section CallTarget+Inlining+NGEN
This PR (6276) - mean (765ms) : 750, 781
. : milestone, 765,
master - mean (773ms) : 759, 788
. : milestone, 773,
gantt
title Execution time (ms) FakeDbCommand (.NET 6)
dateFormat X
axisFormat %s
todayMarker off
section Baseline
This PR (6276) - mean (92ms) : 90, 94
. : milestone, 92,
master - mean (93ms) : 89, 97
. : milestone, 93,
section CallTarget+Inlining+NGEN
This PR (6276) - mean (723ms) : 705, 741
. : milestone, 723,
master - mean (728ms) : 710, 746
. : milestone, 728,
gantt
title Execution time (ms) HttpMessageHandler (.NET Framework 4.6.2)
dateFormat X
axisFormat %s
todayMarker off
section Baseline
This PR (6276) - mean (192ms) : 181, 202
. : milestone, 192,
master - mean (190ms) : 187, 194
. : milestone, 190,
section CallTarget+Inlining+NGEN
This PR (6276) - mean (1,228ms) : 1201, 1256
. : milestone, 1228,
master - mean (1,227ms) : 1201, 1254
. : milestone, 1227,
gantt
title Execution time (ms) HttpMessageHandler (.NET Core 3.1)
dateFormat X
axisFormat %s
todayMarker off
section Baseline
This PR (6276) - mean (276ms) : 272, 280
. : milestone, 276,
master - mean (276ms) : 270, 282
. : milestone, 276,
section CallTarget+Inlining+NGEN
This PR (6276) - mean (941ms) : 920, 963
. : milestone, 941,
master - mean (945ms) : 919, 971
. : milestone, 945,
gantt
title Execution time (ms) HttpMessageHandler (.NET 6)
dateFormat X
axisFormat %s
todayMarker off
section Baseline
This PR (6276) - mean (266ms) : 262, 270
. : milestone, 266,
master - mean (265ms) : 260, 271
. : milestone, 265,
section CallTarget+Inlining+NGEN
This PR (6276) - mean (924ms) : 902, 945
. : milestone, 924,
master - mean (929ms) : 914, 945
. : milestone, 929,
|
Throughput/Crank Report ⚡Throughput results for AspNetCoreSimpleController comparing the following branches/commits: Cases where throughput results for the PR are worse than latest master (5% drop or greater), results are shown in red. Note that these results are based on a single point-in-time result for each branch. For full results, see one of the many, many dashboards! gantt
title Throughput Linux x64 (Total requests)
dateFormat X
axisFormat %s
section Baseline
This PR (6276) (11.216M) : 0, 11216142
master (11.174M) : 0, 11173945
benchmarks/2.9.0 (11.033M) : 0, 11032866
section Automatic
This PR (6276) (7.145M) : 0, 7145252
master (7.312M) : 0, 7312280
benchmarks/2.9.0 (7.786M) : 0, 7785853
section Trace stats
master (7.553M) : 0, 7553254
section Manual
master (11.102M) : 0, 11101684
section Manual + Automatic
This PR (6276) (6.621M) : 0, 6621067
master (6.740M) : 0, 6739647
section DD_TRACE_ENABLED=0
master (10.282M) : 0, 10282028
gantt
title Throughput Linux arm64 (Total requests)
dateFormat X
axisFormat %s
section Baseline
This PR (6276) (9.744M) : 0, 9743879
master (9.530M) : 0, 9530431
benchmarks/2.9.0 (9.495M) : 0, 9494821
section Automatic
This PR (6276) (6.426M) : 0, 6426382
master (6.395M) : 0, 6394628
section Trace stats
master (6.680M) : 0, 6679934
section Manual
master (9.631M) : 0, 9630609
section Manual + Automatic
This PR (6276) (6.020M) : 0, 6019965
master (5.995M) : 0, 5995215
section DD_TRACE_ENABLED=0
master (8.922M) : 0, 8921645
gantt
title Throughput Windows x64 (Total requests)
dateFormat X
axisFormat %s
section Baseline
This PR (6276) (9.695M) : 0, 9694569
master (9.758M) : 0, 9758058
benchmarks/2.9.0 (10.020M) : 0, 10019592
section Automatic
This PR (6276) (6.243M) : 0, 6242988
master (6.513M) : 0, 6512759
benchmarks/2.9.0 (7.255M) : 0, 7255257
section Trace stats
master (7.074M) : 0, 7073637
section Manual
master (9.827M) : 0, 9827350
section Manual + Automatic
This PR (6276) (6.055M) : 0, 6054814
master (5.944M) : 0, 5943752
section DD_TRACE_ENABLED=0
master (9.348M) : 0, 9348488
|
NachoEchevarria
changed the title
|
Thanks for your reviews! |
Summary of changes
An issue in an IAST customer was detected involving query parameter name and web forms in a vulnerability.
In order to reproduce the issue, some tests were created for web forms using vulnerabilities with a query parameter name in the evidence. Even though the test passed and no code change was required, the new tests will be added to our integration tests since, currently, we have no tests covering these cases.
Reason for change
Implementation details
Test coverage
Other details