Skip to content

Fix IllegalFormatConversionException StringModuleImpl#onStringFormat #9907

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Fix IllegalFormatConversionException StringModuleImpl#onStringFormat #9907

wants to merge 1 commit into from
+144 −2

Conversation

@jandro996
Copy link
Member

@jandro996 jandro996 commented Nov 6, 2025
edited
Loading

What Does This Do

This PR fixes an IllegalFormatConversionException that occurs in StringModuleImpl#onStringFormat when processing Scala string interpolation with format specifiers that receive incompatible types at runtime.

The fix introduces a new formatValue() helper method that wraps String.format() calls with exception handling. When a format conversion fails (e.g., %f receives a String instead of a Double), the method falls back to String.valueOf() to safely convert the parameter to a string representation, ensuring that:

  • The application doesn't crash
  • IAST taint tracking is preserved
  • Debug telemetry is logged for troubleshooting

Motivation

Error tracking report

stack trace

java.util.IllegalFormatConversionException
  at java.base/java.util.Formatter$FormatSpecifier.failConversion(Unknown Source)
  at java.base/java.util.Formatter$FormatSpecifier.printFloat(Unknown Source)
  at java.base/java.util.Formatter$FormatSpecifier.print(Unknown Source)
  at java.base/java.util.Formatter.format(Unknown Source)
  at java.base/java.util.Formatter.format(Unknown Source)
  at java.base/java.lang.String.format(Unknown Source)
  at com.datadog.iast.propagation.StringModuleImpl.onStringFormat(StringModuleImpl.java:537)
  at com.datadog.iast.propagation.StringModuleImpl.onStringFormat(StringModuleImpl.java:487)
  at datadog.trace.instrumentation.scala.StringOpsCallSite.afterInterpolation(StringOpsCallSite.java:50)
  at (redacted: 22 frames)
  at java.base/java.util.concurrent.ForkJoinTask.doExec(Unknown Source)
  at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(Unknown Source)
  at java.base/java.util.concurrent.ForkJoinPool.scan(Unknown Source)
  at java.base/java.util.concurrent.ForkJoinPool.runWorker(Unknown Source)
  at java.base/java.util.concurrent.ForkJoinWorkerThread.run(Unknown Source)

Additional Notes

Scala's f string interpolator is designed to be type-safe at compile time. When you write:

val balance: Double = 123.45
f"Balance: $balance%f"  //Compiles successfully

The Scala compiler verifies that the type matches the format specifier. However, there are several scenarios where incompatible types can reach String.format() at runtime:

Type Erasure with Any Type
When parameters are typed as Any, Scala's compile-time type checking is bypassed:

def formatValue(x: Any): String = f"Value: $x%f"
formatValue("not-a-number")  //Compiles, but crashes at runtime

Java-Scala Interoperability
Java code calling Scala methods can pass arbitrary types without Scala's type safety:

// Java code
ScalaFormatter.format("%f", "invalid");  //No compile-time check

Reflection and Dynamic Code
Code using reflection, macros, or dynamic invocation can construct format strings and parameters that bypass compile-time validation:

val format = "%f"
val param: Any = loadFromDatabase()  // Runtime type unknown
StringOps(format).format(Seq(param))  //Type unknown until runtime

References

Contributor Checklist

Jira ticket: APPSEC-59883

@jandro996 jandro996 added type: bug Bug report and fix comp: asm iast Application Security Management (IAST) labels Nov 6, 2025
@datadog-datadog-prod-us1
Copy link
Contributor

datadog-datadog-prod-us1 bot commented Nov 6, 2025
edited by datadog-official bot
Loading

🎯 Code Coverage
Patch Coverage: 100.00%
Total Coverage: 59.67% (+0.06%)

View detailed report

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 21404c9 | Docs | Datadog PR Page | Was this helpful? Give us feedback!

@pr-commenter
Copy link

pr-commenter bot commented Nov 6, 2025

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/IllegalFormatConversionException-StringModuleImpl#onStringFormat
git_commit_date 1762435787 1762439273
git_commit_sha 19d774d 21404c9
release_version 1.56.0-SNAPSHOT~19d774d48c 1.56.0-SNAPSHOT~21404c95c7
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1762444661 1762444661
ci_job_id 1219750653 1219750653
ci_pipeline_id 81458614 81458614
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-8fwwqqpr 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-8fwwqqpr 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 54 metrics, 11 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.56.0-SNAPSHOT~21404c95c7, baseline=1.56.0-SNAPSHOT~19d774d48c

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.054 s) : 0, 1054046
Total [baseline] (10.805 s) : 0, 10804599
Agent [candidate] (1.051 s) : 0, 1051281
Total [candidate] (10.764 s) : 0, 10763859
section appsec
Agent [baseline] (1.217 s) : 0, 1217178
Total [baseline] (10.891 s) : 0, 10890851
Agent [candidate] (1.225 s) : 0, 1224847
Total [candidate] (10.868 s) : 0, 10867874
section iast
Agent [baseline] (1.181 s) : 0, 1180556
Total [baseline] (11.107 s) : 0, 11107379
Agent [candidate] (1.179 s) : 0, 1178675
Total [candidate] (11.088 s) : 0, 11087542
section profiling
Agent [baseline] (1.194 s) : 0, 1193704
Total [baseline] (10.926 s) : 0, 10925755
Agent [candidate] (1.203 s) : 0, 1202569
Total [candidate] (10.884 s) : 0, 10884488
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.054 s -
Agent appsec 1.217 s 163.131 ms (15.5%)
Agent iast 1.181 s 126.509 ms (12.0%)
Agent profiling 1.194 s 139.658 ms (13.2%)
Total tracing 10.805 s -
Total appsec 10.891 s 86.252 ms (0.8%)
Total iast 11.107 s 302.78 ms (2.8%)
Total profiling 10.926 s 121.157 ms (1.1%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.051 s -
Agent appsec 1.225 s 173.565 ms (16.5%)
Agent iast 1.179 s 127.393 ms (12.1%)
Agent profiling 1.203 s 151.287 ms (14.4%)
Total tracing 10.764 s -
Total appsec 10.868 s 104.016 ms (1.0%)
Total iast 11.088 s 323.683 ms (3.0%)
Total profiling 10.884 s 120.629 ms (1.1%) 
gantt
    title petclinic - break down per module: candidate=1.56.0-SNAPSHOT~21404c95c7, baseline=1.56.0-SNAPSHOT~19d774d48c

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.474 ms) : 0, 1474
crashtracking [candidate] (1.46 ms) : 0, 1460
BytebuddyAgent [baseline] (709.301 ms) : 0, 709301
BytebuddyAgent [candidate] (708.552 ms) : 0, 708552
GlobalTracer [baseline] (247.688 ms) : 0, 247688
GlobalTracer [candidate] (246.37 ms) : 0, 246370
AppSec [baseline] (32.741 ms) : 0, 32741
AppSec [candidate] (32.355 ms) : 0, 32355
Debugger [baseline] (6.419 ms) : 0, 6419
Debugger [candidate] (6.374 ms) : 0, 6374
Remote Config [baseline] (719.828 µs) : 0, 720
Remote Config [candidate] (708.347 µs) : 0, 708
Telemetry [baseline] (14.33 ms) : 0, 14330
Telemetry [candidate] (14.887 ms) : 0, 14887
Flare Poller [baseline] (6.557 ms) : 0, 6557
Flare Poller [candidate] (5.81 ms) : 0, 5810
section appsec
crashtracking [baseline] (1.458 ms) : 0, 1458
crashtracking [candidate] (1.461 ms) : 0, 1461
BytebuddyAgent [baseline] (726.383 ms) : 0, 726383
BytebuddyAgent [candidate] (732.16 ms) : 0, 732160
GlobalTracer [baseline] (236.638 ms) : 0, 236638
GlobalTracer [candidate] (237.795 ms) : 0, 237795
IAST [baseline] (24.763 ms) : 0, 24763
IAST [candidate] (24.873 ms) : 0, 24873
AppSec [baseline] (174.165 ms) : 0, 174165
AppSec [candidate] (174.479 ms) : 0, 174479
Debugger [baseline] (5.956 ms) : 0, 5956
Debugger [candidate] (5.979 ms) : 0, 5979
Remote Config [baseline] (648.58 µs) : 0, 649
Remote Config [candidate] (650.342 µs) : 0, 650
Telemetry [baseline] (8.508 ms) : 0, 8508
Telemetry [candidate] (8.559 ms) : 0, 8559
Flare Poller [baseline] (3.926 ms) : 0, 3926
Flare Poller [candidate] (3.918 ms) : 0, 3918
section iast
crashtracking [baseline] (1.459 ms) : 0, 1459
crashtracking [candidate] (1.455 ms) : 0, 1455
BytebuddyAgent [baseline] (828.828 ms) : 0, 828828
BytebuddyAgent [candidate] (827.638 ms) : 0, 827638
GlobalTracer [baseline] (234.835 ms) : 0, 234835
GlobalTracer [candidate] (234.653 ms) : 0, 234653
IAST [baseline] (33.72 ms) : 0, 33720
IAST [candidate] (30.87 ms) : 0, 30870
AppSec [baseline] (27.807 ms) : 0, 27807
AppSec [candidate] (30.096 ms) : 0, 30096
Debugger [baseline] (5.982 ms) : 0, 5982
Debugger [candidate] (6.031 ms) : 0, 6031
Remote Config [baseline] (611.073 µs) : 0, 611
Remote Config [candidate] (603.804 µs) : 0, 604
Telemetry [baseline] (8.377 ms) : 0, 8377
Telemetry [candidate] (8.5 ms) : 0, 8500
Flare Poller [baseline] (4.141 ms) : 0, 4141
Flare Poller [candidate] (4.148 ms) : 0, 4148
section profiling
crashtracking [baseline] (1.423 ms) : 0, 1423
crashtracking [candidate] (1.478 ms) : 0, 1478
BytebuddyAgent [baseline] (730.205 ms) : 0, 730205
BytebuddyAgent [candidate] (737.799 ms) : 0, 737799
GlobalTracer [baseline] (221.487 ms) : 0, 221487
GlobalTracer [candidate] (222.659 ms) : 0, 222659
AppSec [baseline] (32.229 ms) : 0, 32229
AppSec [candidate] (32.479 ms) : 0, 32479
Debugger [baseline] (9.038 ms) : 0, 9038
Debugger [candidate] (9.196 ms) : 0, 9196
Remote Config [baseline] (672.746 µs) : 0, 673
Remote Config [candidate] (686.398 µs) : 0, 686
Telemetry [baseline] (13.618 ms) : 0, 13618
Telemetry [candidate] (13.726 ms) : 0, 13726
Flare Poller [baseline] (4.122 ms) : 0, 4122
Flare Poller [candidate] (4.152 ms) : 0, 4152
ProfilingAgent [baseline] (111.049 ms) : 0, 111049
ProfilingAgent [candidate] (110.449 ms) : 0, 110449
Profiling [baseline] (111.728 ms) : 0, 111728
Profiling [candidate] (111.12 ms) : 0, 111120
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.56.0-SNAPSHOT~21404c95c7, baseline=1.56.0-SNAPSHOT~19d774d48c

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.047 s) : 0, 1047192
Total [baseline] (8.646 s) : 0, 8645581
Agent [candidate] (1.05 s) : 0, 1049837
Total [candidate] (8.631 s) : 0, 8630918
section iast
Agent [baseline] (1.178 s) : 0, 1178378
Total [baseline] (9.285 s) : 0, 9285362
Agent [candidate] (1.186 s) : 0, 1185722
Total [candidate] (9.259 s) : 0, 9258649
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.047 s -
Agent iast 1.178 s 131.186 ms (12.5%)
Total tracing 8.646 s -
Total iast 9.285 s 639.781 ms (7.4%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.05 s -
Agent iast 1.186 s 135.886 ms (12.9%)
Total tracing 8.631 s -
Total iast 9.259 s 627.731 ms (7.3%) 
gantt
    title insecure-bank - break down per module: candidate=1.56.0-SNAPSHOT~21404c95c7, baseline=1.56.0-SNAPSHOT~19d774d48c

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.45 ms) : 0, 1450
crashtracking [candidate] (1.481 ms) : 0, 1481
BytebuddyAgent [baseline] (705.4 ms) : 0, 705400
BytebuddyAgent [candidate] (706.791 ms) : 0, 706791
GlobalTracer [baseline] (245.551 ms) : 0, 245551
GlobalTracer [candidate] (246.462 ms) : 0, 246462
AppSec [baseline] (32.251 ms) : 0, 32251
AppSec [candidate] (32.384 ms) : 0, 32384
Debugger [baseline] (6.361 ms) : 0, 6361
Debugger [candidate] (6.369 ms) : 0, 6369
Remote Config [baseline] (717.056 µs) : 0, 717
Remote Config [candidate] (706.143 µs) : 0, 706
Telemetry [baseline] (15.139 ms) : 0, 15139
Telemetry [candidate] (13.628 ms) : 0, 13628
Flare Poller [baseline] (5.707 ms) : 0, 5707
Flare Poller [candidate] (7.274 ms) : 0, 7274
section iast
crashtracking [baseline] (1.479 ms) : 0, 1479
crashtracking [candidate] (1.463 ms) : 0, 1463
BytebuddyAgent [baseline] (827.965 ms) : 0, 827965
BytebuddyAgent [candidate] (833.747 ms) : 0, 833747
GlobalTracer [baseline] (234.26 ms) : 0, 234260
GlobalTracer [candidate] (235.563 ms) : 0, 235563
IAST [baseline] (34.129 ms) : 0, 34129
IAST [candidate] (33.285 ms) : 0, 33285
AppSec [baseline] (26.848 ms) : 0, 26848
AppSec [candidate] (27.798 ms) : 0, 27798
Debugger [baseline] (5.969 ms) : 0, 5969
Debugger [candidate] (6.01 ms) : 0, 6010
Remote Config [baseline] (595.868 µs) : 0, 596
Remote Config [candidate] (592.777 µs) : 0, 593
Telemetry [baseline] (8.319 ms) : 0, 8319
Telemetry [candidate] (8.368 ms) : 0, 8368
Flare Poller [baseline] (4.121 ms) : 0, 4121
Flare Poller [candidate] (4.037 ms) : 0, 4037
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/IllegalFormatConversionException-StringModuleImpl#onStringFormat
git_commit_date 1762435787 1762439273
git_commit_sha 19d774d 21404c9
release_version 1.56.0-SNAPSHOT~19d774d48c 1.56.0-SNAPSHOT~21404c95c7
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1762445250 1762445250
ci_job_id 1219750654 1219750654
ci_pipeline_id 81458614 81458614
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-6zhc3frf 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-6zhc3frf 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 4 performance improvements and 2 performance regressions! Performance is the same for 6 metrics, 12 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:insecure-bank:iast_GLOBAL:high_load worse
[+115.199µs; +230.918µs] or [+3.360%; +6.735%]		 unstable
[-208.960op/s; +89.710op/s] or [-15.638%; +6.714%]		 3.602ms 1276.594op/s 3.429ms 1336.219op/s
scenario:load:insecure-bank:profiling:high_load better
[-221.946µs; -183.849µs] or [-10.481%; -8.682%]		 unstable
[-66.009op/s; +502.322op/s] or [-3.091%; +23.524%]		 1.915ms 2353.500op/s 2.118ms 2135.344op/s
scenario:load:insecure-bank:iast_FULL:high_load better
[-676.382µs; -538.640µs] or [-10.599%; -8.441%]		 unstable
[-10.793op/s; +160.793op/s] or [-1.488%; +22.168%]		 5.774ms 800.344op/s 6.381ms 725.344op/s
scenario:load:petclinic:tracing:high_load better
[-1.312ms; -0.920ms] or [-7.036%; -4.935%]		 unstable
[-12.694op/s; +44.444op/s] or [-5.073%; +17.762%]		 17.535ms 266.094op/s 18.652ms 250.219op/s
scenario:load:petclinic:appsec:high_load worse
[+0.821ms; +1.242ms] or [+4.430%; +6.700%]		 unstable
[-40.609op/s; +14.109op/s] or [-16.137%; +5.606%]		 19.575ms 238.406op/s 18.543ms 251.656op/s
scenario:load:petclinic:profiling:high_load better
[-1147.438µs; -736.619µs] or [-5.905%; -3.791%]		 unstable
[-15.013op/s; +39.263op/s] or [-6.251%; +16.347%]		 18.491ms 252.312op/s 19.433ms 240.188op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.56.0-SNAPSHOT~21404c95c7, baseline=1.56.0-SNAPSHOT~19d774d48c
    dateFormat X
    axisFormat %s
section baseline
no_agent (18.393 ms) : 18197, 18589
.   : milestone, 18393,
appsec (18.543 ms) : 18356, 18731
.   : milestone, 18543,
code_origins (17.663 ms) : 17487, 17840
.   : milestone, 17663,
iast (17.596 ms) : 17419, 17774
.   : milestone, 17596,
profiling (19.433 ms) : 19236, 19630
.   : milestone, 19433,
tracing (18.652 ms) : 18465, 18839
.   : milestone, 18652,
section candidate
no_agent (18.246 ms) : 18057, 18436
.   : milestone, 18246,
appsec (19.575 ms) : 19372, 19779
.   : milestone, 19575,
code_origins (17.655 ms) : 17482, 17829
.   : milestone, 17655,
iast (17.645 ms) : 17469, 17821
.   : milestone, 17645,
profiling (18.491 ms) : 18306, 18676
.   : milestone, 18491,
tracing (17.535 ms) : 17359, 17712
.   : milestone, 17535,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.393 ms [18.197 ms, 18.589 ms] -
appsec 18.543 ms [18.356 ms, 18.731 ms] 150.364 µs (0.8%)
code_origins 17.663 ms [17.487 ms, 17.84 ms] -729.574 µs (-4.0%)
iast 17.596 ms [17.419 ms, 17.774 ms] -796.736 µs (-4.3%)
profiling 19.433 ms [19.236 ms, 19.63 ms] 1.04 ms (5.7%)
tracing 18.652 ms [18.465 ms, 18.839 ms] 258.936 µs (1.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.246 ms [18.057 ms, 18.436 ms] -
appsec 19.575 ms [19.372 ms, 19.779 ms] 1.329 ms (7.3%)
code_origins 17.655 ms [17.482 ms, 17.829 ms] -591.395 µs (-3.2%)
iast 17.645 ms [17.469 ms, 17.821 ms] -601.707 µs (-3.3%)
profiling 18.491 ms [18.306 ms, 18.676 ms] 244.706 µs (1.3%)
tracing 17.535 ms [17.359 ms, 17.712 ms] -710.956 µs (-3.9%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.56.0-SNAPSHOT~21404c95c7, baseline=1.56.0-SNAPSHOT~19d774d48c
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.213 ms) : 1201, 1225
.   : milestone, 1213,
iast (3.217 ms) : 3172, 3262
.   : milestone, 3217,
iast_FULL (6.381 ms) : 6312, 6451
.   : milestone, 6381,
iast_GLOBAL (3.429 ms) : 3378, 3479
.   : milestone, 3429,
profiling (2.118 ms) : 2099, 2136
.   : milestone, 2118,
tracing (1.788 ms) : 1774, 1803
.   : milestone, 1788,
section candidate
no_agent (1.199 ms) : 1187, 1211
.   : milestone, 1199,
iast (3.254 ms) : 3214, 3295
.   : milestone, 3254,
iast_FULL (5.774 ms) : 5716, 5832
.   : milestone, 5774,
iast_GLOBAL (3.602 ms) : 3545, 3659
.   : milestone, 3602,
profiling (1.915 ms) : 1898, 1931
.   : milestone, 1915,
tracing (1.785 ms) : 1770, 1800
.   : milestone, 1785,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.213 ms [1.201 ms, 1.225 ms] -
iast 3.217 ms [3.172 ms, 3.262 ms] 2.004 ms (165.1%)
iast_FULL 6.381 ms [6.312 ms, 6.451 ms] 5.168 ms (425.9%)
iast_GLOBAL 3.429 ms [3.378 ms, 3.479 ms] 2.215 ms (182.6%)
profiling 2.118 ms [2.099 ms, 2.136 ms] 904.281 µs (74.5%)
tracing 1.788 ms [1.774 ms, 1.803 ms] 575.162 µs (47.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.199 ms [1.187 ms, 1.211 ms] -
iast 3.254 ms [3.214 ms, 3.295 ms] 2.055 ms (171.4%)
iast_FULL 5.774 ms [5.716 ms, 5.832 ms] 4.575 ms (381.5%)
iast_GLOBAL 3.602 ms [3.545 ms, 3.659 ms] 2.402 ms (200.3%)
profiling 1.915 ms [1.898 ms, 1.931 ms] 715.572 µs (59.7%)
tracing 1.785 ms [1.77 ms, 1.8 ms] 585.766 µs (48.8%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/IllegalFormatConversionException-StringModuleImpl#onStringFormat
git_commit_date 1762435787 1762439273
git_commit_sha 19d774d 21404c9
release_version 1.56.0-SNAPSHOT~19d774d48c 1.56.0-SNAPSHOT~21404c95c7
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1762444678 1762444678
ci_job_id 1219750655 1219750655
ci_pipeline_id 81458614 81458614
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-44txprqt 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-44txprqt 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.56.0-SNAPSHOT~21404c95c7, baseline=1.56.0-SNAPSHOT~19d774d48c
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.477 ms) : 1465, 1488
.   : milestone, 1477,
appsec (3.696 ms) : 3479, 3913
.   : milestone, 3696,
iast (2.202 ms) : 2138, 2265
.   : milestone, 2202,
iast_GLOBAL (2.243 ms) : 2179, 2306
.   : milestone, 2243,
profiling (2.042 ms) : 1991, 2093
.   : milestone, 2042,
tracing (2.023 ms) : 1973, 2072
.   : milestone, 2023,
section candidate
no_agent (1.471 ms) : 1459, 1482
.   : milestone, 1471,
appsec (3.722 ms) : 3503, 3941
.   : milestone, 3722,
iast (2.206 ms) : 2143, 2269
.   : milestone, 2206,
iast_GLOBAL (2.249 ms) : 2185, 2312
.   : milestone, 2249,
profiling (2.07 ms) : 2018, 2123
.   : milestone, 2070,
tracing (2.02 ms) : 1971, 2069
.   : milestone, 2020,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.477 ms [1.465 ms, 1.488 ms] -
appsec 3.696 ms [3.479 ms, 3.913 ms] 2.219 ms (150.3%)
iast 2.202 ms [2.138 ms, 2.265 ms] 724.829 µs (49.1%)
iast_GLOBAL 2.243 ms [2.179 ms, 2.306 ms] 766.132 µs (51.9%)
profiling 2.042 ms [1.991 ms, 2.093 ms] 565.15 µs (38.3%)
tracing 2.023 ms [1.973 ms, 2.072 ms] 546.023 µs (37.0%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.471 ms [1.459 ms, 1.482 ms] -
appsec 3.722 ms [3.503 ms, 3.941 ms] 2.251 ms (153.0%)
iast 2.206 ms [2.143 ms, 2.269 ms] 735.378 µs (50.0%)
iast_GLOBAL 2.249 ms [2.185 ms, 2.312 ms] 778.0 µs (52.9%)
profiling 2.07 ms [2.018 ms, 2.123 ms] 599.334 µs (40.7%)
tracing 2.02 ms [1.971 ms, 2.069 ms] 549.451 µs (37.4%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.56.0-SNAPSHOT~21404c95c7, baseline=1.56.0-SNAPSHOT~19d774d48c
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.835 s) : 14835000, 14835000
.   : milestone, 14835000,
appsec (14.877 s) : 14877000, 14877000
.   : milestone, 14877000,
iast (18.792 s) : 18792000, 18792000
.   : milestone, 18792000,
iast_GLOBAL (17.99 s) : 17990000, 17990000
.   : milestone, 17990000,
profiling (15.531 s) : 15531000, 15531000
.   : milestone, 15531000,
tracing (14.843 s) : 14843000, 14843000
.   : milestone, 14843000,
section candidate
no_agent (15.031 s) : 15031000, 15031000
.   : milestone, 15031000,
appsec (14.872 s) : 14872000, 14872000
.   : milestone, 14872000,
iast (18.278 s) : 18278000, 18278000
.   : milestone, 18278000,
iast_GLOBAL (18.174 s) : 18174000, 18174000
.   : milestone, 18174000,
profiling (14.987 s) : 14987000, 14987000
.   : milestone, 14987000,
tracing (14.89 s) : 14890000, 14890000
.   : milestone, 14890000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.835 s [14.835 s, 14.835 s] -
appsec 14.877 s [14.877 s, 14.877 s] 42.0 ms (0.3%)
iast 18.792 s [18.792 s, 18.792 s] 3.957 s (26.7%)
iast_GLOBAL 17.99 s [17.99 s, 17.99 s] 3.155 s (21.3%)
profiling 15.531 s [15.531 s, 15.531 s] 696.0 ms (4.7%)
tracing 14.843 s [14.843 s, 14.843 s] 8.0 ms (0.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.031 s [15.031 s, 15.031 s] -
appsec 14.872 s [14.872 s, 14.872 s] -159.0 ms (-1.1%)
iast 18.278 s [18.278 s, 18.278 s] 3.247 s (21.6%)
iast_GLOBAL 18.174 s [18.174 s, 18.174 s] 3.143 s (20.9%)
profiling 14.987 s [14.987 s, 14.987 s] -44.0 ms (-0.3%)
tracing 14.89 s [14.89 s, 14.89 s] -141.0 ms (-0.9%)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

comp: asm iast Application Security Management (IAST) type: bug Bug report and fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jandro996