Add server.request.body.filenames AppSec address for Jersey and RESTEasy

[jandro996]

What Does This Do

Adds server.request.body.filenames AppSec gateway event support for Jersey 2.x, Jersey 3.x, and RESTEasy.

Jersey 2.x and 3.x

• New MultiPartHelper class (one per namespace module) with:
  • collectBodyPart(FormDataBodyPart, Map, List<String>) — populates the body map and/or filenames list for a single body part, replacing the inline logic in the advice
  • filenameFromBodyPart(FormDataBodyPart) — extracts the filename from FormDataContentDisposition
• MultiPartReaderServerSideInstrumentation now subscribes to EVENTS.requestFilesFilenames(), collects filenames via the helper, and fires the blocking flow if needed
• helperClassNames() declared to inject MultiPartHelper into the app classloader

RESTEasy

• New MultipartHelper class with:
  • collectFilenames(MultipartFormDataInput) — iterates parts, reads Content-Disposition headers via reflection, and delegates to filenameFromContentDisposition
  • filenameFromContentDisposition(String) — quote-aware parser that handles semicolons inside quoted filenames (e.g. filename="a;b.php")
• MultipartFormDataReaderInstrumentation now subscribes to EVENTS.requestFilesFilenames(), calls MultipartHelper.collectFilenames(), and fires the blocking flow if needed
• helperClassNames() declared to inject MultipartHelper

Tests

• Unit tests for each helper class: MultiPartHelperTest (Jersey 2 and 3) and MultipartHelperTest (RESTEasy)
• testBodyFilenames() { true } opted in for GrizzlyTest, Jersey2JettyTest, and Jersey3JettyTest

Motivation

Implements the server.request.body.filenames AppSec address for Jersey and RESTEasy as part of APPSEC-61873.

Additional Notes

Reflection in MultipartHelper (RESTEasy)

InputPart.getHeaders() returns javax.ws.rs.core.MultivaluedMap in RESTEasy 3.x and jakarta.ws.rs.core.MultivaluedMap in RESTEasy 6.x. A direct bytecode reference to either type fails muzzle for the other version.

To avoid this, MultipartHelper resolves the method once at class-load time via reflection and caches it in a static final field:

private static final Method GET_HEADERS;

static {
  Method m = null;
  try { m = InputPart.class.getMethod("getHeaders"); }
  catch (NoSuchMethodException ignored) {}
  GET_HEADERS = m;
}

The static initializer runs once in the app classloader (where the library is already present), so the reflection cost is zero per request and there is no bytecode reference to the problematic return type — muzzle passes across all RESTEasy versions.

This approach was preferred over the alternatives — duplicating the module by version, bounding the muzzle range, or restructuring the call site — which have historically caused cascading changes across multiple modules.

Contributor Checklist

• Format the title according to the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any other useful labels
• Avoid using close, fix, or any linking keywords when referencing an issue
  Use solves instead, and assign the PR milestone to the issue
• Update the CODEOWNERS file on source file addition, migration, or deletion
• Update public documentation with any new configuration flags or behaviors

Jira ticket: APPSEC-61873

Note: Once your PR is ready to merge, add it to the merge queue by commenting /merge. /merge -c cancels the queue request. /merge -f --reason "reason" skips all merge queue checks; please use this judiciously, as some checks do not run at the PR-level. For more information, see this doc.

[jandro996]

@codex review

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/APPSEC-61873-5-jersey-resteasy
git_commit_date	1776899365	1776940323
git_commit_sha	8569434	a46b9fa
release_version	1.62.0-SNAPSHOT~8569434beb	1.62.0-SNAPSHOT~a46b9fa02f

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1776942107	1776942107
ci_job_id	1623352998	1623352998
ci_pipeline_id	109257206	109257206
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-0-on738kgy 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-0-on738kgy 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 61 metrics, 9 unstable metrics.

scenario	Δ mean execution_time	candidate mean execution_time	baseline mean execution_time
scenario:startup:insecure-bank:iast:Remote Config	better [-31.440µs; -13.153µs] or [-5.798%; -2.426%]	519.946µs	542.242µs

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.62.0-SNAPSHOT~a46b9fa02f, baseline=1.62.0-SNAPSHOT~8569434beb

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.064 s) : 0, 1063621
Total [baseline] (8.851 s) : 0, 8851020
Agent [candidate] (1.058 s) : 0, 1058438
Total [candidate] (8.82 s) : 0, 8819912
section iast
Agent [baseline] (1.239 s) : 0, 1239294
Total [baseline] (9.535 s) : 0, 9535364
Agent [candidate] (1.229 s) : 0, 1229256
Total [candidate] (9.557 s) : 0, 9556836

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.064 s	-
Agent	iast	1.239 s	175.674 ms (16.5%)
Total	tracing	8.851 s	-
Total	iast	9.535 s	684.343 ms (7.7%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.058 s	-
Agent	iast	1.229 s	170.818 ms (16.1%)
Total	tracing	8.82 s	-
Total	iast	9.557 s	736.924 ms (8.4%)

gantt
    title insecure-bank - break down per module: candidate=1.62.0-SNAPSHOT~a46b9fa02f, baseline=1.62.0-SNAPSHOT~8569434beb

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.251 ms) : 0, 1251
crashtracking [candidate] (1.217 ms) : 0, 1217
BytebuddyAgent [baseline] (638.876 ms) : 0, 638876
BytebuddyAgent [candidate] (633.475 ms) : 0, 633475
AgentMeter [baseline] (29.856 ms) : 0, 29856
AgentMeter [candidate] (29.487 ms) : 0, 29487
GlobalTracer [baseline] (250.508 ms) : 0, 250508
GlobalTracer [candidate] (249.949 ms) : 0, 249949
AppSec [baseline] (32.443 ms) : 0, 32443
AppSec [candidate] (32.625 ms) : 0, 32625
Debugger [baseline] (59.065 ms) : 0, 59065
Debugger [candidate] (59.433 ms) : 0, 59433
Remote Config [baseline] (591.333 µs) : 0, 591
Remote Config [candidate] (624.295 µs) : 0, 624
Telemetry [baseline] (8.015 ms) : 0, 8015
Telemetry [candidate] (8.108 ms) : 0, 8108
Flare Poller [baseline] (6.648 ms) : 0, 6648
Flare Poller [candidate] (7.382 ms) : 0, 7382
section iast
crashtracking [baseline] (1.245 ms) : 0, 1245
crashtracking [candidate] (1.238 ms) : 0, 1238
BytebuddyAgent [baseline] (812.778 ms) : 0, 812778
BytebuddyAgent [candidate] (808.322 ms) : 0, 808322
AgentMeter [baseline] (11.529 ms) : 0, 11529
AgentMeter [candidate] (11.412 ms) : 0, 11412
GlobalTracer [baseline] (240.981 ms) : 0, 240981
GlobalTracer [candidate] (238.717 ms) : 0, 238717
AppSec [baseline] (31.985 ms) : 0, 31985
AppSec [candidate] (26.546 ms) : 0, 26546
Debugger [baseline] (64.668 ms) : 0, 64668
Debugger [candidate] (63.012 ms) : 0, 63012
Remote Config [baseline] (542.242 µs) : 0, 542
Remote Config [candidate] (519.946 µs) : 0, 520
Telemetry [baseline] (7.849 ms) : 0, 7849
Telemetry [candidate] (7.683 ms) : 0, 7683
Flare Poller [baseline] (3.433 ms) : 0, 3433
Flare Poller [candidate] (3.381 ms) : 0, 3381
IAST [baseline] (27.938 ms) : 0, 27938
IAST [candidate] (31.583 ms) : 0, 31583

Loading

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.62.0-SNAPSHOT~a46b9fa02f, baseline=1.62.0-SNAPSHOT~8569434beb

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.06 s) : 0, 1059508
Total [baseline] (11.009 s) : 0, 11009266
Agent [candidate] (1.065 s) : 0, 1065132
Total [candidate] (11.136 s) : 0, 11136023
section appsec
Agent [baseline] (1.263 s) : 0, 1262651
Total [baseline] (10.934 s) : 0, 10933791
Agent [candidate] (1.262 s) : 0, 1261521
Total [candidate] (10.971 s) : 0, 10971279
section iast
Agent [baseline] (1.24 s) : 0, 1239598
Total [baseline] (11.294 s) : 0, 11293888
Agent [candidate] (1.23 s) : 0, 1230097
Total [candidate] (11.271 s) : 0, 11270817
section profiling
Agent [baseline] (1.186 s) : 0, 1186211
Total [baseline] (11.073 s) : 0, 11072660
Agent [candidate] (1.187 s) : 0, 1187486
Total [candidate] (11.173 s) : 0, 11173422

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.06 s	-
Agent	appsec	1.263 s	203.143 ms (19.2%)
Agent	iast	1.24 s	180.091 ms (17.0%)
Agent	profiling	1.186 s	126.703 ms (12.0%)
Total	tracing	11.009 s	-
Total	appsec	10.934 s	-75.475 ms (-0.7%)
Total	iast	11.294 s	284.622 ms (2.6%)
Total	profiling	11.073 s	63.393 ms (0.6%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.065 s	-
Agent	appsec	1.262 s	196.39 ms (18.4%)
Agent	iast	1.23 s	164.965 ms (15.5%)
Agent	profiling	1.187 s	122.354 ms (11.5%)
Total	tracing	11.136 s	-
Total	appsec	10.971 s	-164.744 ms (-1.5%)
Total	iast	11.271 s	134.795 ms (1.2%)
Total	profiling	11.173 s	37.399 ms (0.3%)

gantt
    title petclinic - break down per module: candidate=1.62.0-SNAPSHOT~a46b9fa02f, baseline=1.62.0-SNAPSHOT~8569434beb

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.231 ms) : 0, 1231
crashtracking [candidate] (1.226 ms) : 0, 1226
BytebuddyAgent [baseline] (634.236 ms) : 0, 634236
BytebuddyAgent [candidate] (637.107 ms) : 0, 637107
AgentMeter [baseline] (29.616 ms) : 0, 29616
AgentMeter [candidate] (29.792 ms) : 0, 29792
GlobalTracer [baseline] (249.249 ms) : 0, 249249
GlobalTracer [candidate] (250.61 ms) : 0, 250610
AppSec [baseline] (32.431 ms) : 0, 32431
AppSec [candidate] (32.647 ms) : 0, 32647
Debugger [baseline] (59.829 ms) : 0, 59829
Debugger [candidate] (60.318 ms) : 0, 60318
Remote Config [baseline] (591.801 µs) : 0, 592
Remote Config [candidate] (601.19 µs) : 0, 601
Telemetry [baseline] (8.073 ms) : 0, 8073
Telemetry [candidate] (8.086 ms) : 0, 8086
Flare Poller [baseline] (8.195 ms) : 0, 8195
Flare Poller [candidate] (8.398 ms) : 0, 8398
section appsec
crashtracking [baseline] (1.231 ms) : 0, 1231
crashtracking [candidate] (1.216 ms) : 0, 1216
BytebuddyAgent [baseline] (675.658 ms) : 0, 675658
BytebuddyAgent [candidate] (674.292 ms) : 0, 674292
AgentMeter [baseline] (12.192 ms) : 0, 12192
AgentMeter [candidate] (12.126 ms) : 0, 12126
GlobalTracer [baseline] (249.099 ms) : 0, 249099
GlobalTracer [candidate] (248.757 ms) : 0, 248757
AppSec [baseline] (187.097 ms) : 0, 187097
AppSec [candidate] (185.704 ms) : 0, 185704
Debugger [baseline] (64.793 ms) : 0, 64793
Debugger [candidate] (66.624 ms) : 0, 66624
Remote Config [baseline] (570.407 µs) : 0, 570
Remote Config [candidate] (579.438 µs) : 0, 579
Telemetry [baseline] (7.931 ms) : 0, 7931
Telemetry [candidate] (7.961 ms) : 0, 7961
Flare Poller [baseline] (3.458 ms) : 0, 3458
Flare Poller [candidate] (3.494 ms) : 0, 3494
IAST [baseline] (24.297 ms) : 0, 24297
IAST [candidate] (24.402 ms) : 0, 24402
section iast
crashtracking [baseline] (1.234 ms) : 0, 1234
crashtracking [candidate] (1.207 ms) : 0, 1207
BytebuddyAgent [baseline] (815.043 ms) : 0, 815043
BytebuddyAgent [candidate] (808.238 ms) : 0, 808238
AgentMeter [baseline] (11.442 ms) : 0, 11442
AgentMeter [candidate] (11.431 ms) : 0, 11431
GlobalTracer [baseline] (239.988 ms) : 0, 239988
GlobalTracer [candidate] (238.373 ms) : 0, 238373
AppSec [baseline] (28.629 ms) : 0, 28629
AppSec [candidate] (27.434 ms) : 0, 27434
Debugger [baseline] (64.314 ms) : 0, 64314
Debugger [candidate] (65.715 ms) : 0, 65715
Remote Config [baseline] (529.546 µs) : 0, 530
Remote Config [candidate] (525.195 µs) : 0, 525
Telemetry [baseline] (7.842 ms) : 0, 7842
Telemetry [candidate] (7.772 ms) : 0, 7772
Flare Poller [baseline] (3.456 ms) : 0, 3456
Flare Poller [candidate] (3.411 ms) : 0, 3411
IAST [baseline] (30.878 ms) : 0, 30878
IAST [candidate] (29.997 ms) : 0, 29997
section profiling
ProfilingAgent [baseline] (93.943 ms) : 0, 93943
ProfilingAgent [candidate] (94.572 ms) : 0, 94572
crashtracking [baseline] (1.189 ms) : 0, 1189
crashtracking [candidate] (1.175 ms) : 0, 1175
BytebuddyAgent [baseline] (692.802 ms) : 0, 692802
BytebuddyAgent [candidate] (693.129 ms) : 0, 693129
AgentMeter [baseline] (8.949 ms) : 0, 8949
AgentMeter [candidate] (8.971 ms) : 0, 8971
GlobalTracer [baseline] (207.501 ms) : 0, 207501
GlobalTracer [candidate] (207.851 ms) : 0, 207851
AppSec [baseline] (32.548 ms) : 0, 32548
AppSec [candidate] (32.654 ms) : 0, 32654
Debugger [baseline] (65.859 ms) : 0, 65859
Debugger [candidate] (65.815 ms) : 0, 65815
Remote Config [baseline] (585.984 µs) : 0, 586
Remote Config [candidate] (584.277 µs) : 0, 584
Telemetry [baseline] (7.929 ms) : 0, 7929
Telemetry [candidate] (7.912 ms) : 0, 7912
Flare Poller [baseline] (3.531 ms) : 0, 3531
Flare Poller [candidate] (3.523 ms) : 0, 3523
Profiling [baseline] (94.518 ms) : 0, 94518
Profiling [candidate] (95.147 ms) : 0, 95147

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/APPSEC-61873-5-jersey-resteasy
git_commit_date	1776899365	1776940323
git_commit_sha	8569434	a46b9fa
release_version	1.62.0-SNAPSHOT~8569434beb	1.62.0-SNAPSHOT~a46b9fa02f

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1776942590	1776942590
ci_job_id	1623352999	1623352999
ci_pipeline_id	109257206	109257206
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-1-mquuj115 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-1-mquuj115 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 4 performance improvements and 1 performance regressions! Performance is the same for 14 metrics, 17 unstable metrics.

scenario	Δ mean agg_http_req_duration_p50	Δ mean agg_http_req_duration_p95	Δ mean throughput	candidate mean agg_http_req_duration_p50	candidate mean agg_http_req_duration_p95	candidate mean throughput	baseline mean agg_http_req_duration_p50	baseline mean agg_http_req_duration_p95	baseline mean throughput
scenario:load:insecure-bank:iast:high_load	worse [+67.272µs; +173.017µs] or [+2.682%; +6.897%]	unsure [+109.763µs; +467.296µs] or [+1.489%; +6.339%]	unstable [-200.707op/s; +81.457op/s] or [-14.171%; +5.751%]	2.629ms	7.661ms	1356.656op/s	2.508ms	7.372ms	1416.281op/s
scenario:load:petclinic:iast:high_load	better [-2.458ms; -2.008ms] or [-12.623%; -10.308%]	better [-3.630ms; -2.556ms] or [-11.621%; -8.181%]	unstable [+3.756op/s; +54.307op/s] or [+1.597%; +23.091%]	17.242ms	28.145ms	264.219op/s	19.475ms	31.238ms	235.188op/s
scenario:load:petclinic:tracing:high_load	better [-1.542ms; -0.729ms] or [-8.271%; -3.908%]	better [-2.255ms; -1.121ms] or [-7.455%; -3.706%]	unstable [-10.914op/s; +41.477op/s] or [-4.445%; +16.893%]	17.511ms	28.557ms	260.812op/s	18.647ms	30.245ms	245.531op/s

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~a46b9fa02f, baseline=1.62.0-SNAPSHOT~8569434beb
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.284 ms) : 1271, 1297
.   : milestone, 1284,
iast (3.229 ms) : 3190, 3268
.   : milestone, 3229,
iast_FULL (5.913 ms) : 5854, 5972
.   : milestone, 5913,
iast_GLOBAL (3.687 ms) : 3621, 3754
.   : milestone, 3687,
profiling (2.147 ms) : 2128, 2166
.   : milestone, 2147,
tracing (1.886 ms) : 1869, 1903
.   : milestone, 1886,
section candidate
no_agent (1.279 ms) : 1266, 1291
.   : milestone, 1279,
iast (3.374 ms) : 3326, 3423
.   : milestone, 3374,
iast_FULL (6.004 ms) : 5943, 6066
.   : milestone, 6004,
iast_GLOBAL (3.659 ms) : 3606, 3712
.   : milestone, 3659,
profiling (2.219 ms) : 2199, 2240
.   : milestone, 2219,
tracing (1.913 ms) : 1896, 1929
.   : milestone, 1913,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.284 ms [1.271 ms, 1.297 ms]	-
iast	3.229 ms [3.19 ms, 3.268 ms]	1.946 ms (151.5%)
iast_FULL	5.913 ms [5.854 ms, 5.972 ms]	4.629 ms (360.6%)
iast_GLOBAL	3.687 ms [3.621 ms, 3.754 ms]	2.403 ms (187.2%)
profiling	2.147 ms [2.128 ms, 2.166 ms]	863.113 µs (67.2%)
tracing	1.886 ms [1.869 ms, 1.903 ms]	602.226 µs (46.9%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.279 ms [1.266 ms, 1.291 ms]	-
iast	3.374 ms [3.326 ms, 3.423 ms]	2.096 ms (163.9%)
iast_FULL	6.004 ms [5.943 ms, 6.066 ms]	4.726 ms (369.6%)
iast_GLOBAL	3.659 ms [3.606 ms, 3.712 ms]	2.38 ms (186.2%)
profiling	2.219 ms [2.199 ms, 2.24 ms]	940.792 µs (73.6%)
tracing	1.913 ms [1.896 ms, 1.929 ms]	633.984 µs (49.6%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~a46b9fa02f, baseline=1.62.0-SNAPSHOT~8569434beb
    dateFormat X
    axisFormat %s
section baseline
no_agent (19.224 ms) : 19027, 19422
.   : milestone, 19224,
appsec (18.625 ms) : 18438, 18813
.   : milestone, 18625,
code_origins (17.823 ms) : 17648, 17998
.   : milestone, 17823,
iast (19.85 ms) : 19653, 20048
.   : milestone, 19850,
profiling (18.522 ms) : 18335, 18709
.   : milestone, 18522,
tracing (19.01 ms) : 18820, 19201
.   : milestone, 19010,
section candidate
no_agent (18.581 ms) : 18386, 18776
.   : milestone, 18581,
appsec (19.055 ms) : 18863, 19246
.   : milestone, 19055,
code_origins (17.869 ms) : 17694, 18043
.   : milestone, 17869,
iast (17.657 ms) : 17484, 17830
.   : milestone, 17657,
profiling (18.809 ms) : 18613, 19005
.   : milestone, 18809,
tracing (17.887 ms) : 17712, 18062
.   : milestone, 17887,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	19.224 ms [19.027 ms, 19.422 ms]	-
appsec	18.625 ms [18.438 ms, 18.813 ms]	-599.168 µs (-3.1%)
code_origins	17.823 ms [17.648 ms, 17.998 ms]	-1.402 ms (-7.3%)
iast	19.85 ms [19.653 ms, 20.048 ms]	625.911 µs (3.3%)
profiling	18.522 ms [18.335 ms, 18.709 ms]	-702.767 µs (-3.7%)
tracing	19.01 ms [18.82 ms, 19.201 ms]	-214.185 µs (-1.1%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	18.581 ms [18.386 ms, 18.776 ms]	-
appsec	19.055 ms [18.863 ms, 19.246 ms]	473.42 µs (2.5%)
code_origins	17.869 ms [17.694 ms, 18.043 ms]	-712.587 µs (-3.8%)
iast	17.657 ms [17.484 ms, 17.83 ms]	-924.531 µs (-5.0%)
profiling	18.809 ms [18.613 ms, 19.005 ms]	227.791 µs (1.2%)
tracing	17.887 ms [17.712 ms, 18.062 ms]	-693.983 µs (-3.7%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/APPSEC-61873-5-jersey-resteasy
git_commit_date	1776899365	1776940323
git_commit_sha	8569434	a46b9fa
release_version	1.62.0-SNAPSHOT~8569434beb	1.62.0-SNAPSHOT~a46b9fa02f

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1776942185	1776942185
ci_job_id	1623353000	1623353000
ci_pipeline_id	109257206	109257206
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-0-5cn9k261 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-0-5cn9k261 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~a46b9fa02f, baseline=1.62.0-SNAPSHOT~8569434beb
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.488 ms) : 1476, 1499
.   : milestone, 1488,
appsec (2.571 ms) : 2515, 2627
.   : milestone, 2571,
iast (2.294 ms) : 2223, 2364
.   : milestone, 2294,
iast_GLOBAL (2.335 ms) : 2264, 2407
.   : milestone, 2335,
profiling (2.122 ms) : 2065, 2178
.   : milestone, 2122,
tracing (2.097 ms) : 2043, 2151
.   : milestone, 2097,
section candidate
no_agent (1.487 ms) : 1476, 1499
.   : milestone, 1487,
appsec (3.778 ms) : 3559, 3996
.   : milestone, 3778,
iast (2.304 ms) : 2233, 2375
.   : milestone, 2304,
iast_GLOBAL (2.349 ms) : 2277, 2420
.   : milestone, 2349,
profiling (2.117 ms) : 2061, 2173
.   : milestone, 2117,
tracing (2.089 ms) : 2034, 2143
.   : milestone, 2089,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.488 ms [1.476 ms, 1.499 ms]	-
appsec	2.571 ms [2.515 ms, 2.627 ms]	1.084 ms (72.8%)
iast	2.294 ms [2.223 ms, 2.364 ms]	806.161 µs (54.2%)
iast_GLOBAL	2.335 ms [2.264 ms, 2.407 ms]	847.965 µs (57.0%)
profiling	2.122 ms [2.065 ms, 2.178 ms]	634.27 µs (42.6%)
tracing	2.097 ms [2.043 ms, 2.151 ms]	609.38 µs (41.0%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.487 ms [1.476 ms, 1.499 ms]	-
appsec	3.778 ms [3.559 ms, 3.996 ms]	2.29 ms (154.0%)
iast	2.304 ms [2.233 ms, 2.375 ms]	816.325 µs (54.9%)
iast_GLOBAL	2.349 ms [2.277 ms, 2.42 ms]	861.06 µs (57.9%)
profiling	2.117 ms [2.061 ms, 2.173 ms]	629.763 µs (42.3%)
tracing	2.089 ms [2.034 ms, 2.143 ms]	601.35 µs (40.4%)

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~a46b9fa02f, baseline=1.62.0-SNAPSHOT~8569434beb
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.602 s) : 15602000, 15602000
.   : milestone, 15602000,
appsec (15.19 s) : 15190000, 15190000
.   : milestone, 15190000,
iast (18.575 s) : 18575000, 18575000
.   : milestone, 18575000,
iast_GLOBAL (17.982 s) : 17982000, 17982000
.   : milestone, 17982000,
profiling (15.66 s) : 15660000, 15660000
.   : milestone, 15660000,
tracing (14.842 s) : 14842000, 14842000
.   : milestone, 14842000,
section candidate
no_agent (15.266 s) : 15266000, 15266000
.   : milestone, 15266000,
appsec (14.883 s) : 14883000, 14883000
.   : milestone, 14883000,
iast (18.457 s) : 18457000, 18457000
.   : milestone, 18457000,
iast_GLOBAL (18.129 s) : 18129000, 18129000
.   : milestone, 18129000,
profiling (14.75 s) : 14750000, 14750000
.   : milestone, 14750000,
tracing (15.132 s) : 15132000, 15132000
.   : milestone, 15132000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.602 s [15.602 s, 15.602 s]	-
appsec	15.19 s [15.19 s, 15.19 s]	-412.0 ms (-2.6%)
iast	18.575 s [18.575 s, 18.575 s]	2.973 s (19.1%)
iast_GLOBAL	17.982 s [17.982 s, 17.982 s]	2.38 s (15.3%)
profiling	15.66 s [15.66 s, 15.66 s]	58.0 ms (0.4%)
tracing	14.842 s [14.842 s, 14.842 s]	-760.0 ms (-4.9%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.266 s [15.266 s, 15.266 s]	-
appsec	14.883 s [14.883 s, 14.883 s]	-383.0 ms (-2.5%)
iast	18.457 s [18.457 s, 18.457 s]	3.191 s (20.9%)
iast_GLOBAL	18.129 s [18.129 s, 18.129 s]	2.863 s (18.8%)
profiling	14.75 s [14.75 s, 14.75 s]	-516.0 ms (-3.4%)
tracing	15.132 s [15.132 s, 15.132 s]	-134.0 ms (-0.9%)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 510fca6013

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 21a57776c3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[jandro996]

@codex review

[jandro996]

Please have a look to Reflection in MultipartHelper (RESTEasy) I think is a good approach to avoid more modules and code duplication, love to hear your thoughts 😃

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4f53294c1c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[jandro996]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Keep it up!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".