Extract Jersey json body response schemas

[jandro996]

What Does This Do

Adds response body extraction for Jersey JSON endpoints to enable automatic API schema discovery and protection by the Web Application Firewall (WAF).

Motivation

Additional Notes

Contributor Checklist

• Format the title according the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any usefull labels
• Don't use close, fix or any linking keywords when referencing an issue.
  Use solves instead, and assign the PR milestone to the issue
• Update the CODEOWNERS file on source file addition, move, or deletion
• Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-57909

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/api-sec-jersey-response-schema
git_commit_date	1750865797	1750920046
git_commit_sha	d6d3d21	b61f58eaf6
release_version	1.51.0-SNAPSHOT~d6d3d210b1	1.51.0-SNAPSHOT~db61f58eaf6

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1750921304	1750921304
ci_job_id	999423575	999423575
ci_pipeline_id	68815597	68815597
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-hvkztcm7-project-304-concurrent-0-e4q9sdhg 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-hvkztcm7-project-304-concurrent-0-e4q9sdhg 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 46 metrics, 7 unstable metrics.

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.51.0-SNAPSHOT~db61f58eaf6, baseline=1.51.0-SNAPSHOT~d6d3d210b1

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (996.872 ms) : 0, 996872
Total [baseline] (10.757 s) : 0, 10757453
Agent [candidate] (1.007 s) : 0, 1006639
Total [candidate] (10.805 s) : 0, 10804755
section appsec
Agent [baseline] (1.179 s) : 0, 1178967
Total [baseline] (10.733 s) : 0, 10733008
Agent [candidate] (1.184 s) : 0, 1183971
Total [candidate] (10.764 s) : 0, 10764402
section iast
Agent [baseline] (1.135 s) : 0, 1134796
Total [baseline] (10.866 s) : 0, 10866444
Agent [candidate] (1.142 s) : 0, 1141875
Total [candidate] (10.906 s) : 0, 10906488
section profiling
Agent [baseline] (1.244 s) : 0, 1244140
Total [baseline] (11.056 s) : 0, 11055753
Agent [candidate] (1.254 s) : 0, 1254436
Total [candidate] (10.983 s) : 0, 10982889

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	996.872 ms	-
Agent	appsec	1.179 s	182.095 ms (18.3%)
Agent	iast	1.135 s	137.924 ms (13.8%)
Agent	profiling	1.244 s	247.268 ms (24.8%)
Total	tracing	10.757 s	-
Total	appsec	10.733 s	-24.445 ms (-0.2%)
Total	iast	10.866 s	108.991 ms (1.0%)
Total	profiling	11.056 s	298.3 ms (2.8%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.007 s	-
Agent	appsec	1.184 s	177.332 ms (17.6%)
Agent	iast	1.142 s	135.236 ms (13.4%)
Agent	profiling	1.254 s	247.797 ms (24.6%)
Total	tracing	10.805 s	-
Total	appsec	10.764 s	-40.353 ms (-0.4%)
Total	iast	10.906 s	101.733 ms (0.9%)
Total	profiling	10.983 s	178.134 ms (1.6%)

gantt
    title petclinic - break down per module: candidate=1.51.0-SNAPSHOT~db61f58eaf6, baseline=1.51.0-SNAPSHOT~d6d3d210b1

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (687.889 ms) : 0, 687889
BytebuddyAgent [candidate] (694.806 ms) : 0, 694806
GlobalTracer [baseline] (242.975 ms) : 0, 242975
GlobalTracer [candidate] (244.964 ms) : 0, 244964
AppSec [baseline] (30.302 ms) : 0, 30302
AppSec [candidate] (30.775 ms) : 0, 30775
Debugger [baseline] (6.004 ms) : 0, 6004
Debugger [candidate] (6.141 ms) : 0, 6141
Remote Config [baseline] (663.794 µs) : 0, 664
Remote Config [candidate] (682.619 µs) : 0, 683
Telemetry [baseline] (8.201 ms) : 0, 8201
Telemetry [candidate] (8.315 ms) : 0, 8315
section appsec
BytebuddyAgent [baseline] (713.278 ms) : 0, 713278
BytebuddyAgent [candidate] (717.338 ms) : 0, 717338
GlobalTracer [baseline] (236.905 ms) : 0, 236905
GlobalTracer [candidate] (238.018 ms) : 0, 238018
AppSec [baseline] (171.061 ms) : 0, 171061
AppSec [candidate] (170.656 ms) : 0, 170656
Debugger [baseline] (5.807 ms) : 0, 5807
Debugger [candidate] (5.832 ms) : 0, 5832
Remote Config [baseline] (620.763 µs) : 0, 621
Remote Config [candidate] (611.506 µs) : 0, 612
Telemetry [baseline] (8.192 ms) : 0, 8192
Telemetry [candidate] (8.182 ms) : 0, 8182
IAST [baseline] (22.188 ms) : 0, 22188
IAST [candidate] (22.293 ms) : 0, 22293
section iast
BytebuddyAgent [baseline] (809.858 ms) : 0, 809858
BytebuddyAgent [candidate] (815.141 ms) : 0, 815141
GlobalTracer [baseline] (233.83 ms) : 0, 233830
GlobalTracer [candidate] (234.988 ms) : 0, 234988
AppSec [baseline] (29.558 ms) : 0, 29558
AppSec [candidate] (28.147 ms) : 0, 28147
Debugger [baseline] (5.797 ms) : 0, 5797
Debugger [candidate] (5.866 ms) : 0, 5866
Remote Config [baseline] (577.521 µs) : 0, 578
Remote Config [candidate] (581.743 µs) : 0, 582
Telemetry [baseline] (7.993 ms) : 0, 7993
Telemetry [candidate] (7.942 ms) : 0, 7942
IAST [baseline] (26.331 ms) : 0, 26331
IAST [candidate] (28.201 ms) : 0, 28201
section profiling
BytebuddyAgent [baseline] (677.85 ms) : 0, 677850
BytebuddyAgent [candidate] (683.71 ms) : 0, 683710
GlobalTracer [baseline] (361.638 ms) : 0, 361638
GlobalTracer [candidate] (364.327 ms) : 0, 364327
AppSec [baseline] (32.21 ms) : 0, 32210
AppSec [candidate] (31.869 ms) : 0, 31869
Debugger [baseline] (11.222 ms) : 0, 11222
Debugger [candidate] (13.078 ms) : 0, 13078
Remote Config [baseline] (661.982 µs) : 0, 662
Remote Config [candidate] (665.929 µs) : 0, 666
Telemetry [baseline] (8.801 ms) : 0, 8801
Telemetry [candidate] (8.088 ms) : 0, 8088
ProfilingAgent [baseline] (103.073 ms) : 0, 103073
ProfilingAgent [candidate] (104.005 ms) : 0, 104005
Profiling [baseline] (103.099 ms) : 0, 103099
Profiling [candidate] (104.031 ms) : 0, 104031

Loading

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.51.0-SNAPSHOT~db61f58eaf6, baseline=1.51.0-SNAPSHOT~d6d3d210b1

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (996.588 ms) : 0, 996588
Total [baseline] (8.538 s) : 0, 8538294
Agent [candidate] (1.007 s) : 0, 1006871
Total [candidate] (8.59 s) : 0, 8589894
section iast
Agent [baseline] (1.14 s) : 0, 1140169
Total [baseline] (9.25 s) : 0, 9249679
Agent [candidate] (1.136 s) : 0, 1135763
Total [candidate] (9.291 s) : 0, 9291419

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	996.588 ms	-
Agent	iast	1.14 s	143.581 ms (14.4%)
Total	tracing	8.538 s	-
Total	iast	9.25 s	711.385 ms (8.3%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.007 s	-
Agent	iast	1.136 s	128.892 ms (12.8%)
Total	tracing	8.59 s	-
Total	iast	9.291 s	701.525 ms (8.2%)

gantt
    title insecure-bank - break down per module: candidate=1.51.0-SNAPSHOT~db61f58eaf6, baseline=1.51.0-SNAPSHOT~d6d3d210b1

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (688.094 ms) : 0, 688094
BytebuddyAgent [candidate] (695.373 ms) : 0, 695373
GlobalTracer [baseline] (242.357 ms) : 0, 242357
GlobalTracer [candidate] (244.826 ms) : 0, 244826
AppSec [baseline] (30.399 ms) : 0, 30399
AppSec [candidate] (30.671 ms) : 0, 30671
Debugger [baseline] (6.037 ms) : 0, 6037
Debugger [candidate] (6.092 ms) : 0, 6092
Remote Config [baseline] (666.993 µs) : 0, 667
Remote Config [candidate] (686.574 µs) : 0, 687
Telemetry [baseline] (8.185 ms) : 0, 8185
Telemetry [candidate] (8.274 ms) : 0, 8274
section iast
BytebuddyAgent [baseline] (814.263 ms) : 0, 814263
BytebuddyAgent [candidate] (810.935 ms) : 0, 810935
GlobalTracer [baseline] (234.6 ms) : 0, 234600
GlobalTracer [candidate] (233.891 ms) : 0, 233891
AppSec [baseline] (27.203 ms) : 0, 27203
AppSec [candidate] (27.795 ms) : 0, 27795
Debugger [baseline] (5.84 ms) : 0, 5840
Debugger [candidate] (5.83 ms) : 0, 5830
Remote Config [baseline] (593.453 µs) : 0, 593
Remote Config [candidate] (585.976 µs) : 0, 586
Telemetry [baseline] (8.025 ms) : 0, 8025
Telemetry [candidate] (7.99 ms) : 0, 7990
IAST [baseline] (28.787 ms) : 0, 28787
IAST [candidate] (27.9 ms) : 0, 27900

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/api-sec-jersey-response-schema
git_commit_date	1750865797	1750920047
git_commit_sha	d6d3d21	b61f58eaf6
release_version	1.51.0-SNAPSHOT~d6d3d210b1	1.51.0-SNAPSHOT~db61f58eaf6

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1750920983	1750920983
ci_job_id	999423576	999423576
ci_pipeline_id	68815597	68815597
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-ebrbdsyd-project-304-concurrent-0-o7ojh7ap 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-ebrbdsyd-project-304-concurrent-0-o7ojh7ap 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 1 performance regressions! Performance is the same for 9 metrics, 12 unstable metrics.

scenario	Δ mean http_req_duration	Δ mean throughput	candidate mean http_req_duration	candidate mean throughput	baseline mean http_req_duration	baseline mean throughput
scenario:load:insecure-bank:iast_GLOBAL:high_load	worse [+282.052µs; +661.466µs] or [+2.896%; +6.792%]	unstable [-78.239op/s; +34.364op/s] or [-16.406%; +7.206%]	10.211ms	454.969op/s	9.739ms	476.906op/s
scenario:load:petclinic:appsec:high_load	better [-3.388ms; -2.457ms] or [-6.883%; -4.991%]	unstable [-1.277op/s; +13.252op/s] or [-1.343%; +13.939%]	46.309ms	101.062op/s	49.231ms	95.075op/s
scenario:load:petclinic:iast:high_load	better [-1.923ms; -1.078ms] or [-4.277%; -2.398%]	unstable [-3.847op/s; +10.997op/s] or [-3.696%; +10.564%]	43.454ms	107.675op/s	44.954ms	104.100op/s

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~db61f58eaf6, baseline=1.51.0-SNAPSHOT~d6d3d210b1
    dateFormat X
    axisFormat %s
section baseline
no_agent (38.393 ms) : 38093, 38694
.   : milestone, 38393,
appsec (49.231 ms) : 48778, 49685
.   : milestone, 49231,
code_origins (45.456 ms) : 45083, 45829
.   : milestone, 45456,
iast (44.954 ms) : 44560, 45348
.   : milestone, 44954,
profiling (47.884 ms) : 47385, 48383
.   : milestone, 47884,
tracing (45.143 ms) : 44772, 45514
.   : milestone, 45143,
section candidate
no_agent (37.761 ms) : 37461, 38062
.   : milestone, 37761,
appsec (46.309 ms) : 45898, 46719
.   : milestone, 46309,
code_origins (44.417 ms) : 44047, 44788
.   : milestone, 44417,
iast (43.454 ms) : 43063, 43845
.   : milestone, 43454,
profiling (47.287 ms) : 46810, 47764
.   : milestone, 47287,
tracing (44.301 ms) : 43936, 44666
.   : milestone, 44301,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	38.393 ms [38.093 ms, 38.694 ms]	-
appsec	49.231 ms [48.778 ms, 49.685 ms]	10.838 ms (28.2%)
code_origins	45.456 ms [45.083 ms, 45.829 ms]	7.062 ms (18.4%)
iast	44.954 ms [44.56 ms, 45.348 ms]	6.56 ms (17.1%)
profiling	47.884 ms [47.385 ms, 48.383 ms]	9.491 ms (24.7%)
tracing	45.143 ms [44.772 ms, 45.514 ms]	6.75 ms (17.6%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	37.761 ms [37.461 ms, 38.062 ms]	-
appsec	46.309 ms [45.898 ms, 46.719 ms]	8.547 ms (22.6%)
code_origins	44.417 ms [44.047 ms, 44.788 ms]	6.656 ms (17.6%)
iast	43.454 ms [43.063 ms, 43.845 ms]	5.692 ms (15.1%)
profiling	47.287 ms [46.81 ms, 47.764 ms]	9.526 ms (25.2%)
tracing	44.301 ms [43.936 ms, 44.666 ms]	6.54 ms (17.3%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~db61f58eaf6, baseline=1.51.0-SNAPSHOT~d6d3d210b1
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.434 ms) : 4381, 4488
.   : milestone, 4434,
iast (9.345 ms) : 9192, 9498
.   : milestone, 9345,
iast_FULL (13.351 ms) : 13082, 13619
.   : milestone, 13351,
iast_GLOBAL (9.739 ms) : 9566, 9912
.   : milestone, 9739,
profiling (8.466 ms) : 8333, 8599
.   : milestone, 8466,
tracing (7.561 ms) : 7452, 7669
.   : milestone, 7561,
section candidate
no_agent (4.306 ms) : 4258, 4355
.   : milestone, 4306,
iast (9.154 ms) : 9007, 9300
.   : milestone, 9154,
iast_FULL (13.84 ms) : 13560, 14120
.   : milestone, 13840,
iast_GLOBAL (10.211 ms) : 10031, 10390
.   : milestone, 10211,
profiling (8.773 ms) : 8630, 8916
.   : milestone, 8773,
tracing (7.809 ms) : 7696, 7922
.   : milestone, 7809,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	4.434 ms [4.381 ms, 4.488 ms]	-
iast	9.345 ms [9.192 ms, 9.498 ms]	4.91 ms (110.7%)
iast_FULL	13.351 ms [13.082 ms, 13.619 ms]	8.916 ms (201.1%)
iast_GLOBAL	9.739 ms [9.566 ms, 9.912 ms]	5.305 ms (119.6%)
profiling	8.466 ms [8.333 ms, 8.599 ms]	4.032 ms (90.9%)
tracing	7.561 ms [7.452 ms, 7.669 ms]	3.126 ms (70.5%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	4.306 ms [4.258 ms, 4.355 ms]	-
iast	9.154 ms [9.007 ms, 9.3 ms]	4.848 ms (112.6%)
iast_FULL	13.84 ms [13.56 ms, 14.12 ms]	9.534 ms (221.4%)
iast_GLOBAL	10.211 ms [10.031 ms, 10.39 ms]	5.905 ms (137.1%)
profiling	8.773 ms [8.63 ms, 8.916 ms]	4.467 ms (103.7%)
tracing	7.809 ms [7.696 ms, 7.922 ms]	3.502 ms (81.3%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/api-sec-jersey-response-schema
git_commit_date	1750865797	1750920060
git_commit_sha	d6d3d21	b61f58eaf6
release_version	1.51.0-SNAPSHOT~d6d3d210b1	1.51.0-SNAPSHOT~db61f58eaf6

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1750921466	1750921466
ci_job_id	999423577	999423577
ci_pipeline_id	68815597	68815597
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-qa9ut2lj-project-304-concurrent-0-ctzwtsg1 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-qa9ut2lj-project-304-concurrent-0-ctzwtsg1 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~db61f58eaf6, baseline=1.51.0-SNAPSHOT~d6d3d210b1
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.457 s) : 15457000, 15457000
.   : milestone, 15457000,
appsec (14.88 s) : 14880000, 14880000
.   : milestone, 14880000,
iast (18.629 s) : 18629000, 18629000
.   : milestone, 18629000,
iast_GLOBAL (18.056 s) : 18056000, 18056000
.   : milestone, 18056000,
profiling (15.872 s) : 15872000, 15872000
.   : milestone, 15872000,
tracing (14.848 s) : 14848000, 14848000
.   : milestone, 14848000,
section candidate
no_agent (15.272 s) : 15272000, 15272000
.   : milestone, 15272000,
appsec (14.962 s) : 14962000, 14962000
.   : milestone, 14962000,
iast (18.344 s) : 18344000, 18344000
.   : milestone, 18344000,
iast_GLOBAL (18.395 s) : 18395000, 18395000
.   : milestone, 18395000,
profiling (15.411 s) : 15411000, 15411000
.   : milestone, 15411000,
tracing (14.69 s) : 14690000, 14690000
.   : milestone, 14690000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.457 s [15.457 s, 15.457 s]	-
appsec	14.88 s [14.88 s, 14.88 s]	-577.0 ms (-3.7%)
iast	18.629 s [18.629 s, 18.629 s]	3.172 s (20.5%)
iast_GLOBAL	18.056 s [18.056 s, 18.056 s]	2.599 s (16.8%)
profiling	15.872 s [15.872 s, 15.872 s]	415.0 ms (2.7%)
tracing	14.848 s [14.848 s, 14.848 s]	-609.0 ms (-3.9%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.272 s [15.272 s, 15.272 s]	-
appsec	14.962 s [14.962 s, 14.962 s]	-310.0 ms (-2.0%)
iast	18.344 s [18.344 s, 18.344 s]	3.072 s (20.1%)
iast_GLOBAL	18.395 s [18.395 s, 18.395 s]	3.123 s (20.4%)
profiling	15.411 s [15.411 s, 15.411 s]	139.0 ms (0.9%)
tracing	14.69 s [14.69 s, 14.69 s]	-582.0 ms (-3.8%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~db61f58eaf6, baseline=1.51.0-SNAPSHOT~d6d3d210b1
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.475 ms) : 1464, 1486
.   : milestone, 1475,
appsec (2.412 ms) : 2362, 2461
.   : milestone, 2412,
iast (2.196 ms) : 2134, 2258
.   : milestone, 2196,
iast_GLOBAL (2.226 ms) : 2165, 2288
.   : milestone, 2226,
profiling (2.041 ms) : 1991, 2091
.   : milestone, 2041,
tracing (2.003 ms) : 1955, 2051
.   : milestone, 2003,
section candidate
no_agent (1.475 ms) : 1463, 1486
.   : milestone, 1475,
appsec (2.402 ms) : 2353, 2452
.   : milestone, 2402,
iast (2.192 ms) : 2130, 2253
.   : milestone, 2192,
iast_GLOBAL (2.236 ms) : 2174, 2299
.   : milestone, 2236,
profiling (2.058 ms) : 2007, 2109
.   : milestone, 2058,
tracing (2.007 ms) : 1959, 2056
.   : milestone, 2007,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.475 ms [1.464 ms, 1.486 ms]	-
appsec	2.412 ms [2.362 ms, 2.461 ms]	936.631 µs (63.5%)
iast	2.196 ms [2.134 ms, 2.258 ms]	720.776 µs (48.9%)
iast_GLOBAL	2.226 ms [2.165 ms, 2.288 ms]	751.481 µs (50.9%)
profiling	2.041 ms [1.991 ms, 2.091 ms]	566.066 µs (38.4%)
tracing	2.003 ms [1.955 ms, 2.051 ms]	528.24 µs (35.8%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.475 ms [1.463 ms, 1.486 ms]	-
appsec	2.402 ms [2.353 ms, 2.452 ms]	927.641 µs (62.9%)
iast	2.192 ms [2.13 ms, 2.253 ms]	716.733 µs (48.6%)
iast_GLOBAL	2.236 ms [2.174 ms, 2.299 ms]	761.363 µs (51.6%)
profiling	2.058 ms [2.007 ms, 2.109 ms]	583.169 µs (39.5%)
tracing	2.007 ms [1.959 ms, 2.056 ms]	532.645 µs (36.1%)

[manuel-alvarez-alvarez]

Can you update the test to do assertions on the response body schema:

  void 'test response schema extraction'() {
    given:
    def url = "http://localhost:${httpPort}/api_security/response"
    def client = OkHttpUtils.clientBuilder().build()
    def body = [
      "main"    : [["key": "id001", "value": 1345.67], ["value": 1567.89, "key": "id002"]],
      "nullable": null,
    ]
    def request = new Request.Builder()
      .url(url)
      .post(RequestBody.create(MediaType.get('application/json'), JsonOutput.toJson(body)))
      .build()

    when:
    final response = client.newCall(request).execute()
    waitForTraceCount(1)

    then:
    response.code() == 200
    def span = rootSpans.first()
    span.meta.containsKey('_dd.appsec.s.res.headers')
    span.meta.containsKey('_dd.appsec.s.res.body')
    final schema = new JsonSlurper().parse(unzip(span.meta.get('_dd.appsec.s.res.body')))
    assert schema == [["main": [[[["key": [8], "value": [16]]]], ["len": 2]], "nullable": [1]]]
  }

  private static byte[] unzip(final String text) {
    final inflaterStream = new GZIPInputStream(new ByteArrayInputStream(text.decodeBase64()))
    return inflaterStream.getBytes()
  }

[manuel-alvarez-alvarez]

Same comment as with jersey-2