Add fallback for missing http.route in API Security

[jandro996]

What Does This Do

A fallback is added in case the http.route tag is missing. This is necessary because there are several frameworks where the tag is either not set in time or has not yet been implemented.

This currently causes API Security to skip all requests when the tag is unavailable.
To avoid that, we now insert an empty string as a fallback when the tag is missing.

This is not the intended long-term behavior — these gaps will be addressed progressively.

In future PRs, a metric (appsec.api_security.missing_route) will be introduced to track how often this fallback is used.

Motivation

Additional Notes

Contributor Checklist

• Format the title according the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any usefull labels
• Don't use close, fix or any linking keywords when referencing an issue.
  Use solves instead, and assign the PR milestone to the issue
• Update the CODEOWNERS file on source file addition, move, or deletion
• Update the public documentation in case of new configuration flag or behavior

Jira ticket: [PROJ-IDENT]

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/api-security-sampling-fallback
git_commit_date	1752173281	1752228838
git_commit_sha	ad6d6b9	fc68b3b
release_version	1.52.0-SNAPSHOT~ad6d6b9786	1.52.0-SNAPSHOT~fc68b3b1f7

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1752230658	1752230658
ci_job_id	1024699236	1024699236
ci_pipeline_id	70283719	70283719
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-2-h9e35bdw 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-2-h9e35bdw 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 44 metrics, 9 unstable metrics.

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.52.0-SNAPSHOT~fc68b3b1f7, baseline=1.52.0-SNAPSHOT~ad6d6b9786

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (995.535 ms) : 0, 995535
Total [baseline] (8.581 s) : 0, 8580593
Agent [candidate] (1.01 s) : 0, 1009503
Total [candidate] (8.595 s) : 0, 8595149
section iast
Agent [baseline] (1.139 s) : 0, 1138757
Total [baseline] (9.296 s) : 0, 9296253
Agent [candidate] (1.14 s) : 0, 1139592
Total [candidate] (9.278 s) : 0, 9278219

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	995.535 ms	-
Agent	iast	1.139 s	143.223 ms (14.4%)
Total	tracing	8.581 s	-
Total	iast	9.296 s	715.66 ms (8.3%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.01 s	-
Agent	iast	1.14 s	130.089 ms (12.9%)
Total	tracing	8.595 s	-
Total	iast	9.278 s	683.07 ms (7.9%)

gantt
    title insecure-bank - break down per module: candidate=1.52.0-SNAPSHOT~fc68b3b1f7, baseline=1.52.0-SNAPSHOT~ad6d6b9786

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (687.576 ms) : 0, 687576
BytebuddyAgent [candidate] (697.716 ms) : 0, 697716
GlobalTracer [baseline] (241.893 ms) : 0, 241893
GlobalTracer [candidate] (245.046 ms) : 0, 245046
AppSec [baseline] (30.362 ms) : 0, 30362
AppSec [candidate] (30.699 ms) : 0, 30699
Debugger [baseline] (5.985 ms) : 0, 5985
Debugger [candidate] (6.04 ms) : 0, 6040
Remote Config [baseline] (678.409 µs) : 0, 678
Remote Config [candidate] (679.076 µs) : 0, 679
Telemetry [baseline] (8.246 ms) : 0, 8246
Telemetry [candidate] (8.355 ms) : 0, 8355
section iast
BytebuddyAgent [baseline] (812.639 ms) : 0, 812639
BytebuddyAgent [candidate] (812.529 ms) : 0, 812529
GlobalTracer [baseline] (232.918 ms) : 0, 232918
GlobalTracer [candidate] (233.522 ms) : 0, 233522
AppSec [baseline] (31.34 ms) : 0, 31340
AppSec [candidate] (28.54 ms) : 0, 28540
Debugger [baseline] (5.781 ms) : 0, 5781
Debugger [candidate] (6.571 ms) : 0, 6571
Remote Config [baseline] (589.62 µs) : 0, 590
Remote Config [candidate] (597.545 µs) : 0, 598
Telemetry [baseline] (8.054 ms) : 0, 8054
Telemetry [candidate] (7.996 ms) : 0, 7996
IAST [baseline] (26.615 ms) : 0, 26615
IAST [candidate] (28.996 ms) : 0, 28996

Loading

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.52.0-SNAPSHOT~fc68b3b1f7, baseline=1.52.0-SNAPSHOT~ad6d6b9786

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.001 s) : 0, 1000950
Total [baseline] (10.619 s) : 0, 10619156
Agent [candidate] (1.002 s) : 0, 1001946
Total [candidate] (10.638 s) : 0, 10638316
section appsec
Agent [baseline] (1.174 s) : 0, 1173824
Total [baseline] (10.7 s) : 0, 10700430
Agent [candidate] (1.175 s) : 0, 1174857
Total [candidate] (10.721 s) : 0, 10721280
section iast
Agent [baseline] (1.132 s) : 0, 1131661
Total [baseline] (10.819 s) : 0, 10818645
Agent [candidate] (1.133 s) : 0, 1133090
Total [candidate] (10.818 s) : 0, 10818062
section profiling
Agent [baseline] (1.243 s) : 0, 1243499
Total [baseline] (10.988 s) : 0, 10988168
Agent [candidate] (1.253 s) : 0, 1253301
Total [candidate] (11.017 s) : 0, 11016699

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.001 s	-
Agent	appsec	1.174 s	172.874 ms (17.3%)
Agent	iast	1.132 s	130.711 ms (13.1%)
Agent	profiling	1.243 s	242.549 ms (24.2%)
Total	tracing	10.619 s	-
Total	appsec	10.7 s	81.274 ms (0.8%)
Total	iast	10.819 s	199.489 ms (1.9%)
Total	profiling	10.988 s	369.012 ms (3.5%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.002 s	-
Agent	appsec	1.175 s	172.91 ms (17.3%)
Agent	iast	1.133 s	131.144 ms (13.1%)
Agent	profiling	1.253 s	251.355 ms (25.1%)
Total	tracing	10.638 s	-
Total	appsec	10.721 s	82.964 ms (0.8%)
Total	iast	10.818 s	179.745 ms (1.7%)
Total	profiling	11.017 s	378.383 ms (3.6%)

gantt
    title petclinic - break down per module: candidate=1.52.0-SNAPSHOT~fc68b3b1f7, baseline=1.52.0-SNAPSHOT~ad6d6b9786

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (691.746 ms) : 0, 691746
BytebuddyAgent [candidate] (691.83 ms) : 0, 691830
GlobalTracer [baseline] (243.044 ms) : 0, 243044
GlobalTracer [candidate] (243.658 ms) : 0, 243658
AppSec [baseline] (30.367 ms) : 0, 30367
AppSec [candidate] (30.554 ms) : 0, 30554
Debugger [baseline] (5.998 ms) : 0, 5998
Debugger [candidate] (6.036 ms) : 0, 6036
Remote Config [baseline] (686.732 µs) : 0, 687
Remote Config [candidate] (684.778 µs) : 0, 685
Telemetry [baseline] (8.236 ms) : 0, 8236
Telemetry [candidate] (8.313 ms) : 0, 8313
section appsec
BytebuddyAgent [baseline] (709.34 ms) : 0, 709340
BytebuddyAgent [candidate] (710.428 ms) : 0, 710428
GlobalTracer [baseline] (234.876 ms) : 0, 234876
GlobalTracer [candidate] (235.033 ms) : 0, 235033
AppSec [baseline] (170.749 ms) : 0, 170749
AppSec [candidate] (170.678 ms) : 0, 170678
Debugger [baseline] (5.714 ms) : 0, 5714
Debugger [candidate] (5.716 ms) : 0, 5716
Remote Config [baseline] (595.835 µs) : 0, 596
Remote Config [candidate] (601.068 µs) : 0, 601
Telemetry [baseline] (8.05 ms) : 0, 8050
Telemetry [candidate] (8.034 ms) : 0, 8034
IAST [baseline] (23.628 ms) : 0, 23628
IAST [candidate] (23.537 ms) : 0, 23537
section iast
BytebuddyAgent [baseline] (806.948 ms) : 0, 806948
BytebuddyAgent [candidate] (807.57 ms) : 0, 807570
GlobalTracer [baseline] (231.827 ms) : 0, 231827
GlobalTracer [candidate] (232.235 ms) : 0, 232235
AppSec [baseline] (32.113 ms) : 0, 32113
AppSec [candidate] (30.067 ms) : 0, 30067
Debugger [baseline] (5.742 ms) : 0, 5742
Debugger [candidate] (5.76 ms) : 0, 5760
Remote Config [baseline] (575.503 µs) : 0, 576
Remote Config [candidate] (581.936 µs) : 0, 582
Telemetry [baseline] (7.966 ms) : 0, 7966
Telemetry [candidate] (7.927 ms) : 0, 7927
IAST [baseline] (25.682 ms) : 0, 25682
IAST [candidate] (28.188 ms) : 0, 28188
section profiling
ProfilingAgent [baseline] (103.386 ms) : 0, 103386
ProfilingAgent [candidate] (104.124 ms) : 0, 104124
BytebuddyAgent [baseline] (677.479 ms) : 0, 677479
BytebuddyAgent [candidate] (683.501 ms) : 0, 683501
GlobalTracer [baseline] (361.122 ms) : 0, 361122
GlobalTracer [candidate] (363.145 ms) : 0, 363145
AppSec [baseline] (31.615 ms) : 0, 31615
AppSec [candidate] (31.851 ms) : 0, 31851
Debugger [baseline] (11.181 ms) : 0, 11181
Debugger [candidate] (11.427 ms) : 0, 11427
Remote Config [baseline] (664.926 µs) : 0, 665
Remote Config [candidate] (678.156 µs) : 0, 678
Telemetry [baseline] (9.484 ms) : 0, 9484
Telemetry [candidate] (9.573 ms) : 0, 9573
Profiling [baseline] (103.41 ms) : 0, 103410
Profiling [candidate] (104.148 ms) : 0, 104148

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/api-security-sampling-fallback
git_commit_date	1752173281	1752228838
git_commit_sha	ad6d6b9	fc68b3b
release_version	1.52.0-SNAPSHOT~ad6d6b9786	1.52.0-SNAPSHOT~fc68b3b1f7

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1752230266	1752230266
ci_job_id	1024699237	1024699237
ci_pipeline_id	70283719	70283719
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-0-hk4hvfyk 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-0-hk4hvfyk 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 3 performance regressions! Performance is the same for 8 metrics, 12 unstable metrics.

scenario	Δ mean http_req_duration	Δ mean throughput	candidate mean http_req_duration	candidate mean throughput	baseline mean http_req_duration	baseline mean throughput
scenario:load:petclinic:no_agent:high_load	worse [+0.870ms; +1.499ms] or [+2.431%; +4.188%]	unstable [-13.084op/s; +4.734op/s] or [-10.019%; +3.625%]	36.980ms	126.412op/s	35.795ms	130.588op/s
scenario:load:petclinic:tracing:high_load	better [-1.680ms; -0.937ms] or [-3.838%; -2.141%]	unstable [-4.340op/s; +10.865op/s] or [-4.059%; +10.161%]	42.455ms	110.188op/s	43.763ms	106.925op/s
scenario:load:petclinic:code_origins:high_load	worse [+1.482ms; +2.335ms] or [+3.310%; +5.213%]	unstable [-11.409op/s; +2.859op/s] or [-10.922%; +2.737%]	46.698ms	100.188op/s	44.790ms	104.463op/s
scenario:load:petclinic:appsec:high_load	worse [+1.047ms; +1.993ms] or [+2.200%; +4.188%]	unstable [-10.142op/s; +4.117op/s] or [-10.316%; +4.188%]	49.116ms	95.300op/s	47.596ms	98.312op/s

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.52.0-SNAPSHOT~fc68b3b1f7, baseline=1.52.0-SNAPSHOT~ad6d6b9786
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.525 ms) : 4474, 4577
.   : milestone, 4525,
iast (9.458 ms) : 9306, 9610
.   : milestone, 9458,
iast_FULL (14.338 ms) : 14058, 14618
.   : milestone, 14338,
iast_GLOBAL (10.063 ms) : 9890, 10235
.   : milestone, 10063,
profiling (8.554 ms) : 8424, 8684
.   : milestone, 8554,
tracing (7.44 ms) : 7336, 7544
.   : milestone, 7440,
section candidate
no_agent (4.469 ms) : 4418, 4519
.   : milestone, 4469,
iast (9.159 ms) : 9009, 9310
.   : milestone, 9159,
iast_FULL (13.905 ms) : 13632, 14178
.   : milestone, 13905,
iast_GLOBAL (10.308 ms) : 10126, 10491
.   : milestone, 10308,
profiling (8.617 ms) : 8474, 8760
.   : milestone, 8617,
tracing (7.688 ms) : 7574, 7802
.   : milestone, 7688,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	4.525 ms [4.474 ms, 4.577 ms]	-
iast	9.458 ms [9.306 ms, 9.61 ms]	4.933 ms (109.0%)
iast_FULL	14.338 ms [14.058 ms, 14.618 ms]	9.813 ms (216.8%)
iast_GLOBAL	10.063 ms [9.89 ms, 10.235 ms]	5.538 ms (122.4%)
profiling	8.554 ms [8.424 ms, 8.684 ms]	4.029 ms (89.0%)
tracing	7.44 ms [7.336 ms, 7.544 ms]	2.915 ms (64.4%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	4.469 ms [4.418 ms, 4.519 ms]	-
iast	9.159 ms [9.009 ms, 9.31 ms]	4.691 ms (105.0%)
iast_FULL	13.905 ms [13.632 ms, 14.178 ms]	9.436 ms (211.2%)
iast_GLOBAL	10.308 ms [10.126 ms, 10.491 ms]	5.84 ms (130.7%)
profiling	8.617 ms [8.474 ms, 8.76 ms]	4.149 ms (92.8%)
tracing	7.688 ms [7.574 ms, 7.802 ms]	3.219 ms (72.0%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.52.0-SNAPSHOT~fc68b3b1f7, baseline=1.52.0-SNAPSHOT~ad6d6b9786
    dateFormat X
    axisFormat %s
section baseline
no_agent (35.795 ms) : 35515, 36075
.   : milestone, 35795,
appsec (47.596 ms) : 47165, 48027
.   : milestone, 47596,
code_origins (44.79 ms) : 44406, 45173
.   : milestone, 44790,
iast (44.752 ms) : 44360, 45144
.   : milestone, 44752,
profiling (49.778 ms) : 49304, 50253
.   : milestone, 49778,
tracing (43.763 ms) : 43410, 44117
.   : milestone, 43763,
section candidate
no_agent (36.98 ms) : 36676, 37283
.   : milestone, 36980,
appsec (49.116 ms) : 48668, 49564
.   : milestone, 49116,
code_origins (46.698 ms) : 46290, 47106
.   : milestone, 46698,
iast (44.019 ms) : 43644, 44394
.   : milestone, 44019,
profiling (49.602 ms) : 49156, 50047
.   : milestone, 49602,
tracing (42.455 ms) : 42119, 42792
.   : milestone, 42455,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	35.795 ms [35.515 ms, 36.075 ms]	-
appsec	47.596 ms [47.165 ms, 48.027 ms]	11.801 ms (33.0%)
code_origins	44.79 ms [44.406 ms, 45.173 ms]	8.994 ms (25.1%)
iast	44.752 ms [44.36 ms, 45.144 ms]	8.957 ms (25.0%)
profiling	49.778 ms [49.304 ms, 50.253 ms]	13.983 ms (39.1%)
tracing	43.763 ms [43.41 ms, 44.117 ms]	7.968 ms (22.3%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	36.98 ms [36.676 ms, 37.283 ms]	-
appsec	49.116 ms [48.668 ms, 49.564 ms]	12.136 ms (32.8%)
code_origins	46.698 ms [46.29 ms, 47.106 ms]	9.718 ms (26.3%)
iast	44.019 ms [43.644 ms, 44.394 ms]	7.039 ms (19.0%)
profiling	49.602 ms [49.156 ms, 50.047 ms]	12.622 ms (34.1%)
tracing	42.455 ms [42.119 ms, 42.792 ms]	5.475 ms (14.8%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/api-security-sampling-fallback
git_commit_date	1752173281	1752228838
git_commit_sha	ad6d6b9	fc68b3b
release_version	1.52.0-SNAPSHOT~ad6d6b9786	1.52.0-SNAPSHOT~fc68b3b1f7

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1752230746	1752230746
ci_job_id	1024699238	1024699238
ci_pipeline_id	70283719	70283719
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-3-w5l70qfa 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-3-w5l70qfa 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.52.0-SNAPSHOT~fc68b3b1f7, baseline=1.52.0-SNAPSHOT~ad6d6b9786
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.912 s) : 14912000, 14912000
.   : milestone, 14912000,
appsec (14.977 s) : 14977000, 14977000
.   : milestone, 14977000,
iast (18.869 s) : 18869000, 18869000
.   : milestone, 18869000,
iast_GLOBAL (18.041 s) : 18041000, 18041000
.   : milestone, 18041000,
profiling (15.395 s) : 15395000, 15395000
.   : milestone, 15395000,
tracing (14.844 s) : 14844000, 14844000
.   : milestone, 14844000,
section candidate
no_agent (14.891 s) : 14891000, 14891000
.   : milestone, 14891000,
appsec (14.682 s) : 14682000, 14682000
.   : milestone, 14682000,
iast (18.59 s) : 18590000, 18590000
.   : milestone, 18590000,
iast_GLOBAL (17.858 s) : 17858000, 17858000
.   : milestone, 17858000,
profiling (15.484 s) : 15484000, 15484000
.   : milestone, 15484000,
tracing (15.014 s) : 15014000, 15014000
.   : milestone, 15014000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.912 s [14.912 s, 14.912 s]	-
appsec	14.977 s [14.977 s, 14.977 s]	65.0 ms (0.4%)
iast	18.869 s [18.869 s, 18.869 s]	3.957 s (26.5%)
iast_GLOBAL	18.041 s [18.041 s, 18.041 s]	3.129 s (21.0%)
profiling	15.395 s [15.395 s, 15.395 s]	483.0 ms (3.2%)
tracing	14.844 s [14.844 s, 14.844 s]	-68.0 ms (-0.5%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.891 s [14.891 s, 14.891 s]	-
appsec	14.682 s [14.682 s, 14.682 s]	-209.0 ms (-1.4%)
iast	18.59 s [18.59 s, 18.59 s]	3.699 s (24.8%)
iast_GLOBAL	17.858 s [17.858 s, 17.858 s]	2.967 s (19.9%)
profiling	15.484 s [15.484 s, 15.484 s]	593.0 ms (4.0%)
tracing	15.014 s [15.014 s, 15.014 s]	123.0 ms (0.8%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.52.0-SNAPSHOT~fc68b3b1f7, baseline=1.52.0-SNAPSHOT~ad6d6b9786
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.476 ms) : 1464, 1487
.   : milestone, 1476,
appsec (2.426 ms) : 2375, 2476
.   : milestone, 2426,
iast (2.199 ms) : 2136, 2262
.   : milestone, 2199,
iast_GLOBAL (2.256 ms) : 2192, 2320
.   : milestone, 2256,
profiling (2.051 ms) : 2000, 2102
.   : milestone, 2051,
tracing (2.021 ms) : 1972, 2070
.   : milestone, 2021,
section candidate
no_agent (1.48 ms) : 1468, 1492
.   : milestone, 1480,
appsec (2.412 ms) : 2362, 2462
.   : milestone, 2412,
iast (2.2 ms) : 2137, 2263
.   : milestone, 2200,
iast_GLOBAL (2.251 ms) : 2188, 2315
.   : milestone, 2251,
profiling (2.105 ms) : 2050, 2160
.   : milestone, 2105,
tracing (2.03 ms) : 1981, 2079
.   : milestone, 2030,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.476 ms [1.464 ms, 1.487 ms]	-
appsec	2.426 ms [2.375 ms, 2.476 ms]	949.989 µs (64.4%)
iast	2.199 ms [2.136 ms, 2.262 ms]	723.294 µs (49.0%)
iast_GLOBAL	2.256 ms [2.192 ms, 2.32 ms]	780.254 µs (52.9%)
profiling	2.051 ms [2.0 ms, 2.102 ms]	575.277 µs (39.0%)
tracing	2.021 ms [1.972 ms, 2.07 ms]	545.284 µs (37.0%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.48 ms [1.468 ms, 1.492 ms]	-
appsec	2.412 ms [2.362 ms, 2.462 ms]	931.816 µs (63.0%)
iast	2.2 ms [2.137 ms, 2.263 ms]	720.174 µs (48.7%)
iast_GLOBAL	2.251 ms [2.188 ms, 2.315 ms]	771.379 µs (52.1%)
profiling	2.105 ms [2.05 ms, 2.16 ms]	625.181 µs (42.2%)
tracing	2.03 ms [1.981 ms, 2.079 ms]	549.874 µs (37.2%)

[manuel-alvarez-alvarez]

Does it really make sense?, even though we include some requests we still don´t have the http.route to link the request. What does it mean from a security perspective? e.g.: if we compute the request/response schemas how we are going to link them to the actual path? (maybe it can be done/ it's done in the backed using the path or other strategies)

[smola]

@manuel-alvarez-alvarez These can later use endpoint inference in the backend (upcoming).

[manuel-alvarez-alvarez]

Set as draft, until we have more information on the backend route inference