Access messages from the zap db
What does this MR do?
Retrieves messages from the ZAP database instead of getting them individually from the API.
Profiling of the ZAP Java heap indicates spikes of increased memory usage when messages are returned from the API. The majority of the memory used during these spikes is byte[]
, which likely holds the HTTP request bodies and response bodies of messages.
Slowing down message requests from Python to ZAP was considered as a way to alleviate this problem, however, has the following drawbacks:
- This approach still wouldn't work for a target site that had even one message with an enormous HTTP response body.
- There is no way to request a message from the ZAP API without the associated (or truncated) HTTP bodies.
The approach taken in the MR bypasses the ZAP API completely and instead accesses the HSQLDB database to obtain the required message information. This MR also handles safely parsing the results from the database into an HTTP message.
A future MR will convert ZAProxy.messages_har
to use the same approach.
What are the relevant issue numbers?
gitlab-org/gitlab#231326 (closed), gitlab-org/gitlab#223827 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Job definition example -
Vendored CI Templates (also in CE)
-
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer