Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds Benchmark for XSS detection, minor refactor/optimization #13

Merged
merged 16 commits into from
Jun 5, 2024
Merged

Adds Benchmark for XSS detection, minor refactor/optimization #13

merged 16 commits into from
Jun 5, 2024

Conversation

M4tteoP
Copy link
Member

@M4tteoP M4tteoP commented Sep 18, 2022

This PR:

  • Adds a Benchmark test for XSS detection
  • Reduces functions called inside interactions (still no performance improvements, I think mainly because of the small amount of data iterated)
  • Has minor refactors in favor of Go idioms rather than C ones.

Benchmark Before/After:

name                  old time/op    new time/op   delta
XSSDriver/html5-10    42.5µs ± 3%    41.2µs ± 1%  -3.19%  (p=0.000 n=100+86)

anuraaga
anuraaga reviewed Sep 20, 2022
View reviewed changes
Copy link
Contributor

@anuraaga anuraaga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd probably be good to add some test case files with larger strings if it seems like it'd be useful for performance testing, there's no reason to avoid them for unit testing anyways

xss_helpers.go Outdated Show resolved Hide resolved
xss_helpers.go Outdated Show resolved Hide resolved
xss_helpers.go Outdated Show resolved Hide resolved
xss_helpers.go Outdated Show resolved Hide resolved
@anuraaga
Copy link
Contributor

XSSDriver/html5-10 42.5µs ± 3% 41.2µs ± 1% -3.19% (p=0.000 n=100+86)

Can you add some logic to check for, or at least debug that the benchmark is actually running code? Even if the inputs are all small, there are about 60 test case files meaning <1 microsecond per case, this seems too low. Nothing seems obviously wrong with the code from reading it though 🤔

@M4tteoP M4tteoP marked this pull request as ready for review September 26, 2022 12:51
@codecov-commenter
Copy link

codecov-commenter commented Sep 26, 2022
edited by codecov bot
Loading

Codecov Report

Attention: Patch coverage is 44.18605% with 24 lines in your changes missing coverage. Please review.

Project coverage is 91.41%. Comparing base (243c29f) to head (5a2e0ef).
Report is 3 commits behind head on master.

Current head 5a2e0ef differs from pull request most recent head 3e0beba

Please upload reports for the commit 3e0beba to get more accurate results.

Files Patch % Lines
xss_helpers.go 40.00% 23 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master      #13      +/-   ##
==========================================
+ Coverage   90.21%   91.41%   +1.20%     
==========================================
  Files           8        8              
  Lines        1523     1515       -8     
==========================================
+ Hits         1374     1385      +11     
+ Misses        128      105      -23     
- Partials       21       25       +4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

jcchavezs
jcchavezs reviewed Sep 26, 2022
View reviewed changes
xss_test.go Outdated Show resolved Hide resolved
jcchavezs
jcchavezs reviewed Sep 26, 2022
View reviewed changes
xss_test.go Outdated Show resolved Hide resolved
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

No Coverage information No Coverage information
0.0% 0.0% Duplication

jcchavezs
jcchavezs reviewed Sep 26, 2022
View reviewed changes
xss_test.go Show resolved Hide resolved
@jcchavezs jcchavezs requested a review from jptosso September 26, 2022 22:21
@fzipi
Copy link
Member

fzipi commented Apr 2, 2023

@M4tteoP Can you push some additional larger texts for #13 (review) ?

@fzipi
Copy link
Member

fzipi commented Jan 25, 2024

ping @M4tteoP

@M4tteoP
Copy link
Member Author

M4tteoP commented Jan 27, 2024

Requires #18

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

The SonarCloud Quality Gate passed, but some issues were introduced.

1 New issue
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@fzipi
Copy link
Member

fzipi commented Jun 5, 2024

What is needed here? @M4tteoP

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jun 5, 2024

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@M4tteoP
Copy link
Member Author

M4tteoP commented Jun 5, 2024

If you are happy with the additional larger texts added, it is ready to be merged from my side

@fzipi
Copy link
Member

fzipi commented Jun 5, 2024

I'm always happy. Let's go!

@M4tteoP M4tteoP merged commit c7505f1 into corazawaf:master Jun 5, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcchavezs jcchavezs jcchavezs left review comments

@anuraaga anuraaga anuraaga left review comments

@fzipi fzipi fzipi approved these changes

@jptosso jptosso Awaiting requested review from jptosso

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@M4tteoP @anuraaga @codecov-commenter @fzipi @jcchavezs