2023-12-08 10:15:18 +08:00
|
|
|
// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
|
|
|
|
|
|
|
|
|
|
package injectionutils_test
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/waf/injectionutils"
|
2023-12-09 11:46:50 +08:00
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/waf/utils"
|
2023-12-08 10:15:18 +08:00
|
|
|
"github.com/iwind/TeaGo/assert"
|
|
|
|
|
"runtime"
|
|
|
|
|
"testing"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestDetectXSS(t *testing.T) {
|
|
|
|
|
var a = assert.NewAssertion(t)
|
|
|
|
|
a.IsFalse(injectionutils.DetectXSS(""))
|
|
|
|
|
a.IsFalse(injectionutils.DetectXSS("abc"))
|
|
|
|
|
a.IsTrue(injectionutils.DetectXSS("<script>"))
|
|
|
|
|
a.IsTrue(injectionutils.DetectXSS("<link>"))
|
|
|
|
|
a.IsFalse(injectionutils.DetectXSS("<html><span>"))
|
|
|
|
|
a.IsFalse(injectionutils.DetectXSS("<script>"))
|
|
|
|
|
a.IsTrue(injectionutils.DetectXSS("/path?onmousedown=a"))
|
|
|
|
|
a.IsTrue(injectionutils.DetectXSS("/path?onkeyup=a"))
|
|
|
|
|
a.IsTrue(injectionutils.DetectXSS("onkeyup=a"))
|
|
|
|
|
a.IsTrue(injectionutils.DetectXSS("<iframe scrolling='no'>"))
|
|
|
|
|
a.IsFalse(injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>"))
|
2023-12-10 16:52:54 +08:00
|
|
|
a.IsTrue(injectionutils.DetectXSS("name=s&description=%3Cscript+src%3D%22a.js%22%3Edddd%3C%2Fscript%3E"))
|
2023-12-08 10:15:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func BenchmarkDetectXSS_MISS(b *testing.B) {
|
2023-12-09 11:46:50 +08:00
|
|
|
var result = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>")
|
|
|
|
|
if result {
|
|
|
|
|
b.Fatal("'result' should not be 'true'")
|
|
|
|
|
}
|
2023-12-08 10:15:18 +08:00
|
|
|
|
|
|
|
|
runtime.GOMAXPROCS(4)
|
|
|
|
|
|
|
|
|
|
b.RunParallel(func(pb *testing.PB) {
|
|
|
|
|
for pb.Next() {
|
|
|
|
|
_ = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>")
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2023-12-09 11:46:50 +08:00
|
|
|
func BenchmarkDetectXSS_MISS_Cache(b *testing.B) {
|
|
|
|
|
var result = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>")
|
|
|
|
|
if result {
|
|
|
|
|
b.Fatal("'result' should not be 'true'")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
runtime.GOMAXPROCS(4)
|
|
|
|
|
|
|
|
|
|
b.RunParallel(func(pb *testing.PB) {
|
|
|
|
|
for pb.Next() {
|
|
|
|
|
_ = injectionutils.DetectXSSCache("<html><body><span>RequestId: 1234567890</span></body></html>", utils.CacheMiddleLife)
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2023-12-08 10:15:18 +08:00
|
|
|
func BenchmarkDetectXSS_HIT(b *testing.B) {
|
2023-12-09 11:46:50 +08:00
|
|
|
var result = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span><script src=\"\"></script></body></html>")
|
|
|
|
|
if !result {
|
|
|
|
|
b.Fatal("'result' should not be 'false'")
|
|
|
|
|
}
|
2023-12-08 10:15:18 +08:00
|
|
|
|
|
|
|
|
runtime.GOMAXPROCS(4)
|
|
|
|
|
|
|
|
|
|
b.RunParallel(func(pb *testing.PB) {
|
|
|
|
|
for pb.Next() {
|
|
|
|
|
_ = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span><script src=\"\"></script></body></html>")
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
