WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例

2025-11-17 19:00:25 +08:00 · 2023-12-09 11:46:50 +08:00
parent 86ab242f68
commit 5a7247b8be
12 changed files with 325 additions and 567 deletions
--- a/internal/waf/injectionutils/utils_xss_test.go
+++ b/internal/waf/injectionutils/utils_xss_test.go
@@ -4,6 +4,7 @@ package injectionutils_test

 import (
 	"github.com/TeaOSLab/EdgeNode/internal/waf/injectionutils"
+	"github.com/TeaOSLab/EdgeNode/internal/waf/utils"
 	"github.com/iwind/TeaGo/assert"
 	"runtime"
 	"testing"
@@ -25,7 +26,10 @@ func TestDetectXSS(t *testing.T) {
 }

 func BenchmarkDetectXSS_MISS(b *testing.B) {
-	b.Log(injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>"))
+	var result = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>")
+	if result {
+		b.Fatal("'result' should not be 'true'")
+	}

 	runtime.GOMAXPROCS(4)

@@ -36,8 +40,26 @@ func BenchmarkDetectXSS_MISS(b *testing.B) {
 	})
 }

+func BenchmarkDetectXSS_MISS_Cache(b *testing.B) {
+	var result = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>")
+	if result {
+		b.Fatal("'result' should not be 'true'")
+	}
+
+	runtime.GOMAXPROCS(4)
+
+	b.RunParallel(func(pb *testing.PB) {
+		for pb.Next() {
+			_ = injectionutils.DetectXSSCache("<html><body><span>RequestId: 1234567890</span></body></html>", utils.CacheMiddleLife)
+		}
+	})
+}
+
 func BenchmarkDetectXSS_HIT(b *testing.B) {
-	b.Log(injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span><script src=\"\"></script></body></html>"))
+	var result = injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span><script src=\"\"></script></body></html>")
+	if !result {
+		b.Fatal("'result' should not be 'false'")
+	}

 	runtime.GOMAXPROCS(4)