From f24e0aec2a43ce9e5fc18b7f656badec01b5016a Mon Sep 17 00:00:00 2001 From: Juan Calderon-Perez Date: Sun, 24 Mar 2024 22:13:14 -0400 Subject: [PATCH 1/2] Add benchmarks for IsTrustedProxy --- ctx_test.go | 195 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 195 insertions(+) diff --git a/ctx_test.go b/ctx_test.go index fdd21a1672..33a554e371 100644 --- a/ctx_test.go +++ b/ctx_test.go @@ -5755,3 +5755,198 @@ func Benchmark_GenericParseTypeString(b *testing.B) { }) } } + +// go test -v -run=^$ -bench=Benchmark_Ctx_IsProxyTrusted -benchmem -count=4 +func Benchmark_Ctx_IsProxyTrusted(b *testing.B) { + // Scenario without trusted proxy check + b.Run("NoProxyCheck", func(b *testing.B) { + app := New() + c := app.AcquireCtx(&fasthttp.RequestCtx{}) + c.Request().SetRequestURI("http://google.com:8080/test") + b.ReportAllocs() + b.ResetTimer() + for n := 0; n < b.N; n++ { + c.IsProxyTrusted() + } + app.ReleaseCtx(c) + }) + + // Scenario without trusted proxy check in parallel + b.Run("NoProxyCheckParallel", func(b *testing.B) { + app := New() + b.ReportAllocs() + b.ResetTimer() + b.RunParallel(func(pb *testing.PB) { + c := app.AcquireCtx(&fasthttp.RequestCtx{}) + c.Request().SetRequestURI("http://google.com:8080/test") + for pb.Next() { + c.IsProxyTrusted() + } + app.ReleaseCtx(c) + }) + }) + + // Scenario with trusted proxy check + b.Run("WithProxyCheck", func(b *testing.B) { + app := New(Config{ + EnableTrustedProxyCheck: true, + TrustedProxies: []string{"0.0.0.0"}, + }) + c := app.AcquireCtx(&fasthttp.RequestCtx{}) + c.Request().SetRequestURI("http://google.com/test") + c.Request().Header.Set(HeaderXForwardedHost, "google1.com") + b.ReportAllocs() + b.ResetTimer() + for n := 0; n < b.N; n++ { + c.IsProxyTrusted() + } + app.ReleaseCtx(c) + }) + + // Scenario with trusted proxy check in parallel + b.Run("WithProxyCheckParallel", func(b *testing.B) { + app := New(Config{ + EnableTrustedProxyCheck: true, + TrustedProxies: []string{"0.0.0.0"}, + }) + b.ReportAllocs() + b.ResetTimer() + b.RunParallel(func(pb *testing.PB) { + c := app.AcquireCtx(&fasthttp.RequestCtx{}) + c.Request().SetRequestURI("http://google.com/") + c.Request().Header.Set(HeaderXForwardedHost, "google1.com") + for pb.Next() { + c.IsProxyTrusted() + } + app.ReleaseCtx(c) + }) + }) + + // Scenario with trusted proxy check with subnet + b.Run("WithProxyCheckSubnet", func(b *testing.B) { + app := New(Config{ + EnableTrustedProxyCheck: true, + TrustedProxies: []string{"0.0.0.0/8"}, + }) + c := app.AcquireCtx(&fasthttp.RequestCtx{}) + c.Request().SetRequestURI("http://google.com/test") + c.Request().Header.Set(HeaderXForwardedHost, "google1.com") + b.ReportAllocs() + b.ResetTimer() + for n := 0; n < b.N; n++ { + c.IsProxyTrusted() + } + app.ReleaseCtx(c) + }) + + // Scenario with trusted proxy check with subnet in parallel + b.Run("WithProxyCheckParallelSubnet", func(b *testing.B) { + app := New(Config{ + EnableTrustedProxyCheck: true, + TrustedProxies: []string{"0.0.0.0/8"}, + }) + b.ReportAllocs() + b.ResetTimer() + b.RunParallel(func(pb *testing.PB) { + c := app.AcquireCtx(&fasthttp.RequestCtx{}) + c.Request().SetRequestURI("http://google.com/") + c.Request().Header.Set(HeaderXForwardedHost, "google1.com") + for pb.Next() { + c.IsProxyTrusted() + } + app.ReleaseCtx(c) + }) + }) + + // Scenario with trusted proxy check with multiple subnet + b.Run("WithProxyCheckMultipleSubnet", func(b *testing.B) { + app := New(Config{ + EnableTrustedProxyCheck: true, + TrustedProxies: []string{"192.168.0.0/24", "10.0.0.0/16", "0.0.0.0/8"}, + }) + c := app.AcquireCtx(&fasthttp.RequestCtx{}) + c.Request().SetRequestURI("http://google.com/test") + c.Request().Header.Set(HeaderXForwardedHost, "google1.com") + b.ReportAllocs() + b.ResetTimer() + for n := 0; n < b.N; n++ { + c.IsProxyTrusted() + } + app.ReleaseCtx(c) + }) + + // Scenario with trusted proxy check with multiple subnet in parallel + b.Run("WithProxyCheckParallelMultipleSubnet", func(b *testing.B) { + app := New(Config{ + EnableTrustedProxyCheck: true, + TrustedProxies: []string{"192.168.0.0/24", "10.0.0.0/16", "0.0.0.0/8"}, + }) + b.ReportAllocs() + b.ResetTimer() + b.RunParallel(func(pb *testing.PB) { + c := app.AcquireCtx(&fasthttp.RequestCtx{}) + c.Request().SetRequestURI("http://google.com/") + c.Request().Header.Set(HeaderXForwardedHost, "google1.com") + for pb.Next() { + c.IsProxyTrusted() + } + app.ReleaseCtx(c) + }) + }) + + // Scenario with trusted proxy check with all subnets + b.Run("WithProxyCheckAllSubnets", func(b *testing.B) { + app := New(Config{ + EnableTrustedProxyCheck: true, + TrustedProxies: []string{ + "127.0.0.0/8", // Loopback addresses + "169.254.0.0/16", // Link-Local addresses + "fe80::/10", // Link-Local addresses + "192.168.0.0/16", // Private Network addresses + "172.16.0.0/12", // Private Network addresses + "10.0.0.0/8", // Private Network addresses + "fc00::/7", // Unique Local addresses + "173.245.48.0/20", // My custom range + "0.0.0.0/8", // All IPv4 addresses + }, + }) + c := app.AcquireCtx(&fasthttp.RequestCtx{}) + c.Request().SetRequestURI("http://google.com/test") + c.Request().Header.Set(HeaderXForwardedHost, "google1.com") + b.ReportAllocs() + b.ResetTimer() + for n := 0; n < b.N; n++ { + c.IsProxyTrusted() + } + app.ReleaseCtx(c) + }) + + // Scenario with trusted proxy check with all subnets in parallel + b.Run("WithProxyCheckParallelAllSubnets", func(b *testing.B) { + app := New(Config{ + EnableTrustedProxyCheck: true, + TrustedProxies: []string{ + "127.0.0.0/8", // Loopback addresses + "169.254.0.0/16", // Link-Local addresses + "fe80::/10", // Link-Local addresses + "192.168.0.0/16", // Private Network addresses + "172.16.0.0/12", // Private Network addresses + "10.0.0.0/8", // Private Network addresses + "fc00::/7", // Unique Local addresses + "173.245.48.0/20", // My custom range + "0.0.0.0/8", // All IPv4 addresses + }, + }) + b.ReportAllocs() + b.ResetTimer() + b.RunParallel(func(pb *testing.PB) { + c := app.AcquireCtx(&fasthttp.RequestCtx{}) + c.Request().SetRequestURI("http://google.com/") + c.Request().Header.Set(HeaderXForwardedHost, "google1.com") + for pb.Next() { + c.IsProxyTrusted() + } + app.ReleaseCtx(c) + }) + }) +} From 7d6d02721aa709d8824de23c61984678e70aedc7 Mon Sep 17 00:00:00 2001 From: Juan Calderon-Perez Date: Sun, 24 Mar 2024 23:36:52 -0400 Subject: [PATCH 2/2] Update Benchmarks for IsTrustedProxy() --- ctx_test.go | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/ctx_test.go b/ctx_test.go index 33a554e371..f1c588dc8f 100644 --- a/ctx_test.go +++ b/ctx_test.go @@ -5786,6 +5786,40 @@ func Benchmark_Ctx_IsProxyTrusted(b *testing.B) { }) }) + // Scenario with trusted proxy check simple + b.Run("WithProxyCheckSimple", func(b *testing.B) { + app := New(Config{ + EnableTrustedProxyCheck: true, + }) + c := app.AcquireCtx(&fasthttp.RequestCtx{}) + c.Request().SetRequestURI("http://google.com/test") + c.Request().Header.Set(HeaderXForwardedHost, "google1.com") + b.ReportAllocs() + b.ResetTimer() + for n := 0; n < b.N; n++ { + c.IsProxyTrusted() + } + app.ReleaseCtx(c) + }) + + // Scenario with trusted proxy check simple in parallel + b.Run("WithProxyCheckSimpleParallel", func(b *testing.B) { + app := New(Config{ + EnableTrustedProxyCheck: true, + }) + b.ReportAllocs() + b.ResetTimer() + b.RunParallel(func(pb *testing.PB) { + c := app.AcquireCtx(&fasthttp.RequestCtx{}) + c.Request().SetRequestURI("http://google.com/") + c.Request().Header.Set(HeaderXForwardedHost, "google1.com") + for pb.Next() { + c.IsProxyTrusted() + } + app.ReleaseCtx(c) + }) + }) + // Scenario with trusted proxy check b.Run("WithProxyCheck", func(b *testing.B) { app := New(Config{