forked from client9/libinjection
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest_speed_xss.c
84 lines (76 loc) · 2.07 KB
/
test_speed_xss.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
/*
* A not very good test for performance. This is mostly useful in
* testing performance -regressions-
*
*/
#include <time.h>
#include <string.h>
#include <stdio.h>
#include "libinjection.h"
int testIsSQL(void);
int testIsSQL(void)
{
const char* const s[] = {
"<script>alert(1);</script>",
"><script>alert(1);</script>"
"x ><script>alert(1);</script>",
"' ><script>alert(1);</script>",
"\"><script>alert(1);</script>",
"red;</style><script>alert(1);</script>",
"red;}</style><script>alert(1);</script>",
"red;\"/><script>alert(1);</script>",
"');}</style><script>alert(1);</script>",
"onerror=alert(1)>",
"x onerror=alert(1);>",
"x' onerror=alert(1);>",
"x\" onerror=alert(1);>",
"<a href=\"javascript:alert(1)\">",
"<a href='javascript:alert(1)'>",
"<a href=javascript:alert(1)>",
"<a href = javascript:alert(1); >",
"<a href=\" javascript:alert(1);\" >",
"<a href=\"JAVASCRIPT:alert(1);\" >",
"123 LIKE -1234.5678E+2;",
"APPLE 19.123 'FOO' \"BAR\"",
"/* BAR */ UNION ALL SELECT (2,3,4)",
"1 || COS(+0X04) --FOOBAR",
"dog apple @cat banana bar",
"dog apple cat \"banana \'bar",
"102 TABLE CLOTH",
"(1001-'1') union select 1,2,3,4 from credit_cards",
NULL
};
const int imax = 1000000;
int i, j;
size_t slen;
clock_t t0,t1;
double total;
int tps;
t0 = clock();
for (i = imax, j=0; i != 0; --i, ++j) {
if (s[j] == NULL) {
j = 0;
}
slen = strlen(s[j]);
libinjection_xss(s[j], slen);
}
t1 = clock();
total = (double) (t1 - t0) / (double) CLOCKS_PER_SEC;
tps = (int)((double) imax / total);
return tps;
}
int main()
{
const int mintps = 500000;
int tps = testIsSQL();
printf("\nTPS : %d\n\n", tps);
if (tps < 500000) {
printf("FAIL: %d < %d\n", tps, mintps);
/* FAIL */
return 1;
} else {
printf("OK: %d > %d\n", tps, mintps);
/* OK */
return 0;
}
}