mirror of
https://github.com/prometheus/prometheus.git
synced 2025-02-21 03:16:00 -08:00
329ec6831a
* util/httputil: Benchmark newCompressedResponseWriter This benchmark illustrates that newCompressedResponseWriter incurs a prohibitive amount of heap allocations when handling a request containing a malicious Accept-Encoding header.¬ Signed-off-by: jub0bs <jcretel-infosec+github@protonmail.com> * util/httputil: Improve newCompressedResponseWriter This change dramatically reduces the heap allocations (in bytes) incurred when handling a request containing a malicious Accept-Encoding header. Below are some benchmark results; for conciseness, I've omitted the name of the benchmark function (BenchmarkNewCompressionHandler_MaliciousAcceptEncoding): ``` goos: darwin goarch: amd64 pkg: github.com/prometheus/prometheus/util/httputil cpu: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz │ old │ new │ │ sec/op │ sec/op vs base │ 18.60m ± 2% 13.54m ± 3% -27.17% (p=0.000 n=10) │ old │ new │ │ B/op │ B/op vs base │ 16785442.50 ± 0% 32.00 ± 0% -100.00% (p=0.000 n=10) │ old │ new │ │ allocs/op │ allocs/op vs base │ 2.000 ± 0% 1.000 ± 0% -50.00% (p=0.000 n=10) ``` Signed-off-by: jub0bs <jcretel-infosec+github@protonmail.com> --------- Signed-off-by: jub0bs <jcretel-infosec+github@protonmail.com> |
||
|---|---|---|
| .. | ||
| compression.go | ||
| compression_test.go | ||
| context.go | ||
| cors.go | ||
| cors_test.go | ||