Example #1
0
 int TryGeneratedCssEncode(string input, out string output)
 {
     try
     {
         var res = CssEncode.Apply(input);
         output = res;
         return(0);
     }
     catch (Exception e)
     {
         if (e.Message == "InvalidSurrogatePairException")
         {
             output = null;
             return(1);
         }
         else if (e.Message == "InvalidUnicodeValueException")
         {
             output = null;
             return(2);
         }
         else
         {
             throw e;
         }
     }
 }
Example #2
0
        public void TestGeneratedCssEncodePerformance()
        {
            CharSetSolver css = new CharSetSolver(BitWidth.BV16);
            var A = css.Convert("^.{100,}$"); //at least 50 chars
            var utf16 = css.Convert(@"^([\0-\uD7FF\uE000-\uFFFD]|([\uD800-\uDBFF][\uDC00-\uDFFF]))*$");
            A = A.Intersect(utf16, css);
            //css.Chooser.RandomSeed = 123;
            List<string> samples = new List<string>();
            //construct a sample set of 100000 strings of length >= 50 that are valid inputs
            while (samples.Count < 100)
            {
                string input = css.GenerateMember(A);//margus
                samples.Add(input);
               // if (TryActualCssEncode(input, out tmp) == 0)
               //     samples.Add(input);
            }
            //now use the sample set for performace comparison

            var antiXssTimes = new List<int>();
            var CssEncodeTimes = new List<int>();
            var CssEncodeTimes_B = new List<int>();
            var CssEncodeTimes_F = new List<int>();

            int NrOfReps = 100;

            for (int j = 0; j < NrOfReps; j++)
            {
                //the AntiXss encoder
                int t_AntiXss = System.Environment.TickCount;
                for (int i = 0; i < samples.Count; i++)
                {
                    string tmp = System.Web.Security.AntiXss.AntiXssEncoder.CssEncode(samples[i]);
                }
                t_AntiXss = System.Environment.TickCount - t_AntiXss;
                antiXssTimes.Add(t_AntiXss);
                //generated encoder without exploration
                int t_CssEncode = System.Environment.TickCount;
                for (int i = 0; i < samples.Count; i++)
                {
                    string tmp = CssEncode.Apply(samples[i]);
                }
                t_CssEncode = System.Environment.TickCount - t_CssEncode;
                CssEncodeTimes.Add(t_CssEncode);
                //generated encoder with Boolean exploration
                int t_CssEncode_B = System.Environment.TickCount;
                for (int i = 0; i < samples.Count; i++)
                {
                    string tmp = CssEncode_B.Apply(samples[i]);
                }
                t_CssEncode_B = System.Environment.TickCount - t_CssEncode_B;
                CssEncodeTimes_B.Add(t_CssEncode_B);
                //generated encoder with Full exploration
                int t_CssEncode_F = System.Environment.TickCount;
                for (int i = 0; i < samples.Count; i++)
                {
                    string tmp = CssEncode_F.Apply(samples[i]);
                }
                t_CssEncode_F = System.Environment.TickCount - t_CssEncode_F;
                CssEncodeTimes_F.Add(t_CssEncode_F);
            }
            //compute the average times
            int antiXssTime = ComputeAverage(antiXssTimes);
            int CssEncodeTime = ComputeAverage(CssEncodeTimes);
            int CssEncodeTime_B = ComputeAverage(CssEncodeTimes_B);
            int CssEncodeTime_F = ComputeAverage(CssEncodeTimes_F);

            double[] stdevs = CombinedStandardDeviation(antiXssTimes, CssEncodeTimes, CssEncodeTimes_B, CssEncodeTimes_F);
            Console.WriteLine("antiXssTime={0}, CssEncodeTime={1}, CssEncodeTime_B={2}, CssEncodeTime_F={3}, stddvAntiXSS={4}, stddvCssEncode={5}, stddvCssEncodeB={6}, stddvCssEncodeF={7}",
                               antiXssTime, CssEncodeTime, CssEncodeTime_B, CssEncodeTime_F, stdevs[0], stdevs[1], stdevs[2], stdevs[3]);
        }