Initial Commit

2017-02-25 23:55:24 +01:00
commit 1fe2e8ab62
4868 changed files with 1487355 additions and 0 deletions
--- a/naxsi-0.55.3/naxsi_src/ext/libinjection/test_speed_xss.c
+++ b/naxsi-0.55.3/naxsi_src/ext/libinjection/test_speed_xss.c
@@ -0,0 +1,84 @@
+/*
+ * A not very good test for performance.  This is mostly useful in
+ * testing performance -regressions-
+ *
+ */
+#include <time.h>
+#include <string.h>
+#include <stdio.h>
+
+#include "libinjection.h"
+int testIsSQL(void);
+
+int testIsSQL(void)
+{
+    const char* const s[] = {
+      "<script>alert(1);</script>",
+      "><script>alert(1);</script>"
+      "x ><script>alert(1);</script>",
+      "' ><script>alert(1);</script>",
+      "\"><script>alert(1);</script>",
+      "red;</style><script>alert(1);</script>",
+      "red;}</style><script>alert(1);</script>",
+      "red;\"/><script>alert(1);</script>",
+      "');}</style><script>alert(1);</script>",
+      "onerror=alert(1)>",
+      "x onerror=alert(1);>",
+      "x' onerror=alert(1);>",
+      "x\" onerror=alert(1);>",
+      "<a href=\"javascript:alert(1)\">",
+      "<a href='javascript:alert(1)'>",
+      "<a href=javascript:alert(1)>",
+      "<a href  =   javascript:alert(1); >",
+      "<a href=\"  javascript:alert(1);\" >",
+      "<a href=\"JAVASCRIPT:alert(1);\" >",
+      "123 LIKE -1234.5678E+2;",
+        "APPLE 19.123 'FOO' \"BAR\"",
+        "/* BAR */ UNION ALL SELECT (2,3,4)",
+        "1 || COS(+0X04) --FOOBAR",
+        "dog apple @cat banana bar",
+        "dog apple cat \"banana \'bar",
+        "102 TABLE CLOTH",
+        "(1001-'1') union select 1,2,3,4 from credit_cards",
+        NULL
+    };
+    const int imax = 1000000;
+    int i, j;
+    size_t slen;
+    clock_t t0,t1;
+    double total;
+    int tps;
+
+    t0 = clock();
+    for (i = imax, j=0; i != 0; --i, ++j) {
+        if (s[j] == NULL) {
+            j = 0;
+        }
+
+        slen = strlen(s[j]);
+        libinjection_xss(s[j], slen);
+    }
+
+    t1 = clock();
+    total = (double) (t1 - t0) / (double) CLOCKS_PER_SEC;
+    tps = (int)((double) imax / total);
+    return tps;
+}
+
+int main()
+{
+    const int mintps = 500000;
+    int tps = testIsSQL();
+
+    printf("\nTPS : %d\n\n", tps);
+
+    if (tps < 500000) {
+        printf("FAIL: %d < %d\n", tps, mintps);
+        /* FAIL */
+        return 1;
+    } else {
+        printf("OK: %d > %d\n", tps, mintps);
+        /* OK */
+        return 0;
+    }
+}