From 24388b335c533d837db45143de7b6e4b12e9f472 Mon Sep 17 00:00:00 2001
From: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Date: Thu, 25 Apr 2024 07:47:39 -0400
Subject: [PATCH] chore: Add Benchmarks for IsProxyTrusted() (#2933)

* Add benchmarks for IsTrustedProxy

* Update Benchmarks for IsTrustedProxy()

---------

Co-authored-by: Jason McNeil <sixcolors@mac.com>
---
 ctx_test.go | 229 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 229 insertions(+)

diff --git a/ctx_test.go b/ctx_test.go
index fab8a690ec..524869bc2d 100644
--- a/ctx_test.go
+++ b/ctx_test.go
@@ -5755,3 +5755,232 @@ func Benchmark_GenericParseTypeString(b *testing.B) {
 		})
 	}
 }
+
+// go test -v -run=^$ -bench=Benchmark_Ctx_IsProxyTrusted -benchmem -count=4
+func Benchmark_Ctx_IsProxyTrusted(b *testing.B) {
+	// Scenario without trusted proxy check
+	b.Run("NoProxyCheck", func(b *testing.B) {
+		app := New()
+		c := app.AcquireCtx(&fasthttp.RequestCtx{})
+		c.Request().SetRequestURI("http://google.com:8080/test")
+		b.ReportAllocs()
+		b.ResetTimer()
+		for n := 0; n < b.N; n++ {
+			c.IsProxyTrusted()
+		}
+		app.ReleaseCtx(c)
+	})
+
+	// Scenario without trusted proxy check in parallel
+	b.Run("NoProxyCheckParallel", func(b *testing.B) {
+		app := New()
+		b.ReportAllocs()
+		b.ResetTimer()
+		b.RunParallel(func(pb *testing.PB) {
+			c := app.AcquireCtx(&fasthttp.RequestCtx{})
+			c.Request().SetRequestURI("http://google.com:8080/test")
+			for pb.Next() {
+				c.IsProxyTrusted()
+			}
+			app.ReleaseCtx(c)
+		})
+	})
+
+	// Scenario with trusted proxy check simple
+	b.Run("WithProxyCheckSimple", func(b *testing.B) {
+		app := New(Config{
+			EnableTrustedProxyCheck: true,
+		})
+		c := app.AcquireCtx(&fasthttp.RequestCtx{})
+		c.Request().SetRequestURI("http://google.com/test")
+		c.Request().Header.Set(HeaderXForwardedHost, "google1.com")
+		b.ReportAllocs()
+		b.ResetTimer()
+		for n := 0; n < b.N; n++ {
+			c.IsProxyTrusted()
+		}
+		app.ReleaseCtx(c)
+	})
+
+	// Scenario with trusted proxy check simple in parallel
+	b.Run("WithProxyCheckSimpleParallel", func(b *testing.B) {
+		app := New(Config{
+			EnableTrustedProxyCheck: true,
+		})
+		b.ReportAllocs()
+		b.ResetTimer()
+		b.RunParallel(func(pb *testing.PB) {
+			c := app.AcquireCtx(&fasthttp.RequestCtx{})
+			c.Request().SetRequestURI("http://google.com/")
+			c.Request().Header.Set(HeaderXForwardedHost, "google1.com")
+			for pb.Next() {
+				c.IsProxyTrusted()
+			}
+			app.ReleaseCtx(c)
+		})
+	})
+
+	// Scenario with trusted proxy check
+	b.Run("WithProxyCheck", func(b *testing.B) {
+		app := New(Config{
+			EnableTrustedProxyCheck: true,
+			TrustedProxies:          []string{"0.0.0.0"},
+		})
+		c := app.AcquireCtx(&fasthttp.RequestCtx{})
+		c.Request().SetRequestURI("http://google.com/test")
+		c.Request().Header.Set(HeaderXForwardedHost, "google1.com")
+		b.ReportAllocs()
+		b.ResetTimer()
+		for n := 0; n < b.N; n++ {
+			c.IsProxyTrusted()
+		}
+		app.ReleaseCtx(c)
+	})
+
+	// Scenario with trusted proxy check in parallel
+	b.Run("WithProxyCheckParallel", func(b *testing.B) {
+		app := New(Config{
+			EnableTrustedProxyCheck: true,
+			TrustedProxies:          []string{"0.0.0.0"},
+		})
+		b.ReportAllocs()
+		b.ResetTimer()
+		b.RunParallel(func(pb *testing.PB) {
+			c := app.AcquireCtx(&fasthttp.RequestCtx{})
+			c.Request().SetRequestURI("http://google.com/")
+			c.Request().Header.Set(HeaderXForwardedHost, "google1.com")
+			for pb.Next() {
+				c.IsProxyTrusted()
+			}
+			app.ReleaseCtx(c)
+		})
+	})
+
+	// Scenario with trusted proxy check with subnet
+	b.Run("WithProxyCheckSubnet", func(b *testing.B) {
+		app := New(Config{
+			EnableTrustedProxyCheck: true,
+			TrustedProxies:          []string{"0.0.0.0/8"},
+		})
+		c := app.AcquireCtx(&fasthttp.RequestCtx{})
+		c.Request().SetRequestURI("http://google.com/test")
+		c.Request().Header.Set(HeaderXForwardedHost, "google1.com")
+		b.ReportAllocs()
+		b.ResetTimer()
+		for n := 0; n < b.N; n++ {
+			c.IsProxyTrusted()
+		}
+		app.ReleaseCtx(c)
+	})
+
+	// Scenario with trusted proxy check with subnet in parallel
+	b.Run("WithProxyCheckParallelSubnet", func(b *testing.B) {
+		app := New(Config{
+			EnableTrustedProxyCheck: true,
+			TrustedProxies:          []string{"0.0.0.0/8"},
+		})
+		b.ReportAllocs()
+		b.ResetTimer()
+		b.RunParallel(func(pb *testing.PB) {
+			c := app.AcquireCtx(&fasthttp.RequestCtx{})
+			c.Request().SetRequestURI("http://google.com/")
+			c.Request().Header.Set(HeaderXForwardedHost, "google1.com")
+			for pb.Next() {
+				c.IsProxyTrusted()
+			}
+			app.ReleaseCtx(c)
+		})
+	})
+
+	// Scenario with trusted proxy check with multiple subnet
+	b.Run("WithProxyCheckMultipleSubnet", func(b *testing.B) {
+		app := New(Config{
+			EnableTrustedProxyCheck: true,
+			TrustedProxies:          []string{"192.168.0.0/24", "10.0.0.0/16", "0.0.0.0/8"},
+		})
+		c := app.AcquireCtx(&fasthttp.RequestCtx{})
+		c.Request().SetRequestURI("http://google.com/test")
+		c.Request().Header.Set(HeaderXForwardedHost, "google1.com")
+		b.ReportAllocs()
+		b.ResetTimer()
+		for n := 0; n < b.N; n++ {
+			c.IsProxyTrusted()
+		}
+		app.ReleaseCtx(c)
+	})
+
+	// Scenario with trusted proxy check with multiple subnet in parallel
+	b.Run("WithProxyCheckParallelMultipleSubnet", func(b *testing.B) {
+		app := New(Config{
+			EnableTrustedProxyCheck: true,
+			TrustedProxies:          []string{"192.168.0.0/24", "10.0.0.0/16", "0.0.0.0/8"},
+		})
+		b.ReportAllocs()
+		b.ResetTimer()
+		b.RunParallel(func(pb *testing.PB) {
+			c := app.AcquireCtx(&fasthttp.RequestCtx{})
+			c.Request().SetRequestURI("http://google.com/")
+			c.Request().Header.Set(HeaderXForwardedHost, "google1.com")
+			for pb.Next() {
+				c.IsProxyTrusted()
+			}
+			app.ReleaseCtx(c)
+		})
+	})
+
+	// Scenario with trusted proxy check with all subnets
+	b.Run("WithProxyCheckAllSubnets", func(b *testing.B) {
+		app := New(Config{
+			EnableTrustedProxyCheck: true,
+			TrustedProxies: []string{
+				"127.0.0.0/8",     // Loopback addresses
+				"169.254.0.0/16",  // Link-Local addresses
+				"fe80::/10",       // Link-Local addresses
+				"192.168.0.0/16",  // Private Network addresses
+				"172.16.0.0/12",   // Private Network addresses
+				"10.0.0.0/8",      // Private Network addresses
+				"fc00::/7",        // Unique Local addresses
+				"173.245.48.0/20", // My custom range
+				"0.0.0.0/8",       // All IPv4 addresses
+			},
+		})
+		c := app.AcquireCtx(&fasthttp.RequestCtx{})
+		c.Request().SetRequestURI("http://google.com/test")
+		c.Request().Header.Set(HeaderXForwardedHost, "google1.com")
+		b.ReportAllocs()
+		b.ResetTimer()
+		for n := 0; n < b.N; n++ {
+			c.IsProxyTrusted()
+		}
+		app.ReleaseCtx(c)
+	})
+
+	// Scenario with trusted proxy check with all subnets in parallel
+	b.Run("WithProxyCheckParallelAllSubnets", func(b *testing.B) {
+		app := New(Config{
+			EnableTrustedProxyCheck: true,
+			TrustedProxies: []string{
+				"127.0.0.0/8",     // Loopback addresses
+				"169.254.0.0/16",  // Link-Local addresses
+				"fe80::/10",       // Link-Local addresses
+				"192.168.0.0/16",  // Private Network addresses
+				"172.16.0.0/12",   // Private Network addresses
+				"10.0.0.0/8",      // Private Network addresses
+				"fc00::/7",        // Unique Local addresses
+				"173.245.48.0/20", // My custom range
+				"0.0.0.0/8",       // All IPv4 addresses
+			},
+		})
+		b.ReportAllocs()
+		b.ResetTimer()
+		b.RunParallel(func(pb *testing.PB) {
+			c := app.AcquireCtx(&fasthttp.RequestCtx{})
+			c.Request().SetRequestURI("http://google.com/")
+			c.Request().Header.Set(HeaderXForwardedHost, "google1.com")
+			for pb.Next() {
+				c.IsProxyTrusted()
+			}
+			app.ReleaseCtx(c)
+		})
+	})
+}