|
| 1 | +// Copyright (c) F5, Inc. |
| 2 | +// |
| 3 | +// This source code is licensed under the Apache License, Version 2.0 license found in the |
| 4 | +// LICENSE file in the root directory of this source tree. |
| 5 | + |
| 6 | +package securityviolationsprocessor |
| 7 | + |
| 8 | +import ( |
| 9 | + "context" |
| 10 | + "testing" |
| 11 | + |
| 12 | + "go.opentelemetry.io/collector/consumer/consumertest" |
| 13 | + "go.opentelemetry.io/collector/pdata/plog" |
| 14 | + "go.opentelemetry.io/collector/processor/processortest" |
| 15 | +) |
| 16 | + |
| 17 | +//nolint:lll // long test string kept for readability |
| 18 | +const ( |
| 19 | + sampleAppProtectSyslog = `<130>Aug 22 03:28:35 ip-172-16-0-213 ASM:N/A,80,127.0.0.1,false,GET,nms_app_protect_default_policy,HTTP,blocked,0,N/A,N/A::N/A,{High Accuracy Signatures;Cross Site Scripting Signatures}::{High Accuracy Signatures; Cross Site Scripting Signatures},56064,N/A,5377540117854870581,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,Illegal meta character in URL::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?><BAD_MSG><violation_masks><block>414000000200c00-3a03030c30000072-8000000000000000-0</block><alarm>475f0ffcbbd0fea-befbf35cb000007e-f400000000000000-0</alarm><learn>0-0-0-0</learn><staging>0-0-0-0</staging></violation_masks><request-violations><violation><viol_index>42</viol_index><viol_name>VIOL_ATTACK_SIGNATURE</viol_name><context>url</context><sig_data><sig_id>200000099</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>Lzw+PHNjcmlwdD4=</buffer><offset>3</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200000093</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>Lzw+PHNjcmlwdD4=</buffer><offset>4</offset><length>7</length></kw_data></sig_data></violation><violation><viol_index>26</viol_index><viol_name>VIOL_URL_METACHAR</viol_name><uri>Lzw+PHNjcmlwdD4=</uri><metachar_index>60</metachar_index><wildcard_entity>*</wildcard_entity><staging>0</staging></violation><violation><viol_index>26</viol_index><viol_name>VIOL_URL_METACHAR</viol_name><uri>Lzw+PHNjcmlwdD4=</uri><metachar_index>62</metachar_index><wildcard_entity>*</wildcard_entity><staging>0</staging></violation><violation><viol_index>122</viol_index><viol_name>VIOL_BOT_CLIENT</viol_name></violation><violation><viol_index>93</viol_index><viol_name>VIOL_RATING_THREAT</viol_name></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/<><script>,GET /<><script> HTTP/1.1\\r\\nHost: localhost\\r\\nUser-Agent: curl/7.81.0\\r\\nAccept: */*\\r\\n\\r\\n` |
| 20 | +) |
| 21 | + |
| 22 | +//nolint:lll,revive // long test string kept for readability |
| 23 | +func generateSecurityViolationLogs(numRecords int, message string) plog.Logs { |
| 24 | + logs := plog.NewLogs() |
| 25 | + rl := logs.ResourceLogs().AppendEmpty() |
| 26 | + sl := rl.ScopeLogs().AppendEmpty() |
| 27 | + |
| 28 | + for range numRecords { |
| 29 | + lr := sl.LogRecords().AppendEmpty() |
| 30 | + lr.Body().SetStr(message) |
| 31 | + } |
| 32 | + |
| 33 | + return logs |
| 34 | +} |
| 35 | + |
| 36 | +func newBenchmarkProcessor() *securityViolationsProcessor { |
| 37 | + settings := processortest.NewNopSettings(processortest.NopType) |
| 38 | + return newSecurityViolationsProcessor(consumertest.NewNop(), settings) |
| 39 | +} |
| 40 | + |
| 41 | +func BenchmarkSecurityViolationsProcessor(b *testing.B) { |
| 42 | + benchmarks := []struct { |
| 43 | + name string |
| 44 | + message string |
| 45 | + numRecords int |
| 46 | + }{ |
| 47 | + {name: "AppProtect_100", message: sampleAppProtectSyslog, numRecords: 100}, |
| 48 | + {name: "AppProtect_1000", message: sampleAppProtectSyslog, numRecords: 1000}, |
| 49 | + } |
| 50 | + |
| 51 | + for _, bm := range benchmarks { |
| 52 | + b.Run(bm.name, func(b *testing.B) { |
| 53 | + p := newBenchmarkProcessor() |
| 54 | + logs := generateSecurityViolationLogs(bm.numRecords, bm.message) |
| 55 | + |
| 56 | + b.ReportAllocs() |
| 57 | + b.ResetTimer() |
| 58 | + for range b.N { |
| 59 | + _ = p.ConsumeLogs(context.Background(), logs) |
| 60 | + } |
| 61 | + }) |
| 62 | + } |
| 63 | +} |
| 64 | + |
| 65 | +func BenchmarkSecurityViolationsProcessor_Concurrent(b *testing.B) { |
| 66 | + p := newBenchmarkProcessor() |
| 67 | + logs := generateSecurityViolationLogs(200, sampleAppProtectSyslog) |
| 68 | + |
| 69 | + b.ReportAllocs() |
| 70 | + b.ResetTimer() |
| 71 | + b.RunParallel(func(pb *testing.PB) { |
| 72 | + for pb.Next() { |
| 73 | + logsCopy := plog.NewLogs() |
| 74 | + logs.CopyTo(logsCopy) |
| 75 | + _ = p.ConsumeLogs(context.Background(), logsCopy) |
| 76 | + } |
| 77 | + }) |
| 78 | +} |
0 commit comments