2017-06-02 04:56:25 +03:00
|
|
|
# frozen_string_literal: true
|
2015-10-07 03:30:16 +03:00
|
|
|
source "https://rubygems.org"
|
2013-01-23 03:09:22 +04:00
|
|
|
|
|
|
|
gemspec
|
|
|
|
|
Make SecureSecurityPolicyConfig significantly faster (#506)
We have been seeing this gem a lot in profiles. Must of this slowness
seems to come from overuse of instance variables in `DynamicConfig` and
attempting to use them basically as a hash (which we can do much faster
with a hash 😅)
The first commit of these is the most important, but the other two also
significantly speed things up.
There is definitely more improvement available here, we seem to be
overly cautious in duplicating arrays, and we also seem to convert
unnecessarily between hashes and the config object, but I think this is
the best place to start.
<details>
<summary>Benchmark:</summary>
```
require "secure_headers"
require "benchmark/ips"
# Copied from README
MyCSPConfig = SecureHeaders::ContentSecurityPolicyConfig.new(
preserve_schemes: true, # default: false. Schemes are removed from host sources to save bytes and discourage mixed content.
disable_nonce_backwards_compatibility: true, # default: false. If false, `unsafe-inline` will be added automatically when using nonces. If true, it won't. See #403 for why you'd want this.
# directive values: these values will directly translate into source directives
default_src: %w('none'),
base_uri: %w('self'),
block_all_mixed_content: true, # see https://www.w3.org/TR/mixed-content/
child_src: %w('self'), # if child-src isn't supported, the value for frame-src will be set.
connect_src: %w(wss:),
font_src: %w('self' data:),
form_action: %w('self' github.com),
frame_ancestors: %w('none'),
img_src: %w(mycdn.com data:),
manifest_src: %w('self'),
media_src: %w(utoob.com),
object_src: %w('self'),
sandbox: true, # true and [] will set a maximally restrictive setting
plugin_types: %w(application/x-shockwave-flash),
script_src: %w('self'),
script_src_elem: %w('self'),
script_src_attr: %w('self'),
style_src: %w('unsafe-inline'),
style_src_elem: %w('unsafe-inline'),
style_src_attr: %w('unsafe-inline'),
worker_src: %w('self'),
upgrade_insecure_requests: true, # see https://www.w3.org/TR/upgrade-insecure-requests/
report_uri: %w(https://report-uri.io/example-csp)
)
Benchmark.ips do |x|
x.report "csp_config.to_h" do
MyCSPConfig.to_h
end
x.report "csp_config.append" do
MyCSPConfig.append({})
end
x.report "new(config).value" do
SecureHeaders::ContentSecurityPolicy.new(MyCSPConfig).value
end
end
```
</details>
**Before:**
```
$ be ruby bench.rb
Warming up --------------------------------------
csp_config.to_h 13.737k i/100ms
csp_config.append 2.105k i/100ms
new(config).value 1.429k i/100ms
Calculating -------------------------------------
csp_config.to_h 139.988k (± 0.3%) i/s - 700.587k in 5.004666s
csp_config.append 21.133k (± 2.4%) i/s - 107.355k in 5.082856s
new(config).value 14.298k (± 0.4%) i/s - 72.879k in 5.097116s
```
**After:**
```
$ be ruby bench.rb
Warming up --------------------------------------
csp_config.to_h 123.784k i/100ms
csp_config.append 4.181k i/100ms
new(config).value 1.617k i/100ms
Calculating -------------------------------------
csp_config.to_h 1.238M (± 3.1%) i/s - 6.189M in 5.003769s
csp_config.append 40.921k (± 1.0%) i/s - 204.869k in 5.006924s
new(config).value 16.095k (± 0.4%) i/s - 80.850k in 5.023259s
```
`to_h` is 10x faster, `append` is 2x faster, and .value (which was not
the target of these optimizations but I didn't want to see it regress)
is slightly faster
---------
Co-authored-by: Kylie Stradley <4666485+KyFaSt@users.noreply.github.com>
2023-08-11 21:20:28 +03:00
|
|
|
gem "benchmark-ips"
|
|
|
|
|
2013-01-23 03:09:22 +04:00
|
|
|
group :test do
|
2017-06-02 04:56:25 +03:00
|
|
|
gem "coveralls"
|
2017-11-29 21:15:50 +03:00
|
|
|
gem "json"
|
2017-06-02 04:56:25 +03:00
|
|
|
gem "pry-nav"
|
2017-11-29 21:15:50 +03:00
|
|
|
gem "rack"
|
2016-03-01 14:23:15 +03:00
|
|
|
gem "rspec"
|
2021-11-15 09:06:24 +03:00
|
|
|
gem "rubocop"
|
2017-06-02 04:55:58 +03:00
|
|
|
gem "rubocop-github"
|
2020-02-20 22:26:20 +03:00
|
|
|
gem "rubocop-performance"
|
2017-11-29 21:15:50 +03:00
|
|
|
gem "term-ansicolor"
|
|
|
|
gem "tins"
|
2016-03-01 14:23:15 +03:00
|
|
|
end
|
|
|
|
|
|
|
|
group :guard do
|
2015-10-07 03:30:16 +03:00
|
|
|
gem "growl"
|
2020-01-08 01:05:40 +03:00
|
|
|
gem "guard-rspec", platforms: [:ruby]
|
2015-10-07 03:30:16 +03:00
|
|
|
gem "rb-fsevent"
|
2018-02-12 23:30:35 +03:00
|
|
|
gem "terminal-notifier-guard"
|
2013-01-23 03:09:22 +04:00
|
|
|
end
|