Sagar Miglani created SLING-12616:
-------------------------------------
Summary: Performance improvement in Sling XSS bundle
Key: SLING-12616
URL: https://issues.apache.org/jira/browse/SLING-12616
Project: Sling
Issue Type: Improvement
Components: XSS Protection API
Affects Versions: XSS Protection API 2.3.2
Reporter: Sagar Miglani
Attachments: AEM_instance_2.2.16.png
We conducted a test which measures the performance of making 100 HTTP GET
requests to a specific page in AEM.
We used 2 AEM instances for this test and only difference in the 2 AEM
instances is the version of sling.xss bundle.
Instance 1 is using sling.xss bundle version 2.2.16
Instance 2 is using sling.xss bundle version 2.4.0
The results revealed a 15-25% performance degradation in AEM which is using
2.4.0 version of sling.xss bundle.
The degrade in performace seems to be introduced in v2.3.x of sling.xss.
And root cause seems to be the changes in {{XSSAPI.getValidHref}} API [0]
It seems that in each {{XSSAPI.getValidHref}} calls
{{Attribute.getPatternList}} down in the call stack which is calling
{{Regexp::getPattern}} [1] method and this {{getPattern}} method is compiling
the provided pattern again and again in each isValidHref call.
JRE used for AEM and running the tests:
{code:xml}
java version "17.0.6" 2023-01-17 LTS
Java(TM) SE Runtime Environment (build 17.0.6+9-LTS-190)
Java HotSpot(TM) 64-Bit Server VM (build 17.0.6+9-LTS-190, mixed mode, sharing)
{code}
[0]:
https://github.com/apache/sling-org-apache-sling-xss/blob/563ec6c9b57014a02b0f9cf1f7803d7ce76fad70/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java#L178
[1]:
https://github.com/apache/sling-org-apache-sling-xss/blob/563ec6c9b57014a02b0f9cf1f7803d7ce76fad70/src/main/java/org/apache/sling/xss/impl/xml/Attribute.java#L98
[2]:
https://github.com/apache/sling-org-apache-sling-xss/blob/563ec6c9b57014a02b0f9cf1f7803d7ce76fad70/src/main/java/org/apache/sling/xss/impl/xml/Regexp.java#L47
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
