[jira] [Closed] (SLING-12616) Performance improvement in Sling XSS bundle

Sun, 26 Jan 2025 04:31:25 -0800 


     [ 
https://issues.apache.org/jira/browse/SLING-12616?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Joerg Hoh closed SLING-12616.
-----------------------------

> Performance improvement in Sling XSS bundle
> -------------------------------------------
>
>                 Key: SLING-12616
>                 URL: https://issues.apache.org/jira/browse/SLING-12616
>             Project: Sling
>          Issue Type: Improvement
>          Components: XSS Protection API
>    Affects Versions: XSS Protection API 2.3.2
>            Reporter: Sagar Miglani
>            Assignee: Sagar Miglani
>            Priority: Major
>             Fix For: XSS Protection API 2.4.6
>
>         Attachments: AEM_instance_2.2.16.png, AEM_instance_2.4.0_ss1.png, 
> AEM_instance_2.4.0_ss2.png
>
>
> We conducted a test which measures the performance of making 100 HTTP GET 
> requests to a specific page in AEM.
> We used 2 AEM instances for this test and only difference in the 2 AEM 
> instances is the version of sling.xss bundle.
> # Instance 1 is using sling.xss bundle version 2.2.16
> # Instance 2 is using sling.xss bundle version 2.4.0
> The results revealed a 15-25% performance degradation in AEM which is using 
> 2.4.0 version of sling.xss bundle.
> The degrade in performace seems to be introduced in v2.3.x of sling.xss.
> And root cause seems to be the changes in {{XSSAPI.getValidHref}} API [0]
> It seems that in each {{XSSAPI.getValidHref}} calls 
> {{Attribute.getPatternList}} down in the call stack which is calling 
> {{Regexp::getPattern}} [1] method and this {{getPattern}} method is compiling 
> the provided pattern again and again in each isValidHref call.
> JRE used for AEM and running the tests:
> {code:xml}
> java version "17.0.6" 2023-01-17 LTS
> Java(TM) SE Runtime Environment (build 17.0.6+9-LTS-190)
> Java HotSpot(TM) 64-Bit Server VM (build 17.0.6+9-LTS-190, mixed mode, 
> sharing)
> {code}
> Following is the profiler screenshot of instance 1:
>  !AEM_instance_2.2.16.png|height=100,width=250! 
> Followings are the profiler screenshot of instance 2:
>  !AEM_instance_2.4.0_ss1.png|height=100,width=250! 
>  !AEM_instance_2.4.0_ss2.png|height=100,width=250! 
> [0]: 
> https://github.com/apache/sling-org-apache-sling-xss/blob/563ec6c9b57014a02b0f9cf1f7803d7ce76fad70/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java#L178
> [1]: 
> https://github.com/apache/sling-org-apache-sling-xss/blob/563ec6c9b57014a02b0f9cf1f7803d7ce76fad70/src/main/java/org/apache/sling/xss/impl/xml/Attribute.java#L98
> [2]: 
> https://github.com/apache/sling-org-apache-sling-xss/blob/563ec6c9b57014a02b0f9cf1f7803d7ce76fad70/src/main/java/org/apache/sling/xss/impl/xml/Regexp.java#L47



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to