✨
Ruby3.3.xでReDoS対策の効果を確認
以前Ruby 3.2.0で確認したものを、Ruby3.3.xでも確認しました。
- ⌛ がついている組み合わせでReDoSが発生
- Ruby 3.2.0以降であれば、Regexp.timeout=を設定することで緩和可能
- CVE-2024-27282の修正の影響がないことを確認するため、3.1.4, 3.1.5と3.2.3, 3.2.4で計測
結果
| 3.1.4, 3.1.5 | 3.2.3, 3.2.4 | 3.3.0 | 3.3.1 | |
|---|---|---|---|---|
| Faraday Net::HTTP adapter | ⌛ | |||
| Rack::Protection::IPSpoofing | ⌛ | ⌛ | ||
| Nokogiri (CVE-2022-24836) | ⌛ | ⌛ | ||
| Rack (CVE-2022-30122) | ⌛ | |||
| Rack (CVE-2022-44570) | ⌛ | ⌛ | ||
| Rack (CVE-2022-44571) | ⌛ | |||
| Rack (CVE-2022-44572) | ⌛ | ⌛ | ⌛ | ⌛ |
| Rack (CVE-2023-27539) | ⌛ | ⌛ | ||
| Rails Html Sanitizers (CVE-2022-23517) | ⌛ | |||
| Action Pack (CVE-2023-22792) | ⌛ | ⌛ | ||
| Active Support (CVE-2023-22796) | ⌛ | ⌛ | ||
| Action Text (CVE-2024-47888) [1] | ⌛ | |||
| GlobalID (CVE-2023-22799) | ⌛ | |||
| Ruby Time (CVE-2023-28756) | ⌛ | ⌛ | ⌛ | ⌛ |
| Ruby URI (CVE-2023-36617) | ⌛ | ⌛ | ⌛ | ⌛ |
| WEBrick | ⌛ |
各計測結果
Faraday Net::HTTP adapter
Ruby 3.1.4
❯ bundle exec ruby encoded_body_benchmark.rb
user system total real
0.000007 0.000001 0.000008 ( 0.000005)
0.000062 0.000000 0.000062 ( 0.000062)
0.005135 0.000003 0.005138 ( 0.005154)
0.509705 0.001751 0.511456 ( 0.511965)
52.214287 0.157696 52.371983 ( 52.499243)
Ruby 3.1.5
❯ bundle exec ruby encoded_body_benchmark.rb
user system total real
0.000010 0.000001 0.000011 ( 0.000005)
0.000060 0.000001 0.000061 ( 0.000060)
0.004974 0.000014 0.004988 ( 0.005016)
0.495638 0.001028 0.496666 ( 0.498319)
50.886977 0.142580 51.029557 ( 51.207636)
Ruby 3.2.3
❯ bundle exec ruby encoded_body_benchmark.rb
user system total real
0.000009 0.000005 0.000014 ( 0.000008)
0.000010 0.000003 0.000013 ( 0.000012)
0.000073 0.000004 0.000077 ( 0.000077)
0.000652 0.000068 0.000720 ( 0.000720)
0.006665 0.001599 0.008264 ( 0.008454)
Ruby 3.2.4
❯ bundle exec ruby encoded_body_benchmark.rb
user system total real
0.000009 0.000001 0.000010 ( 0.000007)
0.000010 0.000000 0.000010 ( 0.000010)
0.000072 0.000007 0.000079 ( 0.000079)
0.000667 0.000126 0.000793 ( 0.000792)
0.006387 0.001212 0.007599 ( 0.007603)
Ruby 3.3.0
❯ bundle exec ruby encoded_body_benchmark.rb
user system total real
0.000008 0.000001 0.000009 ( 0.000007)
0.000014 0.000000 0.000014 ( 0.000014)
0.000121 0.000017 0.000138 ( 0.000139)
0.001081 0.000094 0.001175 ( 0.001177)
0.010901 0.001735 0.012636 ( 0.012697)
Ruby 3.3.1
❯ bundle exec ruby encoded_body_benchmark.rb
user system total real
0.000008 0.000001 0.000009 ( 0.000007)
0.000016 0.000001 0.000017 ( 0.000015)
0.000131 0.000009 0.000140 ( 0.000140)
0.001202 0.000123 0.001325 ( 0.001325)
0.012052 0.002056 0.014108 ( 0.014183)
Rack::Protection::IPSpoofing
Ruby 3.1.4
❯ bundle exec ruby ip_spoofing_benchmark.rb
user system total real
0.000005 0.000001 0.000006 ( 0.000004)
0.000028 0.000001 0.000029 ( 0.000028)
0.002223 0.000009 0.002232 ( 0.002232)
0.219848 0.000567 0.220415 ( 0.220745)
22.034003 0.072656 22.106659 ( 22.185017)
Ruby 3.1.5
❯ bundle exec ruby ip_spoofing_benchmark.rb
user system total real
0.000006 0.000000 0.000006 ( 0.000005)
0.000029 0.000000 0.000029 ( 0.000029)
0.002265 0.000011 0.002276 ( 0.002275)
0.220447 0.000220 0.220667 ( 0.220683)
22.026451 0.066618 22.093069 ( 22.134464)
Ruby 3.2.3
❯ bundle exec ruby ip_spoofing_benchmark.rb
user system total real
0.000006 0.000002 0.000008 ( 0.000007)
0.000006 0.000001 0.000007 ( 0.000006)
0.000035 0.000000 0.000035 ( 0.000035)
0.000328 0.000001 0.000329 ( 0.000328)
0.003097 0.000022 0.003119 ( 0.003138)
Ruby 3.2.4
❯ bundle exec ruby ip_spoofing_benchmark.rb
user system total real
0.000006 0.000001 0.000007 ( 0.000005)
0.000006 0.000000 0.000006 ( 0.000006)
0.000035 0.000000 0.000035 ( 0.000035)
0.000327 0.000000 0.000327 ( 0.000328)
0.003105 0.000027 0.003132 ( 0.003142)
Ruby 3.3.0
❯ bundle exec ruby ip_spoofing_benchmark.rb
user system total real
0.000006 0.000000 0.000006 ( 0.000006)
0.000021 0.000000 0.000021 ( 0.000021)
0.001623 0.000000 0.001623 ( 0.001626)
0.158836 0.000330 0.159166 ( 0.159317)
15.894291 0.051754 15.946045 ( 16.000318)
Ruby 3.3.1
❯ bundle exec ruby ip_spoofing_benchmark.rb
user system total real
0.000007 0.000001 0.000008 ( 0.000006)
0.000007 0.000000 0.000007 ( 0.000006)
0.000048 0.000002 0.000050 ( 0.000050)
0.000435 0.000027 0.000462 ( 0.000461)
0.004131 0.000467 0.004598 ( 0.004609)
Nokogiri (CVE-2022-24836)
Ruby 3.1.4
❯ bundle exec ruby nokogiri_benchmark.rb
user system total real
0.000111 0.000215 0.000326 ( 0.000322)
0.000110 0.000068 0.000178 ( 0.000201)
0.004128 0.000021 0.004149 ( 0.004149)
0.250402 0.000451 0.250853 ( 0.250880)
22.062395 0.057765 22.120160 ( 22.164462)
Ruby 3.1.5
❯ bundle exec ruby nokogiri_benchmark.rb
user system total real
0.000128 0.000259 0.000387 ( 0.000382)
0.000086 0.000005 0.000091 ( 0.000090)
0.004137 0.000012 0.004149 ( 0.004166)
0.249544 0.000353 0.249897 ( 0.250204)
22.313081 0.069463 22.382544 ( 22.452987)
Ruby 3.2.3
❯ bundle exec ruby nokogiri_benchmark.rb
user system total real
0.000143 0.000258 0.000401 ( 0.000395)
0.000054 0.000002 0.000056 ( 0.000055)
0.000113 0.000000 0.000113 ( 0.000114)
0.000736 0.000087 0.000823 ( 0.000860)
0.006279 0.000731 0.007010 ( 0.007011)
Ruby 3.2.4
❯ bundle exec ruby nokogiri_benchmark.rb
user system total real
0.000176 0.000277 0.000453 ( 0.000463)
0.000055 0.000001 0.000056 ( 0.000057)
0.000165 0.000030 0.000195 ( 0.000268)
0.000859 0.000168 0.001027 ( 0.001040)
0.007285 0.000865 0.008150 ( 0.008186)
Ruby 3.3.0
❯ bundle exec ruby nokogiri_benchmark.rb
user system total real
0.000083 0.000113 0.000196 ( 0.000191)
0.000037 0.000001 0.000038 ( 0.000037)
0.001681 0.000025 0.001706 ( 0.001712)
0.163557 0.000162 0.163719 ( 0.164104)
15.918295 0.039234 15.957529 ( 15.983929)
Ruby 3.3.1
❯ bundle exec ruby nokogiri_benchmark.rb
user system total real
0.000153 0.000254 0.000407 ( 0.000402)
0.000060 0.000001 0.000061 ( 0.000060)
0.000185 0.000002 0.000187 ( 0.000184)
0.001090 0.000056 0.001146 ( 0.001146)
0.010060 0.002221 0.012281 ( 0.012300)
Rack (CVE-2022-30122)
Ruby 3.1.4
❯ bundle exec ruby broken_unquoted_benchmark.rb
user system total real
0.000006 0.000002 0.000008 ( 0.000007)
0.000036 0.000001 0.000037 ( 0.000036)
0.002557 0.000000 0.002557 ( 0.002558)
0.247804 0.000392 0.248196 ( 0.248606)
24.689007 0.061172 24.750179 ( 24.803049)
Ruby 3.1.5
❯ bundle exec ruby broken_unquoted_benchmark.rb
user system total real
0.000008 0.000002 0.000010 ( 0.000006)
0.000043 0.000001 0.000044 ( 0.000044)
0.003037 0.000008 0.003045 ( 0.003049)
0.294446 0.000599 0.295045 ( 0.295066)
29.398557 0.072174 29.470731 ( 29.507184)
Ruby 3.2.3
❯ bundle exec ruby broken_unquoted_benchmark.rb
user system total real
0.000006 0.000001 0.000007 ( 0.000006)
0.000007 0.000000 0.000007 ( 0.000007)
0.000046 0.000002 0.000048 ( 0.000049)
0.000418 0.000044 0.000462 ( 0.000462)
0.003814 0.000440 0.004254 ( 0.004254)
Ruby 3.2.4
❯ bundle exec ruby broken_unquoted_benchmark.rb
user system total real
0.000007 0.000001 0.000008 ( 0.000006)
0.000007 0.000000 0.000007 ( 0.000006)
0.000046 0.000001 0.000047 ( 0.000048)
0.000394 0.000034 0.000428 ( 0.000428)
0.003801 0.000311 0.004112 ( 0.004113)
Ruby 3.3.0
❯ bundle exec ruby broken_unquoted_benchmark.rb
user system total real
0.000012 0.000000 0.000012 ( 0.000007)
0.000014 0.000000 0.000014 ( 0.000014)
0.000094 0.000045 0.000139 ( 0.000140)
0.000822 0.000020 0.000842 ( 0.000842)
0.008118 0.000401 0.008519 ( 0.008531)
Ruby 3.3.1
❯ bundle exec ruby broken_unquoted_benchmark.rb
user system total real
0.000007 0.000000 0.000007 ( 0.000007)
0.000014 0.000000 0.000014 ( 0.000014)
0.000092 0.000002 0.000094 ( 0.000094)
0.000816 0.000018 0.000834 ( 0.000834)
0.007918 0.000520 0.008438 ( 0.008440)
Rack (CVE-2022-44570)
Ruby 3.1.4
❯ bundle exec ruby byte_range_benchnark.rb
user system total real
0.000008 0.000000 0.000008 ( 0.000007)
0.000029 0.000000 0.000029 ( 0.000029)
0.002252 0.000000 0.002252 ( 0.002254)
0.219787 0.000367 0.220154 ( 0.220532)
22.018518 0.061243 22.079761 ( 22.118591)
Ruby 3.1.5
❯ bundle exec ruby byte_range_benchnark.rb
user system total real
0.000007 0.000001 0.000008 ( 0.000007)
0.000029 0.000001 0.000030 ( 0.000029)
0.002254 0.000001 0.002255 ( 0.002257)
0.219390 0.000334 0.219724 ( 0.219730)
22.039948 0.042871 22.082819 ( 22.084840)
Ruby 3.2.3
❯ bundle exec ruby byte_range_benchnark.rb
user system total real
0.000010 0.000000 0.000010 ( 0.000007)
0.000007 0.000002 0.000009 ( 0.000009)
0.000044 0.000000 0.000044 ( 0.000044)
0.000395 0.000020 0.000415 ( 0.000415)
0.003658 0.000316 0.003974 ( 0.003974)
Ruby 3.2.4
❯ bundle exec ruby byte_range_benchnark.rb
user system total real
0.000008 0.000001 0.000009 ( 0.000006)
0.000007 0.000000 0.000007 ( 0.000007)
0.000044 0.000001 0.000045 ( 0.000044)
0.000408 0.000037 0.000445 ( 0.000446)
0.003729 0.000375 0.004104 ( 0.004107)
Ruby 3.3.0
❯ bundle exec ruby byte_range_benchnark.rb
user system total real
0.000008 0.000000 0.000008 ( 0.000007)
0.000024 0.000000 0.000024 ( 0.000024)
0.001660 0.000007 0.001667 ( 0.001667)
0.159431 0.000524 0.159955 ( 0.160299)
15.920878 0.040356 15.961234 ( 15.988706)
Ruby 3.3.1
❯ bundle exec ruby byte_range_benchnark.rb
user system total real
0.000008 0.000000 0.000008 ( 0.000008)
0.000009 0.000000 0.000009 ( 0.000008)
0.000057 0.000003 0.000060 ( 0.000061)
0.000507 0.000047 0.000554 ( 0.000553)
0.004809 0.000670 0.005479 ( 0.005480)
Rack (CVE-2022-44571)
Ruby 3.1.4
❯ bundle exec ruby multipart_content_disposition_benchmark.rb
user system total real
0.000011 0.000001 0.000012 ( 0.000010)
0.000530 0.000000 0.000530 ( 0.000533)
0.049472 0.000157 0.049629 ( 0.049703)
4.921897 0.014891 4.936788 ( 4.945919)
Ruby 3.1.5
❯ bundle exec ruby multipart_content_disposition_benchmark.rb
user system total real
0.000012 0.000001 0.000013 ( 0.000011)
0.000622 0.000001 0.000623 ( 0.000626)
0.059279 0.000208 0.059487 ( 0.059490)
5.862939 0.016676 5.879615 ( 5.884220)
Ruby 3.2.3
❯ bundle exec ruby multipart_content_disposition_benchmark.rb
user system total real
0.000012 0.000001 0.000013 ( 0.000011)
0.000079 0.000001 0.000080 ( 0.000080)
0.000744 0.000067 0.000811 ( 0.000811)
0.007310 0.001989 0.009299 ( 0.009306)
Ruby 3.2.4
❯ bundle exec ruby multipart_content_disposition_benchmark.rb
user system total real
0.000012 0.000001 0.000013 ( 0.000011)
0.000079 0.000005 0.000084 ( 0.000085)
0.000725 0.000059 0.000784 ( 0.000788)
0.007294 0.001961 0.009255 ( 0.009258)
Ruby 3.3.0
❯ bundle exec ruby multipart_content_disposition_benchmark.rb
user system total real
0.000019 0.000001 0.000020 ( 0.000015)
0.000161 0.000005 0.000166 ( 0.000166)
0.001597 0.000108 0.001705 ( 0.001705)
0.015897 0.003692 0.019589 ( 0.019908)
Ruby 3.3.1
❯ bundle exec ruby multipart_content_disposition_benchmark.rb
user system total real
0.000014 0.000000 0.000014 ( 0.000013)
0.000169 0.000007 0.000176 ( 0.000175)
0.001686 0.000103 0.001789 ( 0.001788)
0.016578 0.003164 0.019742 ( 0.019745)
Rack (CVE-2022-44572)
Ruby 3.1.4
❯ bundle exec ruby rfc2183_benchmark.rb
user system total real
0.000016 0.000000 0.000016 ( 0.000015)
0.000347 0.000000 0.000347 ( 0.000347)
0.010423 0.000016 0.010439 ( 0.010452)
0.334242 0.000829 0.335071 ( 0.335645)
10.685516 0.025082 10.710598 ( 10.746312)
Ruby 3.1.5
❯ bundle exec ruby rfc2183_benchmark.rb
user system total real
0.000019 0.000001 0.000020 ( 0.000015)
0.000324 0.000000 0.000324 ( 0.000327)
0.010055 0.000001 0.010056 ( 0.010057)
0.322017 0.000804 0.322821 ( 0.322890)
10.297811 0.024734 10.322545 ( 10.324531)
Ruby 3.2.3
❯ bundle exec ruby rfc2183_benchmark.rb
user system total real
0.000019 0.000001 0.000020 ( 0.000018)
0.000396 0.000000 0.000396 ( 0.000396)
0.011760 0.000014 0.011774 ( 0.011776)
0.375355 0.000415 0.375770 ( 0.375863)
12.181472 0.021516 12.202988 ( 12.205087)
Ruby 3.2.4
❯ bundle exec ruby rfc2183_benchmark.rb
user system total real
0.000019 0.000001 0.000020 ( 0.000019)
0.000397 0.000001 0.000398 ( 0.000397)
0.011824 0.000004 0.011828 ( 0.011830)
0.376504 0.000549 0.377053 ( 0.377194)
12.045777 0.025914 12.071691 ( 12.073300)
Ruby 3.3.0
❯ bundle exec ruby rfc2183_benchmark.rb
user system total real
0.000018 0.000000 0.000018 ( 0.000018)
0.000361 0.000000 0.000361 ( 0.000361)
0.010748 0.000018 0.010766 ( 0.010788)
0.340992 0.000242 0.341234 ( 0.342520)
10.943651 0.027396 10.971047 ( 11.013350)
Ruby 3.3.1
❯ bundle exec ruby rfc2183_benchmark.rb
user system total real
0.000017 0.000000 0.000017 ( 0.000017)
0.000361 0.000000 0.000361 ( 0.000360)
0.010672 0.000015 0.010687 ( 0.010686)
0.339714 0.000497 0.340211 ( 0.340333)
10.936031 0.027765 10.963796 ( 10.972929)
Rack (CVE-2023-27539)
Ruby 3.1.4
❯ bundle exec ruby parse_http_accept_header_benchmark.rb
user system total real
0.000751 0.000107 0.000858 ( 0.001245)
0.000030 0.000000 0.000030 ( 0.000029)
0.002283 0.000003 0.002286 ( 0.002299)
0.219707 0.000362 0.220069 ( 0.220376)
22.010323 0.060393 22.070716 ( 22.115420)
Ruby 3.1.5
❯ bundle exec ruby parse_http_accept_header_benchmark.rb
user system total real
0.000756 0.000101 0.000857 ( 0.001143)
0.000029 0.000000 0.000029 ( 0.000029)
0.002246 0.000001 0.002247 ( 0.002249)
0.219452 0.000352 0.219804 ( 0.219833)
22.082689 0.050870 22.133559 ( 22.141630)
Ruby 3.2.3
❯ bundle exec ruby parse_http_accept_header_benchmark.rb
user system total real
0.000738 0.000133 0.000871 ( 0.001065)
0.000007 0.000000 0.000007 ( 0.000007)
0.000035 0.000000 0.000035 ( 0.000035)
0.000331 0.000000 0.000331 ( 0.000331)
0.003088 0.000016 0.003104 ( 0.003104)
Ruby 3.2.4
❯ bundle exec ruby parse_http_accept_header_benchmark.rb
user system total real
0.000707 0.000102 0.000809 ( 0.000806)
0.000007 0.000000 0.000007 ( 0.000008)
0.000035 0.000000 0.000035 ( 0.000036)
0.000316 0.000000 0.000316 ( 0.000316)
0.003077 0.000041 0.003118 ( 0.003116)
Ruby 3.3.0
❯ bundle exec ruby parse_http_accept_header_benchmark.rb
user system total real
0.000875 0.000104 0.000979 ( 0.001244)
0.000023 0.000000 0.000023 ( 0.000023)
0.001648 0.000000 0.001648 ( 0.001648)
0.159147 0.000206 0.159353 ( 0.159467)
15.896291 0.040055 15.936346 ( 16.003972)
Ruby 3.3.1
❯ bundle exec ruby parse_http_accept_header_benchmark.rb
user system total real
0.000835 0.000087 0.000922 ( 0.000920)
0.000008 0.000000 0.000008 ( 0.000008)
0.000048 0.000002 0.000050 ( 0.000051)
0.000415 0.000019 0.000434 ( 0.000435)
0.004091 0.000413 0.004504 ( 0.004504)
Rails Html Sanitizers (CVE-2022-23517)
Ruby 3.1.4
❯ bundle exec ruby scrub_benchmark.rb
user system total real
0.000147 0.000017 0.000164 ( 0.000159)
0.000299 0.000002 0.000301 ( 0.000304)
0.021602 0.000053 0.021655 ( 0.021680)
2.134559 0.006461 2.141020 ( 2.148426)
Ruby 3.1.5
❯ bundle exec ruby scrub_benchmark.rb
user system total real
0.000269 0.000373 0.000642 ( 0.000639)
0.000420 0.000010 0.000430 ( 0.000430)
0.023063 0.000088 0.023151 ( 0.023151)
1.310055 0.003658 1.313713 ( 1.313778)
Ruby 3.2.3
❯ bundle exec ruby scrub_benchmark.rb
user system total real
0.000282 0.000380 0.000662 ( 0.000660)
0.000164 0.000006 0.000170 ( 0.000170)
0.000505 0.000015 0.000520 ( 0.000520)
0.003929 0.000052 0.003981 ( 0.003981)
Ruby 3.2.4
❯ bundle exec ruby scrub_benchmark.rb
user system total real
0.000288 0.000382 0.000670 ( 0.000669)
0.000159 0.000005 0.000164 ( 0.000164)
0.000504 0.000016 0.000520 ( 0.000521)
0.003908 0.000067 0.003975 ( 0.003976)
Ruby 3.3.0
❯ bundle exec ruby scrub_benchmark.rb
user system total real
0.000266 0.000340 0.000606 ( 0.000603)
0.000165 0.000006 0.000171 ( 0.000172)
0.000657 0.000044 0.000701 ( 0.000701)
0.005955 0.000624 0.006579 ( 0.006595)
Ruby 3.3.1
❯ bundle exec ruby scrub_benchmark.rb
user system total real
0.000287 0.000384 0.000671 ( 0.000666)
0.000187 0.000019 0.000206 ( 0.000206)
0.000761 0.000089 0.000850 ( 0.000851)
0.006183 0.000736 0.006919 ( 0.006933)
Action Pack (CVE-2023-22792)
Ruby 3.1.4
❯ bundle exec ruby cookie_host_benchmark.rb
user system total real
0.000010 0.000000 0.000010 ( 0.000009)
0.002754 0.000000 0.002754 ( 0.002754)
2.536741 0.008071 2.544812 ( 2.551976)
user system total real
0.000006 0.000003 0.000009 ( 0.000008)
0.000032 0.000001 0.000033 ( 0.000033)
0.002503 0.000041 0.002544 ( 0.003570)
0.225786 0.001006 0.226792 ( 0.230331)
22.145691 0.062865 22.208556 ( 22.271224)
Ruby 3.1.5
❯ bundle exec ruby cookie_host_benchmark.rb
user system total real
0.000010 0.000000 0.000010 ( 0.000008)
0.002745 0.000000 0.002745 ( 0.002748)
2.535417 0.007581 2.542998 ( 2.544801)
user system total real
0.000005 0.000001 0.000006 ( 0.000005)
0.000029 0.000001 0.000030 ( 0.000029)
0.002457 0.000012 0.002469 ( 0.002479)
0.220223 0.000749 0.220972 ( 0.221049)
22.071897 0.066270 22.138167 ( 22.147255)
Ruby 3.2.3
❯ bundle exec ruby cookie_host_benchmark.rb
user system total real
0.000008 0.000001 0.000009 ( 0.000007)
0.000013 0.000000 0.000013 ( 0.000013)
0.000105 0.000000 0.000105 ( 0.000106)
user system total real
0.000003 0.000001 0.000004 ( 0.000004)
0.000004 0.000000 0.000004 ( 0.000005)
0.000032 0.000000 0.000032 ( 0.000032)
0.000303 0.000000 0.000303 ( 0.000303)
0.002826 0.000006 0.002832 ( 0.002833)
Ruby 3.2.4
❯ bundle exec ruby cookie_host_benchmark.rb
user system total real
0.000006 0.000000 0.000006 ( 0.000005)
0.000012 0.000000 0.000012 ( 0.000013)
0.000103 0.000001 0.000104 ( 0.000103)
user system total real
0.000003 0.000000 0.000003 ( 0.000003)
0.000005 0.000001 0.000006 ( 0.000005)
0.000032 0.000001 0.000033 ( 0.000033)
0.000303 0.000000 0.000303 ( 0.000303)
0.002831 0.000014 0.002845 ( 0.002845)
Ruby 3.3.0
❯ bundle exec ruby cookie_host_benchmark.rb
user system total real
0.000012 0.000001 0.000013 ( 0.000006)
0.000017 0.000001 0.000018 ( 0.000017)
0.000142 0.000006 0.000148 ( 0.000148)
user system total real
0.000004 0.000000 0.000004 ( 0.000004)
0.000025 0.000000 0.000025 ( 0.000025)
0.001668 0.000006 0.001674 ( 0.001674)
0.159044 0.000211 0.159255 ( 0.159267)
15.863820 0.036495 15.900315 ( 15.910195)
Ruby 3.3.1
❯ bundle exec ruby cookie_host_benchmark.rb
user system total real
0.000010 0.000000 0.000010 ( 0.000007)
0.000016 0.000001 0.000017 ( 0.000017)
0.000145 0.000007 0.000152 ( 0.000152)
user system total real
0.000004 0.000000 0.000004 ( 0.000004)
0.000007 0.000000 0.000007 ( 0.000008)
0.000052 0.000007 0.000059 ( 0.000058)
0.000468 0.000022 0.000490 ( 0.000491)
0.004576 0.000389 0.004965 ( 0.004965)
Active Support (CVE-2023-22796)
Ruby 3.1.4
❯ bundle exec ruby underscore_benchmark.rb
user system total real
0.000013 0.000000 0.000013 ( 0.000011)
0.000136 0.000000 0.000136 ( 0.000136)
0.011279 0.000009 0.011288 ( 0.011291)
1.123027 0.001782 1.124809 ( 1.124963)
4.526319 0.011021 4.537340 ( 4.549698)
Ruby 3.1.5
❯ bundle exec ruby underscore_benchmark.rb
user system total real
0.000012 0.000000 0.000012 ( 0.000010)
0.000112 0.000000 0.000112 ( 0.000112)
0.009167 0.000000 0.009167 ( 0.009168)
0.917909 0.003451 0.921360 ( 0.921975)
3.697930 0.011921 3.709851 ( 3.711863)
Ruby 3.2.3
❯ bundle exec ruby underscore_benchmark.rb
user system total real
0.000012 0.000000 0.000012 ( 0.000012)
0.000125 0.000000 0.000125 ( 0.000125)
0.010384 0.000008 0.010392 ( 0.010391)
1.044255 0.002917 1.047172 ( 1.047335)
4.200519 0.012979 4.213498 ( 4.214567)
Ruby 3.2.4
❯ bundle exec ruby underscore_benchmark.rb
user system total real
0.000012 0.000002 0.000014 ( 0.000011)
0.000120 0.000000 0.000120 ( 0.000120)
0.010070 0.000011 0.010081 ( 0.010082)
1.014344 0.002182 1.016526 ( 1.016610)
4.078018 0.008941 4.086959 ( 4.087411)
Ruby 3.3.0
❯ bundle exec ruby underscore_benchmark.rb
user system total real
0.000013 0.000000 0.000013 ( 0.000011)
0.000022 0.000001 0.000023 ( 0.000022)
0.000175 0.000009 0.000184 ( 0.000184)
0.001596 0.000128 0.001724 ( 0.001724)
0.003180 0.000228 0.003408 ( 0.003409)
Ruby 3.3.1
❯ bundle exec ruby underscore_benchmark.rb
user system total real
0.000015 0.000001 0.000016 ( 0.000012)
0.000024 0.000000 0.000024 ( 0.000025)
0.000199 0.000004 0.000203 ( 0.000202)
0.001811 0.000076 0.001887 ( 0.001887)
0.003601 0.000162 0.003763 ( 0.003762)
Action Text (CVE-2024-47888)
Ruby 3.1.4
❯ ruby plain_text_regexp_benchmark.rb
user system total real
0.000006 0.000000 0.000006 ( 0.000005)
0.000044 0.000001 0.000045 ( 0.000045)
0.003789 0.000026 0.003815 ( 0.003818)
0.385787 0.000713 0.386500 ( 0.386519)
38.879803 0.075782 38.955585 ( 38.972395)
Ruby 3.1.5
❯ ruby plain_text_regexp_benchmark.rb
user system total real
0.000007 0.000001 0.000008 ( 0.000006)
0.000046 0.000000 0.000046 ( 0.000047)
0.003787 0.000000 0.003787 ( 0.003790)
0.383989 0.000515 0.384504 ( 0.384543)
39.247079 0.097829 39.344908 ( 39.371293)
Ruby 3.2.3
❯ ruby plain_text_regexp_benchmark.rb
user system total real
0.000007 0.000001 0.000008 ( 0.000007)
0.000009 0.000000 0.000009 ( 0.000008)
0.000047 0.000001 0.000048 ( 0.000047)
0.000424 0.000054 0.000478 ( 0.000478)
0.004285 0.001747 0.006032 ( 0.006033)
Ruby 3.2.4
❯ ruby plain_text_regexp_benchmark.rb
user system total real
0.000007 0.000000 0.000007 ( 0.000006)
0.000008 0.000000 0.000008 ( 0.000008)
0.000052 0.000005 0.000057 ( 0.000056)
0.000477 0.000045 0.000522 ( 0.000522)
0.004784 0.001479 0.006263 ( 0.006266)
Ruby 3.3.0
❯ ruby plain_text_regexp_benchmark.rb
user system total real
0.000008 0.000001 0.000009 ( 0.000007)
0.000063 0.000000 0.000063 ( 0.000065)
0.000099 0.000012 0.000111 ( 0.000111)
0.000952 0.000074 0.001026 ( 0.001026)
0.009615 0.002156 0.011771 ( 0.011775)
Ruby 3.3.1
❯ ruby plain_text_regexp_benchmark.rb
user system total real
0.000008 0.000001 0.000009 ( 0.000007)
0.000014 0.000000 0.000014 ( 0.000015)
0.000114 0.000013 0.000127 ( 0.000128)
0.001062 0.000085 0.001147 ( 0.001147)
0.011101 0.002206 0.013307 ( 0.013343)
GlobalID (CVE-2023-22799)
Ruby 3.1.4
❯ bundle exec ruby locate_benchmark.rb
user system total real
0.000017 0.000000 0.000017 ( 0.000016)
0.000047 0.000000 0.000047 ( 0.000047)
0.003025 0.000001 0.003026 ( 0.003025)
0.308262 0.000557 0.308819 ( 0.308826)
31.672385 0.064461 31.736846 ( 31.754887)
Ruby 3.1.5
❯ bundle exec ruby locate_benchmark.rb
user system total real
0.000017 0.000001 0.000018 ( 0.000016)
0.000045 0.000000 0.000045 ( 0.000045)
0.002970 0.000007 0.002977 ( 0.003004)
0.292312 0.000872 0.293184 ( 0.294196)
29.645073 0.097910 29.742983 ( 29.851795)
Ruby 3.2.3
❯ bundle exec ruby locate_benchmark.rb
user system total real
0.000018 0.000001 0.000019 ( 0.000017)
0.000019 0.000003 0.000022 ( 0.000021)
0.000085 0.000004 0.000089 ( 0.000089)
0.000696 0.000022 0.000718 ( 0.000719)
0.006785 0.000534 0.007319 ( 0.007319)
Ruby 3.2.4
❯ bundle exec ruby locate_benchmark.rb
user system total real
0.000019 0.000001 0.000020 ( 0.000018)
0.000018 0.000001 0.000019 ( 0.000017)
0.000083 0.000001 0.000084 ( 0.000083)
0.000682 0.000016 0.000698 ( 0.000698)
0.006576 0.000520 0.007096 ( 0.007096)
Ruby 3.3.0
❯ bundle exec ruby locate_benchmark.rb
user system total real
0.000018 0.000004 0.000022 ( 0.000017)
0.000023 0.000003 0.000026 ( 0.000027)
0.000117 0.000012 0.000129 ( 0.000129)
0.000967 0.000145 0.001112 ( 0.001112)
0.009994 0.004612 0.014606 ( 0.014609)
Ruby 3.3.1
❯ bundle exec ruby locate_benchmark.rb
user system total real
0.000018 0.000001 0.000019 ( 0.000017)
0.000023 0.000000 0.000023 ( 0.000024)
0.000130 0.000012 0.000142 ( 0.000143)
0.001197 0.000144 0.001341 ( 0.001353)
0.011305 0.003239 0.014544 ( 0.014548)
Ruby Time (CVE-2023-28756)
- timeのバージョンを0.2.1に固定して測定
Ruby 3.1.4
❯ bundle exec ruby rfc2822_benchmark.rb
user system total real
0.000361 0.000001 0.000362 ( 0.000360)
0.030400 0.000044 0.030444 ( 0.030446)
3.002304 0.004355 3.006659 ( 3.009870)
Ruby 3.1.5
❯ bundle exec ruby rfc2822_benchmark.rb
user system total real
0.001040 0.000052 0.001092 ( 0.001099)
0.070849 0.000255 0.071104 ( 0.071255)
3.884414 0.013784 3.898198 ( 3.913457)
Ruby 3.2.3
❯ bundle exec ruby rfc2822_benchmark.rb
user system total real
0.001913 0.000054 0.001967 ( 0.002381)
0.076378 0.000154 0.076532 ( 0.076606)
4.173686 0.012282 4.185968 ( 4.204406)
Ruby 3.2.4
❯ bundle exec ruby rfc2822_benchmark.rb
user system total real
0.002096 0.000017 0.002113 ( 0.002090)
0.075681 0.000277 0.075958 ( 0.076100)
4.171770 0.013658 4.185428 ( 4.203088)
Ruby 3.3.0
❯ bundle exec ruby rfc2822_benchmark.rb
user system total real
0.000382 0.000002 0.000384 ( 0.000382)
0.037069 0.000019 0.037088 ( 0.037088)
3.633918 0.005241 3.639159 ( 3.646663)
Ruby 3.3.1
❯ bundle exec ruby rfc2822_benchmark.rb
user system total real
0.001765 0.000010 0.001775 ( 0.001762)
0.071442 0.000486 0.071928 ( 0.071998)
3.799625 0.012287 3.811912 ( 3.826368)
Ruby URI (CVE-2023-36617)
- timeのバージョンを0.12.1に固定して測定
Ruby 3.1.4
❯ bundle exec ruby port_benchmark.rb
user system total real
0.000027 0.000001 0.000028 ( 0.000026)
0.000045 0.000001 0.000046 ( 0.000045)
0.002818 0.000000 0.002818 ( 0.002821)
0.286170 0.000404 0.286574 ( 0.286595)
29.023980 0.063826 29.087806 ( 29.102574)
❯ bundle exec ruby parser_split_benchmark.rb
user system total real
0.000593 0.000015 0.000608 ( 0.000605)
0.000584 0.000008 0.000592 ( 0.000595)
0.003351 0.000012 0.003363 ( 0.003367)
0.287773 0.000507 0.288280 ( 0.288341)
29.334527 0.088158 29.422685 ( 29.486490)
Ruby 3.1.5
❯ bundle exec ruby port_benchmark.rb
user system total real
0.000029 0.000003 0.000032 ( 0.000027)
0.000045 0.000000 0.000045 ( 0.000045)
0.002715 0.000001 0.002716 ( 0.002718)
0.272895 0.000530 0.273425 ( 0.273486)
28.007571 0.092965 28.100536 ( 28.187586)
❯ bundle exec ruby parser_split_benchmark.rb
user system total real
0.000612 0.000009 0.000621 ( 0.000618)
0.000615 0.000007 0.000622 ( 0.000622)
0.003445 0.000011 0.003456 ( 0.003455)
0.285690 0.000168 0.285858 ( 0.285891)
28.765370 0.033557 28.798927 ( 28.908756)
Ruby 3.2.3
❯ bundle exec ruby port_benchmark.rb
user system total real
0.000035 0.000000 0.000035 ( 0.000035)
0.000016 0.000000 0.000016 ( 0.000016)
0.000056 0.000000 0.000056 ( 0.000056)
0.000438 0.000061 0.000499 ( 0.000500)
0.004228 0.000337 0.004565 ( 0.004565)
❯ bundle exec ruby parser_split_benchmark.rb
user system total real
0.000541 0.000013 0.000554 ( 0.000555)
0.000545 0.000011 0.000556 ( 0.000557)
0.003662 0.000009 0.003671 ( 0.003670)
0.318696 0.000850 0.319546 ( 0.319666)
32.542779 0.058293 32.601072 ( 32.603068)
Ruby 3.2.4
❯ bundle exec ruby port_benchmark.rb
user system total real
0.000029 0.000001 0.000030 ( 0.000026)
0.000016 0.000002 0.000018 ( 0.000017)
0.000059 0.000001 0.000060 ( 0.000060)
0.000473 0.000042 0.000515 ( 0.000515)
0.004581 0.000343 0.004924 ( 0.004924)
❯ bundle exec ruby parser_split_benchmark.rb
user system total real
0.000556 0.000012 0.000568 ( 0.000566)
0.000556 0.000006 0.000562 ( 0.000562)
0.003686 0.000016 0.003702 ( 0.003702)
0.321905 0.000476 0.322381 ( 0.322447)
32.790642 0.087086 32.877728 ( 32.884155)
Ruby 3.3.0
❯ bundle exec ruby port_benchmark.rb
user system total real
0.000060 0.000007 0.000067 ( 0.000066)
0.000019 0.000000 0.000019 ( 0.000019)
0.000073 0.000004 0.000077 ( 0.000078)
0.000623 0.000026 0.000649 ( 0.000649)
0.006069 0.000518 0.006587 ( 0.006590)
❯ bundle exec ruby parser_split_benchmark.rb
user system total real
0.000554 0.000011 0.000565 ( 0.000567)
0.000540 0.000003 0.000543 ( 0.000543)
0.003250 0.000025 0.003275 ( 0.003277)
0.282207 0.000411 0.282618 ( 0.282729)
29.129988 0.074226 29.204214 ( 29.212228)
Ruby 3.3.1
❯ bundle exec ruby port_benchmark.rb
user system total real
0.000043 0.000007 0.000050 ( 0.000047)
0.000018 0.000001 0.000019 ( 0.000019)
0.000085 0.000002 0.000087 ( 0.000086)
0.000694 0.000028 0.000722 ( 0.000723)
0.006803 0.000404 0.007207 ( 0.007207)
❯ bundle exec ruby parser_split_benchmark.rb
user system total real
0.000576 0.000018 0.000594 ( 0.000591)
0.000566 0.000010 0.000576 ( 0.000575)
0.003973 0.000011 0.003984 ( 0.003984)
0.351115 0.000616 0.351731 ( 0.351793)
35.989548 0.074262 36.063810 ( 36.071356)
WEBrick
- timeのバージョンを1.8.1に固定して測定
Ruby 3.1.4
❯ bundle exec ruby split_header_value_benchmark.rb
user system total real
0.479047 0.001602 0.480649 ( 0.482736)
7.363092 0.023386 7.386478 ( 7.416695)
29.470135 0.087509 29.557644 ( 29.692607)
❯ bundle exec ruby parse_header_benchmark.rb
user system total real
0.000048 0.000002 0.000050 ( 0.000048)
0.002813 0.000001 0.002814 ( 0.002814)
0.286042 0.000981 0.287023 ( 0.287891)
9.142029 0.021795 9.163824 ( 9.194904)
user system total real
0.000047 0.000003 0.000050 ( 0.000048)
0.002953 0.000061 0.003014 ( 0.003091)
0.287413 0.000823 0.288236 ( 0.289156)
9.225684 0.025085 9.250769 ( 9.287072)
Ruby 3.1.5
❯ bundle exec ruby split_header_value_benchmark.rb
user system total real
0.408610 0.000808 0.409418 ( 0.410897)
6.532185 0.018883 6.551068 ( 6.573329)
26.129580 0.077228 26.206808 ( 26.298100)
❯ bundle exec ruby parse_header_benchmark.rb
user system total real
0.000043 0.000001 0.000044 ( 0.000043)
0.002711 0.000006 0.002717 ( 0.002770)
0.272342 0.000537 0.272879 ( 0.273936)
8.803543 0.030941 8.834484 ( 8.866946)
user system total real
0.000051 0.000004 0.000055 ( 0.000055)
0.002937 0.000036 0.002973 ( 0.002995)
0.273069 0.001056 0.274125 ( 0.275017)
8.859176 0.025245 8.884421 ( 8.914298)
Ruby 3.2.3
❯ bundle exec ruby split_header_value_benchmark.rb
user system total real
0.000010 0.000001 0.000011 ( 0.000010)
0.000004 0.000000 0.000004 ( 0.000005)
0.000003 0.000001 0.000004 ( 0.000004)
❯ bundle exec ruby parse_header_benchmark.rb
user system total real
0.000020 0.000001 0.000021 ( 0.000020)
0.000047 0.000000 0.000047 ( 0.000047)
0.000442 0.000078 0.000520 ( 0.000520)
0.002261 0.000360 0.002621 ( 0.002620)
user system total real
0.000012 0.000005 0.000017 ( 0.000017)
0.000050 0.000004 0.000054 ( 0.000054)
0.000442 0.000028 0.000470 ( 0.000469)
0.002373 0.000415 0.002788 ( 0.002799)
Ruby 3.2.4
❯ bundle exec ruby split_header_value_benchmark.rb
user system total real
0.000012 0.000001 0.000013 ( 0.000011)
0.000005 0.000001 0.000006 ( 0.000005)
0.000004 0.000001 0.000005 ( 0.000004)
❯ bundle exec ruby parse_header_benchmark.rb
user system total real
0.000020 0.000004 0.000024 ( 0.000023)
0.000049 0.000001 0.000050 ( 0.000049)
0.000406 0.000057 0.000463 ( 0.000462)
0.002232 0.000407 0.002639 ( 0.002639)
user system total real
0.000012 0.000006 0.000018 ( 0.000018)
0.000050 0.000007 0.000057 ( 0.000056)
0.000415 0.000052 0.000467 ( 0.000467)
0.002309 0.000420 0.002729 ( 0.002730)
Ruby 3.3.0
❯ bundle exec ruby split_header_value_benchmark.rb
user system total real
0.000014 0.000002 0.000016 ( 0.000014)
0.000006 0.000001 0.000007 ( 0.000007)
0.000006 0.000000 0.000006 ( 0.000006)
❯ bundle exec ruby parse_header_benchmark.rb
user system total real
0.000024 0.000001 0.000025 ( 0.000022)
0.000081 0.000009 0.000090 ( 0.000091)
0.000739 0.000114 0.000853 ( 0.000854)
0.004221 0.001375 0.005596 ( 0.005614)
user system total real
0.000023 0.000004 0.000027 ( 0.000026)
0.000094 0.000011 0.000105 ( 0.000105)
0.000875 0.000089 0.000964 ( 0.000995)
0.004947 0.001324 0.006271 ( 0.006278)
Ruby 3.3.1
❯ bundle exec ruby split_header_value_benchmark.rb
user system total real
0.000016 0.000002 0.000018 ( 0.000015)
0.000007 0.000000 0.000007 ( 0.000007)
0.000006 0.000000 0.000006 ( 0.000006)
❯ bundle exec ruby parse_header_benchmark.rb
user system total real
0.000029 0.000001 0.000030 ( 0.000028)
0.000100 0.000016 0.000116 ( 0.000116)
0.000899 0.000182 0.001081 ( 0.001080)
0.004985 0.001048 0.006033 ( 0.006035)
user system total real
0.000022 0.000003 0.000025 ( 0.000024)
0.000110 0.000008 0.000118 ( 0.000119)
0.001049 0.000178 0.001227 ( 0.001227)
0.005976 0.001517 0.007493 ( 0.007498)
-
2024/10/19 CVE-2024-47888を追加 ↩︎
Discussion