From e243a1a3a6fdff9fc28b17fb193d4510864e8d5f Mon Sep 17 00:00:00 2001
From: DayShift <113507098+ShiyuBanzhou@users.noreply.github.com>
Date: Sun, 19 Jan 2025 21:16:56 +0800
Subject: [PATCH] Add files via upload

add test_apicache_ReDos.js
---
 test/backend-test/test_apicache_ReDos.js | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 test/backend-test/test_apicache_ReDos.js

diff --git a/test/backend-test/test_apicache_ReDos.js b/test/backend-test/test_apicache_ReDos.js
new file mode 100644
index 000000000..6101eb4dc
--- /dev/null
+++ b/test/backend-test/test_apicache_ReDos.js
@@ -0,0 +1,22 @@
+const semver = require("semver");
+let test;
+const nodeVersion = process.versions.node;
+if (semver.satisfies(nodeVersion, ">= 18")) {
+    test = require("node:test");
+} else {
+    test = require("test");
+}
+const apicacheModule = require("../../server/modules/apicache/apicache.js");
+
+const assert = require("node:assert");
+
+test("Test ReDos - attack string", async (t) => {
+  const getDuration = apicacheModule.getDuration;
+  const str = "" + "00".repeat(100000) + "\u0000";
+  const startTime = performance.now();
+  getDuration(str);
+  const endTime = performance.now();
+  const elapsedTime = endTime - startTime;
+  const reDosThreshold = 9000;
+  assert(elapsedTime <= reDosThreshold, `🚨 可能存在 ReDoS 攻击！getDuration 方法耗时 ${elapsedTime.toFixed(2)} 毫秒，超过阈值 ${reDosThreshold} 毫秒。`);
+});
\ No newline at end of file