Conversation
Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
🤖 Augment PR SummarySummary: This PR upgrades the vendored Changes:
Technical Notes: The JS port now conditionally uses generated validators for non-dynamic/non-tracking templates to reduce per-instruction overhead, while keeping the callback/tracking paths on the interpreter-based evaluator. 🤖 Was this summary useful? React with 👍 or 👎 |
![augmentcode[bot]](https://avatars.githubusercontent.com/in/1027498?s=60&v=4){kind=small}
| body += 'return true;'; | ||
|
|
||
| try { | ||
| const fn = eval( |
There was a problem hiding this comment.
vendor/blaze/ports/javascript/index.mjs:355: Using eval here means a crafted/hand-edited template could potentially inject executable JS because instruction fields are interpolated into generated code without strict type validation. If templates might be untrusted input, consider hard-validating numeric/string fields (or gating native codegen behind an explicit opt-in) before calling eval.
Severity: high
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
| if (evaluator.callbackMode) evaluator.callbackPop(instruction, false); | ||
| return false; | ||
| } | ||
| const __result = URI_REGEX.test(target); |
There was a problem hiding this comment.
vendor/blaze/ports/javascript/index.mjs:1291: Switching AssertionStringType from new URL() to URI_REGEX significantly relaxes URI validation (e.g., invalid percent-encoding or other illegal characters may now pass). If this opcode is meant to implement JSON Schema format: uri semantics strictly, this could be a behavior regression.
Severity: medium
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Benchmark Index (enterprise)
Details
| Benchmark suite | Current: 5072a18 | Previous: aca182e | Ratio |
|---|---|---|---|
Add one schema (0 existing) |
21 ms |
19 ms |
1.11 |
Add one schema (100 existing) |
26 ms |
25 ms |
1.04 |
Add one schema (1000 existing) |
72 ms |
73 ms |
0.99 |
Add one schema (10000 existing) |
599 ms |
615 ms |
0.97 |
Update one schema (1 existing) |
18 ms |
18 ms |
1 |
Update one schema (101 existing) |
24 ms |
24 ms |
1 |
Update one schema (1001 existing) |
73 ms |
74 ms |
0.99 |
Update one schema (10001 existing) |
606 ms |
604 ms |
1.00 |
Cached rebuild (1 existing) |
12 ms |
10 ms |
1.20 |
Cached rebuild (101 existing) |
12 ms |
12 ms |
1 |
Cached rebuild (1001 existing) |
31 ms |
32 ms |
0.97 |
Cached rebuild (10001 existing) |
250 ms |
248 ms |
1.01 |
Index 100 schemas |
112 ms |
143 ms |
0.78 |
Index 1000 schemas |
992 ms |
1137 ms |
0.87 |
Index 10000 schemas |
13707 ms |
12405 ms |
1.10 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Benchmark Index (community)
Details
| Benchmark suite | Current: 5072a18 | Previous: aca182e | Ratio |
|---|---|---|---|
Add one schema (0 existing) |
20 ms |
16 ms |
1.25 |
Add one schema (100 existing) |
22 ms |
19 ms |
1.16 |
Add one schema (1000 existing) |
74 ms |
59 ms |
1.25 |
Add one schema (10000 existing) |
629 ms |
499 ms |
1.26 |
Update one schema (1 existing) |
16 ms |
14 ms |
1.14 |
Update one schema (101 existing) |
23 ms |
19 ms |
1.21 |
Update one schema (1001 existing) |
77 ms |
61 ms |
1.26 |
Update one schema (10001 existing) |
649 ms |
511 ms |
1.27 |
Cached rebuild (1 existing) |
9 ms |
8 ms |
1.13 |
Cached rebuild (101 existing) |
10 ms |
9 ms |
1.11 |
Cached rebuild (1001 existing) |
30 ms |
21 ms |
1.43 |
Cached rebuild (10001 existing) |
251 ms |
159 ms |
1.58 |
Index 100 schemas |
121 ms |
107 ms |
1.13 |
Index 1000 schemas |
1028 ms |
845 ms |
1.22 |
Index 10000 schemas |
13250 ms |
10928 ms |
1.21 |
This comment was automatically generated by workflow using github-action-benchmark.
1 participant
Signed-off-by: Juan Cruz Viotti jv@jviotti.com