@@ -1780,40 +1780,35 @@ def test_constant_time_operations(self):
17801780 """Test that validation doesn't leak timing information."""
17811781 logger .debug ("Testing constant-time validation" )
17821782
1783- # Standard
1784- import statistics
17851783 import time
1784+ import statistics
17861785
1787- # Test multiple validation attempts
17881786 valid_times = []
17891787 invalid_times = []
17901788
1791- for _ in range ( 10 ):
1792- # Valid input
1789+ # Actual measurement
1790+ for _ in range ( 100 ):
17931791 start = time .time ()
17941792 try :
17951793 ToolCreate (name = "valid_name" , url = "https://example.com" )
17961794 except :
17971795 pass
1798- valid_times .append (time .time () - start )
1796+ valid_times .append (time .perf_counter () - start )
17991797
1800- # Invalid input
1801- start = time .time ()
1798+ start = time .perf_counter ()
18021799 try :
18031800 ToolCreate (name = "<script>alert('XSS')</script>" , url = "https://example.com" )
18041801 except :
18051802 pass
1806- invalid_times .append (time .time () - start )
1803+ invalid_times .append (time .perf_counter () - start )
18071804
1808- # Calculate statistics
1809- valid_avg = statistics .mean (valid_times )
1810- invalid_avg = statistics .mean (invalid_times )
1805+ valid_median = statistics .median (valid_times )
1806+ invalid_median = statistics .median (invalid_times )
18111807
1812- logger .debug (f"Valid input avg time : { valid_avg :.6f } )
1813- logger .debug (f"Invalid input avg time : { invalid_avg :.6f } )
1808+ logger .debug (f"Valid median : { valid_median :.9f } )
1809+ logger .debug (f"Invalid median : { invalid_median :.9f } )
18141810
1815- # Times should be similar (within 50% of each other)
1816- ratio = max (valid_avg , invalid_avg ) / min (valid_avg , invalid_avg )
1811+ ratio = max (valid_median , invalid_median ) / min (valid_median , invalid_median )
18171812 assert ratio < 1.5 , f"Timing difference too large: { ratio :.2f}
18181813
18191814
0 commit comments