astelm/telemt
1
0
Fork 0
mirror of https://github.com/telemt/telemt.git synced 2026-06-24 20:01:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add comprehensive security tests for quota management and relay functionality

Browse Source 
- Introduced `relay_dual_lock_race_harness_security_tests.rs` to validate user liveness during lock hold and release cycles.
- Added `relay_quota_extended_attack_surface_security_tests.rs` to cover various quota scenarios including positive, negative, edge cases, and adversarial conditions.
- Implemented `relay_quota_lock_eviction_lifecycle_tdd_tests.rs` to ensure proper eviction of stale entries and lifecycle management of quota locks.
- Created `relay_quota_lock_eviction_stress_security_tests.rs` to stress test the eviction mechanism under high churn conditions.
- Enhanced `relay_quota_lock_pressure_adversarial_tests.rs` to verify reclaiming of unreferenced entries after explicit eviction.
- Developed `relay_quota_retry_allocation_latency_security_tests.rs` to benchmark and validate latency and allocation behavior under contention.
This commit is contained in:
David Osipov
2026-03-23 12:04:41 +04:00
parent 91be148b72
commit 6f17d4d231
42 changed files with 6774 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/proxy/tests/masking_interface_cache_security_tests.rs
+7 -7
View File
@@ -8,8 +8,8 @@ fn interface_cache_test_lock() -> &'static Mutex<()> {
LOCK.get_or_init(|| Mutex::new(()))
}
#[test]
fn tdd_repeated_local_listener_checks_do_not_repeat_interface_enumeration_within_window() {
#[tokio::test]
async fn tdd_repeated_local_listener_checks_do_not_repeat_interface_enumeration_within_window() {
let _guard = interface_cache_test_lock()
.lock()
.unwrap_or_else(|poison| poison.into_inner());
@@ -17,8 +17,8 @@ fn tdd_repeated_local_listener_checks_do_not_repeat_interface_enumeration_within
let local_addr: SocketAddr = "0.0.0.0:443".parse().expect("valid local addr");
let _ = is_mask_target_local_listener("127.0.0.1", 443, local_addr, None);
let _ = is_mask_target_local_listener("127.0.0.1", 443, local_addr, None);
let _ = is_mask_target_local_listener_async("127.0.0.1", 443, local_addr, None).await;
let _ = is_mask_target_local_listener_async("127.0.0.1", 443, local_addr, None).await;
assert_eq!(
local_interface_enumerations_for_tests(),
@@ -27,15 +27,15 @@ fn tdd_repeated_local_listener_checks_do_not_repeat_interface_enumeration_within
);
}
#[test]
fn tdd_non_local_port_short_circuit_does_not_enumerate_interfaces() {
#[tokio::test]
async fn tdd_non_local_port_short_circuit_does_not_enumerate_interfaces() {
let _guard = interface_cache_test_lock()
.lock()
.unwrap_or_else(|poison| poison.into_inner());
reset_local_interface_enumerations_for_tests();
let local_addr: SocketAddr = "0.0.0.0:443".parse().expect("valid local addr");
let is_local = is_mask_target_local_listener("127.0.0.1", 8443, local_addr, None);
let is_local = is_mask_target_local_listener_async("127.0.0.1", 8443, local_addr, None).await;
assert!(!is_local, "different port must not be treated as local listener");
assert_eq!(