mirror of
https://github.com/XRPLF/clio.git
synced 2025-11-11 07:15:51 +00:00
5b417bdc45
* Implement logging abstraction (#371) Fixes #290 * Fix pre-commit to only check staged files * Implement account ownership check and fix paging (#383) Fixes #222 * Remove the github action package signing step This will be done elsewhere. * include searched_all in error response of tx (#407) * helper function for subscribe to ensure cleanup (#402) * Add closed to header for all paths of ledger_data (#416) Fixes #219 * Add custom error for malformed owner and request (#417) Fixes #274 * Use custom malformedAddress error in ledger_entry (#419) Fixes #272 * Return lgrIdxsInvalid error for ledger_max_index less than ledger_min_index (#339) Fixes #263 * Update headers to use #pragma once * Add custom error for malformed request (#414) Fixes #276 * Return srcCurMalformed on invalid taker_pays in book_offers (#413) Fixes #267 * Fix source_location issue on MacOSX and Debug build (#431) Fixes #428 * Implement always adding git ref to version string (#430) Fixes #427 * add connection counting (#433) * Fix malformed output format over ws rpc (#426) Fixes #405 * Remove branch name from version string (#437) Fixes a bug from #430 * Implement cli parsing using boost::po (#436) Fixes #367 * Update documentation and config with ssl_cert_file and ssl_key_file (#443) Fixes #424 * Fix gateway balances to match rippled output (#441) Fixes #271 * Update README and example config to describe start_sequence (#438) Fixes #250 * Add copyright to top of each source file (#444) Fixes #411 * Increase file descriptor limit (#449) * Update readme with more log configurations (#447) Fixes #446 * Document dos_guard in example config. Log when client surpasses rate limit (#451) * Add unit tests for DOSGuard (#453) Fixes #452 * Build macOS and Ubuntu 22.04 (#456) build release/x.y.z branches * Add time measurement profiler (#458) Rebase * Match format to rippled error code (#461) Fixes #263 * Change error message to match rippled (#463) Fixes #263 * Add requests limit to DosGuard (#462) Fixing #448 * Set version to 1.0.4-rc2 Co-authored-by: Alex Kremer <akremer@ripple.com> Co-authored-by: CJ Cobb <46455409+cjcobb23@users.noreply.github.com> Co-authored-by: Francis Mendoza <francissamuelmendoza7@gmail.com> Co-authored-by: cyan317 <120398799+cindyyan317@users.noreply.github.com>
178 lines
4.8 KiB
C++
178 lines
4.8 KiB
C++
//------------------------------------------------------------------------------
|
|
/*
|
|
This file is part of clio: https://github.com/XRPLF/clio
|
|
Copyright (c) 2022, the clio developers.
|
|
|
|
Permission to use, copy, modify, and distribute this software for any
|
|
purpose with or without fee is hereby granted, provided that the above
|
|
copyright notice and this permission notice appear in all copies.
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
*/
|
|
//==============================================================================
|
|
|
|
#include <util/Fixtures.h>
|
|
|
|
#include <config/Config.h>
|
|
#include <webserver/DOSGuard.h>
|
|
|
|
#include <boost/json/parse.hpp>
|
|
#include <gmock/gmock.h>
|
|
|
|
using namespace testing;
|
|
using namespace clio;
|
|
using namespace std;
|
|
namespace json = boost::json;
|
|
|
|
namespace {
|
|
constexpr static auto JSONData = R"JSON(
|
|
{
|
|
"dos_guard": {
|
|
"max_fetches": 100,
|
|
"sweep_interval": 1,
|
|
"max_connections": 2,
|
|
"max_requests": 3,
|
|
"whitelist": ["127.0.0.1"]
|
|
}
|
|
}
|
|
)JSON";
|
|
|
|
constexpr static auto JSONData2 = R"JSON(
|
|
{
|
|
"dos_guard": {
|
|
"max_fetches": 100,
|
|
"sweep_interval": 0.1,
|
|
"max_connections": 2,
|
|
"whitelist": ["127.0.0.1"]
|
|
}
|
|
}
|
|
)JSON";
|
|
|
|
constexpr static auto IP = "127.0.0.2";
|
|
|
|
class FakeSweepHandler
|
|
{
|
|
private:
|
|
using guard_type = BasicDOSGuard<FakeSweepHandler>;
|
|
guard_type* dosGuard_;
|
|
|
|
public:
|
|
void
|
|
setup(guard_type* guard)
|
|
{
|
|
dosGuard_ = guard;
|
|
}
|
|
|
|
void
|
|
sweep()
|
|
{
|
|
dosGuard_->clear();
|
|
}
|
|
};
|
|
}; // namespace
|
|
|
|
class DOSGuardTest : public NoLoggerFixture
|
|
{
|
|
protected:
|
|
Config cfg{json::parse(JSONData)};
|
|
FakeSweepHandler sweepHandler;
|
|
BasicDOSGuard<FakeSweepHandler> guard{cfg, sweepHandler};
|
|
};
|
|
|
|
TEST_F(DOSGuardTest, Whitelisting)
|
|
{
|
|
EXPECT_TRUE(guard.isWhiteListed("127.0.0.1"));
|
|
EXPECT_FALSE(guard.isWhiteListed(IP));
|
|
}
|
|
|
|
TEST_F(DOSGuardTest, ConnectionCount)
|
|
{
|
|
EXPECT_TRUE(guard.isOk(IP));
|
|
guard.increment(IP); // one connection
|
|
EXPECT_TRUE(guard.isOk(IP));
|
|
guard.increment(IP); // two connections
|
|
EXPECT_TRUE(guard.isOk(IP));
|
|
guard.increment(IP); // > two connections, can't connect more
|
|
EXPECT_FALSE(guard.isOk(IP));
|
|
|
|
guard.decrement(IP);
|
|
EXPECT_TRUE(guard.isOk(IP)); // can connect again
|
|
}
|
|
|
|
TEST_F(DOSGuardTest, FetchCount)
|
|
{
|
|
EXPECT_TRUE(guard.add(IP, 50)); // half of allowence
|
|
EXPECT_TRUE(guard.add(IP, 50)); // now fully charged
|
|
EXPECT_FALSE(guard.add(IP, 1)); // can't add even 1 anymore
|
|
EXPECT_FALSE(guard.isOk(IP));
|
|
|
|
guard.clear(); // force clear the above fetch count
|
|
EXPECT_TRUE(guard.isOk(IP)); // can fetch again
|
|
}
|
|
|
|
TEST_F(DOSGuardTest, ClearFetchCountOnTimer)
|
|
{
|
|
EXPECT_TRUE(guard.add(IP, 50)); // half of allowence
|
|
EXPECT_TRUE(guard.add(IP, 50)); // now fully charged
|
|
EXPECT_FALSE(guard.add(IP, 1)); // can't add even 1 anymore
|
|
EXPECT_FALSE(guard.isOk(IP));
|
|
|
|
sweepHandler.sweep(); // pretend sweep called from timer
|
|
EXPECT_TRUE(guard.isOk(IP)); // can fetch again
|
|
}
|
|
|
|
TEST_F(DOSGuardTest, RequestLimit)
|
|
{
|
|
EXPECT_TRUE(guard.request(IP));
|
|
EXPECT_TRUE(guard.request(IP));
|
|
EXPECT_TRUE(guard.request(IP));
|
|
EXPECT_TRUE(guard.isOk(IP));
|
|
EXPECT_FALSE(guard.request(IP));
|
|
EXPECT_FALSE(guard.isOk(IP));
|
|
guard.clear();
|
|
EXPECT_TRUE(guard.isOk(IP)); // can request again
|
|
}
|
|
|
|
TEST_F(DOSGuardTest, RequestLimitOnTimer)
|
|
{
|
|
EXPECT_TRUE(guard.request(IP));
|
|
EXPECT_TRUE(guard.request(IP));
|
|
EXPECT_TRUE(guard.request(IP));
|
|
EXPECT_TRUE(guard.isOk(IP));
|
|
EXPECT_FALSE(guard.request(IP));
|
|
EXPECT_FALSE(guard.isOk(IP));
|
|
sweepHandler.sweep();
|
|
EXPECT_TRUE(guard.isOk(IP)); // can request again
|
|
}
|
|
|
|
template <typename SweepHandler>
|
|
struct BasicDOSGuardMock : public BaseDOSGuard
|
|
{
|
|
BasicDOSGuardMock(SweepHandler& handler)
|
|
{
|
|
handler.setup(this);
|
|
}
|
|
|
|
MOCK_METHOD(void, clear, (), (noexcept, override));
|
|
};
|
|
|
|
class DOSGuardIntervalSweepHandlerTest : public SyncAsioContextTest
|
|
{
|
|
protected:
|
|
Config cfg{json::parse(JSONData2)};
|
|
IntervalSweepHandler sweepHandler{cfg, ctx};
|
|
BasicDOSGuardMock<IntervalSweepHandler> guard{sweepHandler};
|
|
};
|
|
|
|
TEST_F(DOSGuardIntervalSweepHandlerTest, SweepAfterInterval)
|
|
{
|
|
EXPECT_CALL(guard, clear()).Times(Exactly(2));
|
|
ctx.run_for(std::chrono::milliseconds(210));
|
|
}
|