hash-of-wisdom/test/integration/slowloris_test.go

package integration

import (
	"net"
	"testing"
	"time"

	"hash-of-wisdom/internal/protocol"
	"hash-of-wisdom/internal/server"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestSlowlorisProtection_SlowReader(t *testing.T) {
	// Setup server with very short read timeout for testing
	serverConfig := &server.Config{
		Address:  ":0",
		Timeouts: server.TimeoutConfig{
			Read:       100 * time.Millisecond,
			Write:      5 * time.Second,
			Connection: 15 * time.Second,
		},
	}

	srv := setupTestServerWithConfig(t, serverConfig)
	defer srv.Stop()

	// Connect to server
	conn, err := net.Dial("tcp", srv.Address())
	require.NoError(t, err)
	defer conn.Close()

	// Send partial message header very slowly (slowloris attack)
	_, err = conn.Write([]byte{0x01}) // Challenge request type
	require.NoError(t, err)

	// Wait longer than read timeout before sending length
	time.Sleep(200 * time.Millisecond)

	// Try to send more data - connection should be timed out
	_, err = conn.Write([]byte{0x00, 0x00, 0x00, 0x00}) // Payload length

	// Verify connection is closed by trying to read
	buffer := make([]byte, 1024)
	conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))
	_, err = conn.Read(buffer)
	assert.Error(t, err, "Connection should be closed due to slow reading")
}

func TestSlowlorisProtection_SlowWriter(t *testing.T) {
	// Setup server with very short write timeout for testing
	serverConfig := &server.Config{
		Address:  ":0",
		Timeouts: server.TimeoutConfig{
			Read:       5 * time.Second,
			Write:      100 * time.Millisecond,
			Connection: 15 * time.Second,
		},
	}

	srv := setupTestServerWithConfig(t, serverConfig)
	defer srv.Stop()

	// Connect to server but don't read responses (simulate slow writer client)
	conn, err := net.Dial("tcp", srv.Address())
	require.NoError(t, err)
	defer conn.Close()

	// Send a complete challenge request
	challengeReq := &protocol.ChallengeRequest{}
	err = challengeReq.Encode(conn)
	require.NoError(t, err)

	// Don't read the response - this should trigger write timeout
	time.Sleep(200 * time.Millisecond)

	// Try to write again - connection should be timed out
	_, err = conn.Write([]byte{0x01})

	// Verify connection is closed
	buffer := make([]byte, 1024)
	conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))
	_, err = conn.Read(buffer)
	assert.Error(t, err, "Connection should be closed due to slow writing")
}

func TestSlowlorisProtection_SlowConnectionTimeout(t *testing.T) {
	// Setup server with very short connection timeout for testing
	serverConfig := &server.Config{
		Address:  ":0",
		Timeouts: server.TimeoutConfig{
			Read:       5 * time.Second,
			Write:      5 * time.Second,
			Connection: 200 * time.Millisecond,
		},
	}

	srv := setupTestServerWithConfig(t, serverConfig)
	defer srv.Stop()

	// Connect to server but do nothing
	conn, err := net.Dial("tcp", srv.Address())
	require.NoError(t, err)
	defer conn.Close()

	// Wait longer than connection timeout
	time.Sleep(300 * time.Millisecond)

	// Try to read - connection should be closed
	buffer := make([]byte, 1024)
	conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))
	_, err = conn.Read(buffer)
	assert.Error(t, err, "Connection should be closed due to connection timeout")
}

func TestSlowlorisProtection_MultipleSlowClients(t *testing.T) {
	// Setup server with short timeouts
	serverConfig := &server.Config{
		Address:  ":0",
		Timeouts: server.TimeoutConfig{
			Read:       1 * time.Second,
			Write:      1 * time.Second,
			Connection: 2 * time.Second,
		},
	}

	srv := setupTestServerWithConfig(t, serverConfig)
	defer srv.Stop()

	// Create multiple slow connections
	var connections []net.Conn
	for i := 0; i < 5; i++ {
		conn, err := net.Dial("tcp", srv.Address())
		require.NoError(t, err)
		connections = append(connections, conn)
		// Send partial data on each connection
		conn.Write([]byte{0x01}) // Challenge request type only
	}

	// Wait for timeouts to kick in
	time.Sleep(1500 * time.Millisecond)

	// All connections should be closed
	buffer := make([]byte, 1024)
	for i, conn := range connections {
		conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))
		_, err := conn.Read(buffer)
		assert.Error(t, err, "Connection %d should be closed", i)
		conn.Close()
	}
}

func TestSlowlorisProtection_AttackMitigation(t *testing.T) {
	// Test that server can still serve legitimate clients during an attack
	serverConfig := &server.Config{
		Address:  ":0",
		Timeouts: server.TimeoutConfig{
			Read:       500 * time.Millisecond,
			Write:      500 * time.Millisecond,
			Connection: 1 * time.Second,
		},
	}

	srv := setupTestServerWithConfig(t, serverConfig)
	defer srv.Stop()

	// Start slowloris attack - multiple slow connections
	var attackConnections []net.Conn
	for i := 0; i < 3; i++ {
		conn, err := net.Dial("tcp", srv.Address())
		require.NoError(t, err)
		attackConnections = append(attackConnections, conn)
		// Send partial data
		conn.Write([]byte{0x01})
	}

	// Meanwhile, legitimate client should still work
	legitimateConn, err := net.Dial("tcp", srv.Address())
	require.NoError(t, err)
	defer legitimateConn.Close()

	// Send complete request quickly
	challengeReq := &protocol.ChallengeRequest{}
	err = challengeReq.Encode(legitimateConn)
	require.NoError(t, err)

	// Should receive response despite ongoing attack
	decoder := protocol.NewMessageDecoder()
	msg, err := decoder.Decode(legitimateConn)
	assert.NoError(t, err)
	assert.Equal(t, protocol.ChallengeResponseType, msg.Type)

	// Clean up attack connections
	for _, conn := range attackConnections {
		conn.Close()
	}
}

func TestSlowlorisProtection_SlowChunkReading(t *testing.T) {
	// Test protection against clients that read responses very slowly
	serverConfig := &server.Config{
		Address:  ":0",
		Timeouts: server.TimeoutConfig{
			Read:       5 * time.Second,
			Write:      200 * time.Millisecond,
			Connection: 10 * time.Second,
		},
	}

	srv := setupTestServerWithConfig(t, serverConfig)
	defer srv.Stop()

	// Connect and send valid request
	conn, err := net.Dial("tcp", srv.Address())
	require.NoError(t, err)
	defer conn.Close()

	challengeReq := &protocol.ChallengeRequest{}
	err = challengeReq.Encode(conn)
	require.NoError(t, err)

	// Read only first byte of response very slowly
	buffer := make([]byte, 1)
	_, err = conn.Read(buffer)
	require.NoError(t, err)

	// Wait longer than write timeout before reading more
	time.Sleep(300 * time.Millisecond)

	// Try to read more - connection should be closed due to slow reading
	conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))
	_, err = conn.Read(buffer)
	assert.Error(t, err, "Connection should be closed due to slow chunk reading")
}
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`package integration`

			`import (`
			`"net"`
			`"testing"`
			`"time"`

			`"hash-of-wisdom/internal/protocol"`
			`"hash-of-wisdom/internal/server"`

			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`
			`)`

			`func TestSlowlorisProtection_SlowReader(t *testing.T) {`
			`// Setup server with very short read timeout for testing`
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`serverConfig := &server.Config{`
			`Address: ":0",`
			`Timeouts: server.TimeoutConfig{`
			`Read: 100 * time.Millisecond,`
			`Write: 5 * time.Second,`
			`Connection: 15 * time.Second,`
			`},`
			`}`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`srv := setupTestServerWithConfig(t, serverConfig)`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`defer srv.Stop()`

			`// Connect to server`
			`conn, err := net.Dial("tcp", srv.Address())`
			`require.NoError(t, err)`
			`defer conn.Close()`

			`// Send partial message header very slowly (slowloris attack)`
			`_, err = conn.Write([]byte{0x01}) // Challenge request type`
			`require.NoError(t, err)`

			`// Wait longer than read timeout before sending length`
			`time.Sleep(200 * time.Millisecond)`

			`// Try to send more data - connection should be timed out`
			`_, err = conn.Write([]byte{0x00, 0x00, 0x00, 0x00}) // Payload length`

			`// Verify connection is closed by trying to read`
			`buffer := make([]byte, 1024)`
			`conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))`
			`_, err = conn.Read(buffer)`
			`assert.Error(t, err, "Connection should be closed due to slow reading")`
			`}`

			`func TestSlowlorisProtection_SlowWriter(t *testing.T) {`
			`// Setup server with very short write timeout for testing`
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`serverConfig := &server.Config{`
			`Address: ":0",`
			`Timeouts: server.TimeoutConfig{`
			`Read: 5 * time.Second,`
			`Write: 100 * time.Millisecond,`
			`Connection: 15 * time.Second,`
			`},`
			`}`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`srv := setupTestServerWithConfig(t, serverConfig)`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`defer srv.Stop()`

			`// Connect to server but don't read responses (simulate slow writer client)`
			`conn, err := net.Dial("tcp", srv.Address())`
			`require.NoError(t, err)`
			`defer conn.Close()`

			`// Send a complete challenge request`
			`challengeReq := &protocol.ChallengeRequest{}`
			`err = challengeReq.Encode(conn)`
			`require.NoError(t, err)`

[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`// Don't read the response - this should trigger write timeout`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`time.Sleep(200 * time.Millisecond)`

[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`// Try to write again - connection should be timed out`
			`_, err = conn.Write([]byte{0x01})`

			`// Verify connection is closed`
			`buffer := make([]byte, 1024)`
			`conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))`
			`_, err = conn.Read(buffer)`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`assert.Error(t, err, "Connection should be closed due to slow writing")`
			`}`

[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`func TestSlowlorisProtection_SlowConnectionTimeout(t *testing.T) {`
			`// Setup server with very short connection timeout for testing`
			`serverConfig := &server.Config{`
			`Address: ":0",`
			`Timeouts: server.TimeoutConfig{`
			`Read: 5 * time.Second,`
			`Write: 5 * time.Second,`
			`Connection: 200 * time.Millisecond,`
			`},`
			`}`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`srv := setupTestServerWithConfig(t, serverConfig)`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`defer srv.Stop()`

[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`// Connect to server but do nothing`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`conn, err := net.Dial("tcp", srv.Address())`
			`require.NoError(t, err)`
			`defer conn.Close()`

[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`// Wait longer than connection timeout`
			`time.Sleep(300 * time.Millisecond)`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`// Try to read - connection should be closed`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`buffer := make([]byte, 1024)`
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`_, err = conn.Read(buffer)`
			`assert.Error(t, err, "Connection should be closed due to connection timeout")`
			`}`

[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`func TestSlowlorisProtection_MultipleSlowClients(t *testing.T) {`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`// Setup server with short timeouts`
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`serverConfig := &server.Config{`
			`Address: ":0",`
			`Timeouts: server.TimeoutConfig{`
			`Read: 1 * time.Second,`
			`Write: 1 * time.Second,`
			`Connection: 2 * time.Second,`
			`},`
			`}`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`srv := setupTestServerWithConfig(t, serverConfig)`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`defer srv.Stop()`

[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`// Create multiple slow connections`
			`var connections []net.Conn`
			`for i := 0; i < 5; i++ {`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`conn, err := net.Dial("tcp", srv.Address())`
			`require.NoError(t, err)`
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`connections = append(connections, conn)`
			`// Send partial data on each connection`
			`conn.Write([]byte{0x01}) // Challenge request type only`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`}`

[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`// Wait for timeouts to kick in`
			`time.Sleep(1500 * time.Millisecond)`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`// All connections should be closed`
			`buffer := make([]byte, 1024)`
			`for i, conn := range connections {`
			`conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`_, err := conn.Read(buffer)`
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`assert.Error(t, err, "Connection %d should be closed", i)`
			`conn.Close()`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`}`
			`}`

[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`func TestSlowlorisProtection_AttackMitigation(t *testing.T) {`
			`// Test that server can still serve legitimate clients during an attack`
			`serverConfig := &server.Config{`
			`Address: ":0",`
			`Timeouts: server.TimeoutConfig{`
			`Read: 500 * time.Millisecond,`
			`Write: 500 * time.Millisecond,`
			`Connection: 1 * time.Second,`
			`},`
			`}`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`srv := setupTestServerWithConfig(t, serverConfig)`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`defer srv.Stop()`

[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`// Start slowloris attack - multiple slow connections`
			`var attackConnections []net.Conn`
			`for i := 0; i < 3; i++ {`
			`conn, err := net.Dial("tcp", srv.Address())`
			`require.NoError(t, err)`
			`attackConnections = append(attackConnections, conn)`
			`// Send partial data`
			`conn.Write([]byte{0x01})`
			`}`

			`// Meanwhile, legitimate client should still work`
			`legitimateConn, err := net.Dial("tcp", srv.Address())`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`require.NoError(t, err)`
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`defer legitimateConn.Close()`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`// Send complete request quickly`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`challengeReq := &protocol.ChallengeRequest{}`
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`err = challengeReq.Encode(legitimateConn)`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`require.NoError(t, err)`

[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`// Should receive response despite ongoing attack`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`decoder := protocol.NewMessageDecoder()`
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`msg, err := decoder.Decode(legitimateConn)`
			`assert.NoError(t, err)`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`assert.Equal(t, protocol.ChallengeResponseType, msg.Type)`
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00
			`// Clean up attack connections`
			`for _, conn := range attackConnections {`
			`conn.Close()`
			`}`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`}`

[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`func TestSlowlorisProtection_SlowChunkReading(t *testing.T) {`
			`// Test protection against clients that read responses very slowly`
			`serverConfig := &server.Config{`
			`Address: ":0",`
			`Timeouts: server.TimeoutConfig{`
			`Read: 5 * time.Second,`
			`Write: 200 * time.Millisecond,`
			`Connection: 10 * time.Second,`
			`},`
			`}`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`srv := setupTestServerWithConfig(t, serverConfig)`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`defer srv.Stop()`

[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`// Connect and send valid request`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`conn, err := net.Dial("tcp", srv.Address())`
			`require.NoError(t, err)`
			`defer conn.Close()`

[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`challengeReq := &protocol.ChallengeRequest{}`
			`err = challengeReq.Encode(conn)`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`require.NoError(t, err)`

[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`// Read only first byte of response very slowly`
			`buffer := make([]byte, 1)`
			`_, err = conn.Read(buffer)`
			`require.NoError(t, err)`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`// Wait longer than write timeout before reading more`
			`time.Sleep(300 * time.Millisecond)`

			`// Try to read more - connection should be closed due to slow reading`
			`conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`_, err = conn.Read(buffer)`
[PHASE-8] Add proper configuration 2025-08-23 12:12:45 +03:00			`assert.Error(t, err, "Connection should be closed due to slow chunk reading")`
[PHASE-7] Implement integration tests 2025-08-23 09:37:43 +03:00			`}`