package integration import ( "net" "testing" "time" "hash-of-wisdom/internal/protocol" "hash-of-wisdom/internal/server" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) func TestSlowlorisProtection_SlowReader(t *testing.T) { // Setup server with very short read timeout for testing config := server.DefaultConfig() config.Address = ":0" config.Timeouts.Read = 100 * time.Millisecond config.Timeouts.Write = 5 * time.Second config.Timeouts.Connection = 15 * time.Second srv := setupTestServerWithConfig(t, config) defer srv.Stop() // Connect to server conn, err := net.Dial("tcp", srv.Address()) require.NoError(t, err) defer conn.Close() // Send partial message header very slowly (slowloris attack) _, err = conn.Write([]byte{0x01}) // Challenge request type require.NoError(t, err) // Wait longer than read timeout before sending length time.Sleep(200 * time.Millisecond) // Try to send more data - connection should be timed out _, err = conn.Write([]byte{0x00, 0x00, 0x00, 0x00}) // Payload length // Verify connection is closed by trying to read buffer := make([]byte, 1024) conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond)) _, err = conn.Read(buffer) assert.Error(t, err, "Connection should be closed due to slow reading") } func TestSlowlorisProtection_SlowWriter(t *testing.T) { // Setup server with very short write timeout for testing config := server.DefaultConfig() config.Address = ":0" config.Timeouts.Read = 5 * time.Second config.Timeouts.Write = 100 * time.Millisecond config.Timeouts.Connection = 15 * time.Second srv := setupTestServerWithConfig(t, config) defer srv.Stop() // Connect to server but don't read responses (simulate slow writer client) conn, err := net.Dial("tcp", srv.Address()) require.NoError(t, err) defer conn.Close() // Send a complete challenge request challengeReq := &protocol.ChallengeRequest{} err = challengeReq.Encode(conn) require.NoError(t, err) // Don't read the response to simulate slow writer // Server should timeout when trying to write response time.Sleep(200 * time.Millisecond) // Try to send another request - connection should be closed err = challengeReq.Encode(conn) assert.Error(t, err, "Connection should be closed due to slow writing") } func TestSlowlorisProtection_ConnectionTimeout(t *testing.T) { // Setup server with very short connection timeout config := server.DefaultConfig() config.Address = ":0" config.Timeouts.Read = 5 * time.Second config.Timeouts.Write = 5 * time.Second config.Timeouts.Connection = 100 * time.Millisecond srv := setupTestServerWithConfig(t, config) defer srv.Stop() // Connect to server conn, err := net.Dial("tcp", srv.Address()) require.NoError(t, err) defer conn.Close() // Wait longer than connection timeout without sending any data time.Sleep(200 * time.Millisecond) // Try to read from connection - should get EOF or connection reset buffer := make([]byte, 1024) conn.SetReadDeadline(time.Now().Add(100 * time.Millisecond)) _, err = conn.Read(buffer) assert.Error(t, err, "Connection should be closed due to connection timeout") } func TestSlowlorisProtection_MultipleSlowConnections(t *testing.T) { // Setup server with short timeouts config := server.DefaultConfig() config.Address = ":0" config.Timeouts.Read = 50 * time.Millisecond config.Timeouts.Write = 50 * time.Millisecond config.Timeouts.Connection = 200 * time.Millisecond srv := setupTestServerWithConfig(t, config) defer srv.Stop() // Create multiple slow connections (simulating slowloris attack) var conns []net.Conn for i := 0; i < 3; i++ { conn, err := net.Dial("tcp", srv.Address()) require.NoError(t, err) conns = append(conns, conn) // Send partial data to trigger slow reader behavior _, err = conn.Write([]byte{0x01}) // Just message type require.NoError(t, err) } // Clean up connections defer func() { for _, conn := range conns { conn.Close() } }() // Wait for read timeouts to kick in time.Sleep(100 * time.Millisecond) // Verify slow connections are closed by trying to read from them for i, conn := range conns { buffer := make([]byte, 1024) conn.SetReadDeadline(time.Now().Add(50 * time.Millisecond)) _, err := conn.Read(buffer) assert.Error(t, err, "Slow connection %d should be closed", i) } } func TestSlowlorisProtection_NormalOperationWithinTimeouts(t *testing.T) { // Setup server with reasonable timeouts config := server.DefaultConfig() config.Address = ":0" srv := setupTestServerWithConfig(t, config) defer srv.Stop() // Connect and complete normal flow quickly conn, err := net.Dial("tcp", srv.Address()) require.NoError(t, err) defer conn.Close() // Request challenge challengeReq := &protocol.ChallengeRequest{} err = challengeReq.Encode(conn) require.NoError(t, err) // Should receive challenge response without timeout decoder := protocol.NewMessageDecoder() msg, err := decoder.Decode(conn) require.NoError(t, err) assert.Equal(t, protocol.ChallengeResponseType, msg.Type) assert.Greater(t, msg.PayloadLength, uint32(0), "Challenge payload should not be empty") } func TestSlowlorisProtection_PartialHeaderAttack(t *testing.T) { // Setup server with short read timeout config := server.DefaultConfig() config.Address = ":0" config.Timeouts.Read = 100 * time.Millisecond srv := setupTestServerWithConfig(t, config) defer srv.Stop() // Connect to server conn, err := net.Dial("tcp", srv.Address()) require.NoError(t, err) defer conn.Close() // Send only message type byte, then stall _, err = conn.Write([]byte{0x01}) require.NoError(t, err) // Wait for read timeout time.Sleep(200 * time.Millisecond) // Try to read from connection - should be closed buffer := make([]byte, 1024) conn.SetReadDeadline(time.Now().Add(100 * time.Millisecond)) _, err = conn.Read(buffer) assert.Error(t, err, "Connection should be closed due to partial header") }