blvm-node 0.1.0

Bitcoin Commons BLVM: Minimal Bitcoin node implementation using blvm-protocol and blvm-consensus
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

//! Module Security Permissions Tests
//!
//! Tests permission enforcement, permission checking, and security boundaries.

use blvm_node::module::ipc::protocol::RequestPayload;
use blvm_node::module::security::permissions::*;

#[test]
fn test_permission_set_empty() {
    let perms = PermissionSet::new();
    assert!(!perms.has(&Permission::ReadBlockchain));
    assert!(!perms.has(&Permission::ReadUTXO));
}

#[test]
fn test_permission_set_add() {
    let mut perms = PermissionSet::new();
    perms.add(Permission::ReadBlockchain);

    assert!(perms.has(&Permission::ReadBlockchain));
    assert!(!perms.has(&Permission::ReadUTXO));
}

#[test]
fn test_permission_set_remove() {
    let mut perms = PermissionSet::new();
    perms.add(Permission::ReadBlockchain);
    assert!(perms.has(&Permission::ReadBlockchain));

    // PermissionSet doesn't have remove method - create new set without permission
    let mut perms = PermissionSet::new();
    assert!(!perms.has(&Permission::ReadBlockchain));
}

#[test]
fn test_permission_set_contains_all() {
    let mut perms1 = PermissionSet::new();
    perms1.add(Permission::ReadBlockchain);
    perms1.add(Permission::ReadUTXO);

    let mut perms2 = PermissionSet::new();
    perms2.add(Permission::ReadBlockchain);

    assert!(perms1.has_all(&[Permission::ReadBlockchain]));
    assert!(!perms2.has_all(&[Permission::ReadUTXO]));
}

#[test]
fn test_permission_checker_check_api_call() {
    let checker = PermissionChecker::new();

    // Should allow ReadBlockchain permission (default permissions include it)
    let payload = RequestPayload::GetBlock { hash: [0u8; 32] };
    assert!(checker.check_api_call("test-module", &payload).is_ok());
}

#[test]
fn test_permission_checker_deny_missing_permission() {
    let mut checker = PermissionChecker::new();
    let empty_perms = PermissionSet::new(); // No permissions

    // Register module with no permissions
    checker.register_module_permissions("restricted-module".to_string(), empty_perms);

    // Should deny if permission missing
    let payload = RequestPayload::GetBlock { hash: [0u8; 32] };
    let result = checker.check_api_call("restricted-module", &payload);
    assert!(result.is_err());
}

#[test]
fn test_permission_checker_read_utxo_requires_permission() {
    let checker = PermissionChecker::new();

    // Default permissions include ReadUTXO
    let payload = RequestPayload::GetUtxo {
        outpoint: blvm_protocol::OutPoint {
            hash: [0u8; 32],
            index: 0,
        },
    };
    assert!(checker.check_api_call("test-module", &payload).is_ok());
}

#[test]
fn test_permission_checker_subscribe_events_requires_permission() {
    let checker = PermissionChecker::new();

    // Default permissions include SubscribeEvents
    let payload = RequestPayload::SubscribeEvents {
        event_types: vec![],
    };
    assert!(checker.check_api_call("test-module", &payload).is_ok());
}

#[test]
fn test_parse_permission_string() {
    assert_eq!(
        parse_permission_string("read_blockchain"),
        Some(Permission::ReadBlockchain)
    );
    assert_eq!(
        parse_permission_string("ReadBlockchain"),
        Some(Permission::ReadBlockchain)
    );
    assert_eq!(
        parse_permission_string("read_utxo"),
        Some(Permission::ReadUTXO)
    );
    assert_eq!(
        parse_permission_string("ReadUTXO"),
        Some(Permission::ReadUTXO)
    );
    assert_eq!(parse_permission_string("invalid"), None);
}