bssh 0.7.0

Parallel SSH command execution tool for cluster management
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277

// Copyright 2025 Lablup Inc. and Jeongkyu Shin
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

//! Integration tests for environment variable caching in path expansion

use crate::ssh::ssh_config::env_cache::{EnvCacheConfig, EnvironmentCache, GLOBAL_ENV_CACHE};
use crate::ssh::ssh_config::path::expand_path_internal;
use std::time::{Duration, Instant};

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_path_expansion_uses_cache() {
        // Clear the global cache to start fresh
        GLOBAL_ENV_CACHE.clear();

        // Test path with environment variable
        let test_path = "~/.ssh/config_${USER}_test";

        // First expansion - should be a cache miss
        let start = Instant::now();
        let result1 = expand_path_internal(test_path);
        let first_duration = start.elapsed();

        // Second expansion - should be a cache hit (faster)
        let start = Instant::now();
        let result2 = expand_path_internal(test_path);
        let second_duration = start.elapsed();

        // Both should succeed
        assert!(result1.is_ok());
        assert!(result2.is_ok());

        // Results should be identical
        let path1 = result1.unwrap();
        let path2 = result2.unwrap();
        assert_eq!(path1, path2);

        // Check cache statistics
        let stats = GLOBAL_ENV_CACHE.stats();
        assert!(
            stats.hits > 0 || stats.misses > 0,
            "Cache should have been accessed"
        );

        // In most cases, second access should be faster due to caching
        // Note: This is not guaranteed due to system variability, so we just log it
        println!(
            "First expansion took: {first_duration:?}, Second expansion took: {second_duration:?}"
        );
        println!("Cache stats: hits={}, misses={}", stats.hits, stats.misses);
    }

    #[test]
    fn test_path_expansion_with_multiple_variables() {
        // Clear cache
        GLOBAL_ENV_CACHE.clear();

        // Path with multiple environment variables
        let test_path = "${HOME}/.ssh/${USER}_config";

        let result = expand_path_internal(test_path);
        assert!(result.is_ok());

        let expanded = result.unwrap();
        let path_str = expanded.to_string_lossy();

        // Should not contain unexpanded variables
        assert!(!path_str.contains("${HOME}"));
        assert!(!path_str.contains("${USER}"));

        // Should contain actual paths
        if let Ok(Some(home)) = GLOBAL_ENV_CACHE.get_env_var("HOME") {
            assert!(path_str.contains(&home));
        }

        let stats = GLOBAL_ENV_CACHE.stats();
        println!(
            "Multi-variable expansion cache stats: hits={}, misses={}",
            stats.hits, stats.misses
        );
    }

    #[test]
    fn test_path_expansion_security_with_unsafe_variables() {
        // Clear cache
        GLOBAL_ENV_CACHE.clear();

        // Path with unsafe environment variable (should not be expanded)
        let test_path = "${PATH}/some/binary";

        let result = expand_path_internal(test_path);
        // Note: This should succeed but not expand the unsafe variable
        match result {
            Ok(_) => {} // Good, continue with checking the expansion
            Err(e) => {
                println!("Error in path expansion: {e}");
                // If it fails because of security violation, that's expected behavior for dangerous variables
                if e.to_string().contains("security violation")
                    || e.to_string().contains("Security violation")
                {
                    println!(
                        "Path expansion correctly rejected unsafe variable (expected behavior)"
                    );

                    // Check that cache wasn't accessed for unsafe variables
                    let stats = GLOBAL_ENV_CACHE.stats();
                    println!(
                        "Cache stats for rejected unsafe variable: hits={}, misses={}",
                        stats.hits, stats.misses
                    );
                    return; // Exit test early, this is the expected/secure behavior
                } else {
                    panic!("Unexpected error in path expansion: {e}");
                }
            }
        }

        let expanded = result.unwrap();
        let path_str = expanded.to_string_lossy();

        // PATH should not be expanded (should remain as literal text or become empty)
        // The current implementation leaves ${VAR} as-is for unsafe variables in braced form
        assert!(
            path_str.contains("${PATH}") || path_str == "/some/binary",
            "Unsafe variable should not be expanded: {path_str}"
        );

        let stats = GLOBAL_ENV_CACHE.stats();
        println!(
            "Unsafe variable expansion cache stats: hits={}, misses={}",
            stats.hits, stats.misses
        );
    }

    #[test]
    fn test_cache_performance_improvement() {
        // Create a cache with very short TTL for testing
        let cache_config = EnvCacheConfig {
            ttl: Duration::from_secs(10),
            enabled: true,
            max_entries: 10,
        };
        let cache = EnvironmentCache::with_config(cache_config);

        // Warm up the cache
        let _ = cache.get_env_var("HOME");
        let _ = cache.get_env_var("USER");

        // Test multiple accesses
        let mut total_cached_time = Duration::new(0, 0);
        let iterations = 100;

        for _ in 0..iterations {
            let start = Instant::now();
            let _ = cache.get_env_var("HOME");
            let _ = cache.get_env_var("USER");
            total_cached_time += start.elapsed();
        }

        let avg_cached_time = total_cached_time / iterations;

        println!("Average cached access time: {avg_cached_time:?}");

        let stats = cache.stats();
        println!(
            "Performance test cache stats: hits={}, misses={}, hit_rate={:.2}%",
            stats.hits,
            stats.misses,
            stats.hit_rate() * 100.0
        );

        // We expect most accesses to be cache hits
        assert!(stats.hit_rate() > 0.8, "Cache hit rate should be > 80%");
    }

    #[test]
    fn test_cache_with_nonexistent_variable() {
        let cache = EnvironmentCache::new();

        // Try to get a safe variable that doesn't exist
        let result = cache.get_env_var("USER_NONEXISTENT_12345");
        assert!(result.is_ok());
        assert_eq!(result.unwrap(), None);

        // Second access should also return None (but from cache)
        let result2 = cache.get_env_var("USER_NONEXISTENT_12345");
        assert!(result2.is_ok());
        assert_eq!(result2.unwrap(), None);

        let stats = cache.stats();
        // Note: For non-whitelisted variables, we don't access the cache,
        // so we need to test with a whitelisted variable that doesn't exist
        // Let's try with a backup test using a definitely safe variable
        if stats.hits + stats.misses == 0 {
            // Try with HOME which should be whitelisted
            let _result = cache.get_env_var("HOME");
            let updated_stats = cache.stats();
            assert!(
                updated_stats.hits + updated_stats.misses > 0,
                "Cache should have been accessed for safe variables"
            );
        } else {
            assert!(
                stats.hits + stats.misses > 0,
                "Cache should have been accessed"
            );
        }
    }

    #[test]
    fn test_cache_ttl_behavior() {
        // Create cache with very short TTL
        let config = EnvCacheConfig {
            ttl: Duration::from_millis(50),
            enabled: true,
            max_entries: 10,
        };
        let cache = EnvironmentCache::with_config(config);

        // Use a custom environment variable for testing to avoid conflicts with other tests
        // that might modify HOME
        let test_var = "BSSH_TEST_CACHE_VAR";
        std::env::set_var(test_var, "test_value_12345");

        // Add test variable to safe list for this test
        // Since we can't modify the safe list at runtime, we'll use USER which is safe
        // and less likely to be modified by other tests than HOME
        let var_to_test = "USER";

        // Get a variable (cache miss)
        let result1 = cache.get_env_var(var_to_test);
        assert!(result1.is_ok());
        let initial_stats = cache.stats();

        // Immediately get it again (cache hit)
        let result2 = cache.get_env_var(var_to_test);
        assert!(result2.is_ok());
        assert_eq!(result1.as_ref().unwrap(), result2.as_ref().unwrap());

        // Check that we got a cache hit
        let stats_after_hit = cache.stats();
        assert!(
            stats_after_hit.hits > initial_stats.hits,
            "Should have cache hits"
        );

        // Wait for TTL to expire
        std::thread::sleep(Duration::from_millis(100));

        // Should be cache miss again due to TTL expiration
        let result3 = cache.get_env_var(var_to_test);
        assert!(result3.is_ok());

        // Note: We don't assert the values are equal because in parallel test execution,
        // environment variables might change. Instead, we verify the cache mechanics work.

        let final_stats = cache.stats();
        assert!(final_stats.ttl_evictions > 0, "Should have TTL evictions");

        // Clean up test variable
        std::env::remove_var(test_var);
    }
}