coapum 0.2.0

A modern, ergonomic CoAP (Constrained Application Protocol) library for Rust with support for DTLS, observers, and asynchronous handlers
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373

//! Security-focused tests for the coapum CoAP library
//!
//! These tests validate security measures including payload size limits,
//! path validation, connection management, and injection attack prevention.

use coapum::{
    CoapRequest, ContentFormat, Packet,
    extract::{Cbor, FromRequest, Json},
    observer::memory::MemObserver,
    router::RouterBuilder,
};
use serde::{Deserialize, Serialize};
use std::net::{Ipv4Addr, SocketAddr, SocketAddrV4};

#[derive(Debug, Clone, Serialize, Deserialize)]
struct TestPayload {
    data: String,
}

fn create_test_request_with_payload(payload: Vec<u8>) -> coapum::router::CoapumRequest<SocketAddr> {
    let mut request = CoapRequest::from_packet(
        Packet::new(),
        SocketAddr::V4(SocketAddrV4::new(Ipv4Addr::new(127, 0, 0, 1), 0)),
    );
    request.message.payload = payload;
    request.into()
}

mod payload_security_tests {
    use super::*;

    #[tokio::test]
    async fn test_cbor_payload_at_size_limit() {
        // Create payload exactly at CBOR size limit (8192 bytes)
        let large_string = "A".repeat(8000); // Leave room for CBOR encoding overhead
        let test_data = TestPayload { data: large_string };

        let mut buffer = Vec::new();
        ciborium::ser::into_writer(&test_data, &mut buffer).unwrap();

        // Ensure we're at or near the limit but not over
        assert!(
            buffer.len() <= 8192,
            "Test payload should be within CBOR limit"
        );

        let mut req = create_test_request_with_payload(buffer);
        req.message
            .set_content_format(ContentFormat::ApplicationCBOR);

        let result = Cbor::<TestPayload>::from_request(&req, &()).await;
        assert!(result.is_ok(), "Should accept payload at size limit");
    }

    #[tokio::test]
    async fn test_cbor_payload_exceeds_size_limit() {
        // Create payload that exceeds CBOR size limit (8192 bytes)
        let oversized_payload = vec![0u8; 8193]; // 1 byte over limit

        let mut req = create_test_request_with_payload(oversized_payload);
        req.message
            .set_content_format(ContentFormat::ApplicationCBOR);

        let result = Cbor::<TestPayload>::from_request(&req, &()).await;
        assert!(result.is_err(), "Should reject payload over size limit");

        let error = result.unwrap_err();
        assert!(error.to_string().contains("Payload too large"));
    }

    #[tokio::test]
    async fn test_json_payload_at_size_limit() {
        // Create JSON payload at size limit (1MB)
        let large_string = "A".repeat(1_048_500); // Leave room for JSON structure
        let test_data = TestPayload { data: large_string };

        let payload = serde_json::to_vec(&test_data).unwrap();
        assert!(
            payload.len() <= 1_048_576,
            "Test payload should be within JSON limit"
        );

        let mut req = create_test_request_with_payload(payload);
        req.message
            .set_content_format(ContentFormat::ApplicationJSON);

        let result = Json::<TestPayload>::from_request(&req, &()).await;
        assert!(result.is_ok(), "Should accept JSON payload at size limit");
    }

    #[tokio::test]
    async fn test_json_payload_exceeds_size_limit() {
        // Create payload that exceeds JSON size limit (1MB)
        let oversized_payload = vec![0u8; 1_048_577]; // 1 byte over limit

        let mut req = create_test_request_with_payload(oversized_payload);
        req.message
            .set_content_format(ContentFormat::ApplicationJSON);

        let result = Json::<TestPayload>::from_request(&req, &()).await;
        assert!(
            result.is_err(),
            "Should reject JSON payload over size limit"
        );

        let error = result.unwrap_err();
        assert!(error.to_string().contains("Payload too large"));
    }

    #[tokio::test]
    async fn test_empty_payload_rejection() {
        let empty_payload = vec![];

        // Test CBOR empty payload
        let mut req = create_test_request_with_payload(empty_payload.clone());
        req.message
            .set_content_format(ContentFormat::ApplicationCBOR);

        let cbor_result = Cbor::<TestPayload>::from_request(&req, &()).await;
        assert!(cbor_result.is_err(), "CBOR should reject empty payload");
        assert!(
            cbor_result
                .unwrap_err()
                .to_string()
                .contains("Empty payload")
        );

        // Test JSON empty payload
        let mut req = create_test_request_with_payload(empty_payload);
        req.message
            .set_content_format(ContentFormat::ApplicationJSON);

        let json_result = Json::<TestPayload>::from_request(&req, &()).await;
        assert!(json_result.is_err(), "JSON should reject empty payload");
        assert!(
            json_result
                .unwrap_err()
                .to_string()
                .contains("Empty payload")
        );
    }

    #[tokio::test]
    async fn test_content_type_validation() {
        let test_data = TestPayload {
            data: "test".to_string(),
        };
        let payload = serde_json::to_vec(&test_data).unwrap();

        // Try to extract CBOR from JSON payload (wrong content type)
        let mut req = create_test_request_with_payload(payload);
        req.message
            .set_content_format(ContentFormat::ApplicationJSON);

        let result = Cbor::<TestPayload>::from_request(&req, &()).await;
        assert!(result.is_err(), "Should reject wrong content type");
        assert!(
            result
                .unwrap_err()
                .to_string()
                .contains("Expected CBOR content type")
        );
    }
}

mod path_validation_security_tests {

    // Note: validate_observer_path is a private function in serve.rs
    // These tests document expected behavior but can't test the function directly
    #[test]
    fn test_path_traversal_prevention_documentation() {
        // Test various path traversal attempts that should be rejected
        let traversal_attempts = vec![
            "../secrets",
            "data/../../../etc/passwd",
            "./../../config",
            "/data/../admin",
            "normal/../../../../../root",
            "data\\..\\windows\\system32",
        ];

        for malicious_path in traversal_attempts {
            // Document that these should be rejected by validate_observer_path
            assert!(
                malicious_path.contains("..")
                    || malicious_path.contains("./")
                    || malicious_path.contains("\\"),
                "Path {} contains dangerous patterns that should be rejected",
                malicious_path
            );
        }
    }

    #[test]
    fn test_invalid_characters_documentation() {
        let invalid_paths = vec![
            "/data/sensor@1",
            "/api/user#123",
            "/device/temp$",
            "/path with spaces",
            "/データ/センサー", // Unicode characters
            "/api/user;rm -rf /",
            "/data\x00null",
            "/path\r\ninjection",
        ];

        for invalid_path in invalid_paths {
            // Document that these contain invalid characters
            let has_invalid = !invalid_path
                .chars()
                .all(|c| c == '/' || c.is_ascii_alphanumeric() || c == '_' || c == '-');
            assert!(
                has_invalid,
                "Path {} should contain invalid characters",
                invalid_path
            );
        }
    }

    #[test]
    fn test_valid_path_patterns() {
        let valid_paths = vec![
            "/api/sensors",
            "/device_123/temperature",
            "/data-source/readings",
            "/sensors/device_1/temp",
        ];

        for valid_path in valid_paths {
            // Test that these paths contain only valid characters
            let components: Vec<&str> = valid_path.split('/').filter(|s| !s.is_empty()).collect();

            for component in &components {
                assert!(
                    component
                        .chars()
                        .all(|c| c.is_ascii_alphanumeric() || c == '_' || c == '-'),
                    "Component '{}' should contain only valid characters",
                    component
                );
            }

            // Test path depth (should be reasonable)
            assert!(
                components.len() <= 10,
                "Path {} should not be too deep (max 10 components)",
                valid_path
            );
        }
    }
}

mod connection_security_tests {

    #[test]
    fn test_identity_sanitization() {
        // These tests would need access to the identity sanitization logic in serve.rs
        // For now, we document the expected behavior

        let test_cases = vec![
            ("normal_client", true),
            ("client-123", true),
            ("client.domain.com", true),
            ("", false),                         // Empty should be rejected
            ("client@domain", false),            // @ should be filtered out
            ("client;DROP TABLE users;", false), // SQL injection attempt
            ("client\x00null", false),           // Null byte injection
            ("", false),                         // Empty should be rejected
        ];

        // This test documents expected behavior - actual implementation would need
        // the identity sanitization function extracted for unit testing
        for (identity, should_be_valid) in test_cases {
            // In real implementation, this would test the sanitization function
            assert!(
                identity.len() <= 256,
                "Identity length validation: {}",
                identity
            );

            if should_be_valid {
                assert!(
                    identity
                        .chars()
                        .all(|c| c.is_ascii_alphanumeric() || c == '_' || c == '-' || c == '.'),
                    "Identity should contain only safe characters: {}",
                    identity
                );
            }
        }
    }
}

mod integration_security_tests {
    use super::*;
    use tower::Service;

    // Handler that always returns success for testing
    async fn dummy_handler() -> coapum::extract::StatusCode {
        coapum::extract::StatusCode::Content
    }

    #[tokio::test]
    async fn test_router_security_with_malicious_paths() {
        let observer = MemObserver::new();
        let mut router = RouterBuilder::new((), observer)
            .get("/api/data", dummy_handler)
            .build();

        // Test that malicious paths don't crash the router
        let malicious_paths = vec![
            "/../../../etc/passwd",
            "/api/../admin",
            "/data\x00injection",
            "/very/deep/path/that/exceeds/normal/limits/component/component/component/component",
        ];

        for malicious_path in malicious_paths {
            let mut request = CoapRequest::from_packet(
                Packet::new(),
                SocketAddr::V4(SocketAddrV4::new(Ipv4Addr::new(127, 0, 0, 1), 0)),
            );
            request.set_path(malicious_path);

            let request: coapum::router::CoapumRequest<SocketAddr> = request.into();

            // Router should handle malicious paths gracefully (not panic)
            let result = router.call(request).await;
            // We don't care about the specific response, just that it doesn't crash
            assert!(
                result.is_ok() || result.is_err(),
                "Router should handle malicious paths gracefully"
            );
        }
    }

    #[tokio::test]
    async fn test_concurrent_security_requests() {
        let observer = MemObserver::new();
        let router = RouterBuilder::new((), observer)
            .get("/api/test", dummy_handler)
            .build();

        // Test concurrent requests with various payloads
        let mut handles = vec![];

        for i in 0..5 {
            // Reduced to 5 for faster testing
            let router_clone = router.clone();
            let handle = tokio::spawn(async move {
                let oversized_payload = vec![0u8; 1_000]; // Smaller payload for testing

                let mut request = CoapRequest::from_packet(
                    Packet::new(),
                    SocketAddr::V4(SocketAddrV4::new(Ipv4Addr::new(127, 0, 0, 1), 8000 + i)),
                );
                request.set_path("/api/test");
                request.message.payload = oversized_payload;

                let request: coapum::router::CoapumRequest<SocketAddr> = request.into();
                let mut router_mut = router_clone;
                router_mut.call(request).await
            });
            handles.push(handle);
        }

        // Wait for all concurrent requests
        for handle in handles {
            let result = handle.await;
            assert!(result.is_ok(), "Concurrent request task should complete");
        }
    }
}