dist_agent_lang 1.0.21

Agentic programming with library and CLI support for Off/On-chain network integration
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

// Security Integration Tests
// Tests for security middleware and FFI security integration

use dist_agent_lang::ffi::security::{FFIInputValidator, FFIResourceLimits};
use dist_agent_lang::http_server_security::{
    InputValidator, RateLimiter, RequestSizeLimiter, SecurityLogger,
};
use std::net::IpAddr;

/// Test: Rate limiter should reject excessive requests
#[tokio::test]
async fn test_rate_limiter_rejects_excessive_requests() {
    let limiter = RateLimiter::new(5, 60); // 5 requests per minute
    let ip: IpAddr = "127.0.0.1".parse().unwrap();

    // Make 5 requests - should all succeed
    for _ in 0..5 {
        assert!(limiter.check_rate_limit(ip).await.is_ok());
    }

    // 6th request should fail
    assert!(limiter.check_rate_limit(ip).await.is_err());
}

/// Test: Request size limiter should reject oversized requests
#[test]
fn test_request_size_limiter() {
    use axum::http::HeaderMap;

    let limiter = RequestSizeLimiter::default();

    // Valid request
    let mut headers = HeaderMap::new();
    headers.insert("Content-Length", "1000".parse().unwrap());
    assert!(limiter.validate_request(&headers, 1000, 100).is_ok());

    // Oversized body
    assert!(limiter.validate_request(&headers, 2_000_000, 100).is_err());

    // Oversized URL
    assert!(limiter.validate_request(&headers, 1000, 3_000).is_err());
}

/// Test: Input validator should reject SQL injection patterns
#[test]
fn test_input_validator_sql_injection() {
    let sql_injections = vec![
        "'; DROP TABLE users; --",
        "\"; DELETE FROM users; --",
        "admin' OR '1'='1",
        "'; EXEC xp_cmdshell('dir'); --",
    ];

    for injection in sql_injections {
        assert!(InputValidator::validate_string(injection, 1000).is_err());
    }
}

/// Test: Input validator should reject XSS patterns
#[test]
fn test_input_validator_xss() {
    let xss_patterns = vec![
        "<script>alert('XSS')</script>",
        "javascript:alert('XSS')",
        "<img src=x onerror=alert('XSS')>",
        "eval('malicious code')",
    ];

    for pattern in xss_patterns {
        assert!(InputValidator::validate_string(pattern, 1000).is_err());
    }
}

/// Test: Input validator should accept valid addresses
#[test]
fn test_input_validator_address() {
    // Valid Ethereum address: 0x + 40 hex chars = 42 total chars
    let valid_address = "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0";
    assert!(InputValidator::validate_address(valid_address).is_ok());

    let invalid_addresses = vec![
        "0x123",                                      // Too short
        "742d35Cc6634C0532925a3b844Bc9e7595f0bEb",    // Missing 0x
        "0xGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG", // Invalid hex
    ];

    for addr in invalid_addresses {
        assert!(InputValidator::validate_address(addr).is_err());
    }
}

/// Test: FFI input validator should reject oversized inputs
#[test]
fn test_ffi_input_validator_size() {
    let limits = FFIResourceLimits::default();

    // Valid input
    let valid_input = "x".repeat(1_000_000);
    assert!(FFIInputValidator::validate_source(&valid_input, &limits).is_ok());

    // Oversized input
    let oversized_input = "x".repeat(11_000_000);
    assert!(FFIInputValidator::validate_source(&oversized_input, &limits).is_err());
}

/// Test: FFI input validator should reject null bytes
#[test]
fn test_ffi_input_validator_null_bytes() {
    let limits = FFIResourceLimits::default();
    let input_with_null = "valid code\0malicious code";

    assert!(FFIInputValidator::validate_source(input_with_null, &limits).is_err());
}

/// Test: FFI input validator should reject extremely long lines
#[test]
fn test_ffi_input_validator_long_lines() {
    let limits = FFIResourceLimits::default();
    let long_line = "x".repeat(2_000_000);

    assert!(FFIInputValidator::validate_source(&long_line, &limits).is_err());
}

/// Test: Security logger should log events
#[test]
fn test_security_logger() {
    // This test just verifies the logger doesn't panic
    SecurityLogger::log_event("TEST", "Test event", Some("127.0.0.1"));
    SecurityLogger::log_rate_limit("127.0.0.1");
    SecurityLogger::log_auth_failure("127.0.0.1", "Invalid token");
    SecurityLogger::log_invalid_input("127.0.0.1", "SQL injection attempt");
}

/// Test: Input sanitization should remove dangerous characters
#[test]
fn test_input_sanitization() {
    let dangerous = "test<script>alert('xss')</script>test";
    let sanitized = InputValidator::sanitize_string(dangerous);

    // Should remove script tags
    assert!(!sanitized.contains("<script>"));
}

/// Test: FFI input sanitization should remove null bytes
#[test]
fn test_ffi_input_sanitization() {
    let with_null = "test\0null\0bytes";
    let sanitized = FFIInputValidator::sanitize_string(with_null);

    assert!(!sanitized.contains('\0'));
    assert_eq!(sanitized, "testnullbytes");
}