From 9065c4daee77f7c59a2d6c2cbb29736d715f4d95 Mon Sep 17 00:00:00 2001 From: Sean Owen Date: Tue, 24 Jul 2018 08:20:41 -0500 Subject: [PATCH] Improve DoS test case to be more robust to timing --- .../com/google/zxing/web/DoSTrackerTestCase.java | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/zxingorg/src/test/java/com/google/zxing/web/DoSTrackerTestCase.java b/zxingorg/src/test/java/com/google/zxing/web/DoSTrackerTestCase.java index 95a87d1f2..b16800121 100644 --- a/zxingorg/src/test/java/com/google/zxing/web/DoSTrackerTestCase.java +++ b/zxingorg/src/test/java/com/google/zxing/web/DoSTrackerTestCase.java @@ -31,26 +31,30 @@ public final class DoSTrackerTestCase extends Assert { Timer timer = new Timer(); long timerTimeMS = 200; DoSTracker tracker = new DoSTracker(timer, 2, timerTimeMS, 3); + + // 2 requests allowed per time; 3rd should be banned assertFalse(tracker.isBanned("A")); assertFalse(tracker.isBanned("A")); assertTrue(tracker.isBanned("A")); + // After max 3 others are tracked, A should be reset/evicted and un-ban assertFalse(tracker.isBanned("B")); assertFalse(tracker.isBanned("C")); assertFalse(tracker.isBanned("D")); assertFalse(tracker.isBanned("A")); + // After building up a ban again, and letting plenty of time elapse, should un-ban assertFalse(tracker.isBanned("A")); assertTrue(tracker.isBanned("A")); Thread.sleep(timerTimeMS * 3); assertFalse(tracker.isBanned("A")); assertFalse(tracker.isBanned("A")); - assertTrue(tracker.isBanned("A")); - assertTrue(tracker.isBanned("A")); - assertTrue(tracker.isBanned("A")); - assertTrue(tracker.isBanned("A")); - assertTrue(tracker.isBanned("A")); + // Build up a lot of hits + for (int i = 0; i < 10; i++) { + assertTrue(tracker.isBanned("A")); + } + // After one interval, should still have enough hits to be banned Thread.sleep(timerTimeMS * 2); assertTrue(tracker.isBanned("A")); }