2022-01-20 23:46:13 +00:00
|
|
|
package middlewares
|
|
|
|
|
|
|
|
import (
|
2023-03-01 23:38:56 +00:00
|
|
|
"fmt"
|
2022-01-20 23:46:13 +00:00
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestTimingAttackDelayAverages(t *testing.T) {
|
2023-03-01 23:38:56 +00:00
|
|
|
delayer := NewTimingAttackDelayer("test", time.Second, time.Millisecond*250, time.Millisecond*85, 10)
|
|
|
|
// func movingAverageIteration(value time.Duration, history int, successful bool, cursor *int, movingAvg *[]time.Duration, mutex sync.Locker) f
|
|
|
|
|
|
|
|
expected := float64(1000)
|
|
|
|
|
|
|
|
elapsedDurations := []time.Duration{
|
|
|
|
time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500,
|
|
|
|
time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500,
|
2022-01-20 23:46:13 +00:00
|
|
|
time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500,
|
|
|
|
time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500,
|
|
|
|
time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500,
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:38:56 +00:00
|
|
|
// Execute at 500ms.
|
|
|
|
for i, have := range elapsedDurations {
|
|
|
|
t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {
|
|
|
|
if i == 0 {
|
|
|
|
assert.Equal(t, expected, delayer.avg(have, false))
|
|
|
|
} else {
|
|
|
|
assert.Equal(t, expected, delayer.avg(have, true))
|
2022-01-20 23:46:13 +00:00
|
|
|
|
2023-03-01 23:38:56 +00:00
|
|
|
// Should not dip below 500, and should decrease in value by 50 each iteration where it was successful.
|
|
|
|
if expected > 500 {
|
|
|
|
expected -= 50
|
|
|
|
}
|
|
|
|
}
|
|
|
|
})
|
2022-01-20 23:46:13 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestTimingAttackDelayCalculations(t *testing.T) {
|
2023-03-01 23:38:56 +00:00
|
|
|
min := time.Millisecond * 250
|
|
|
|
max := time.Millisecond * 85
|
|
|
|
avg := time.Second
|
|
|
|
|
|
|
|
delayer := NewTimingAttackDelayer("test", avg, min, max, 10)
|
|
|
|
elapsed := 500 * time.Millisecond
|
|
|
|
|
|
|
|
expectedMin := avg - elapsed
|
2022-01-20 23:46:13 +00:00
|
|
|
|
|
|
|
for i := 0; i < 100; i++ {
|
2023-03-01 23:38:56 +00:00
|
|
|
delay := delayer.actual(elapsed, delayer.avg(elapsed, false), false)
|
|
|
|
assert.GreaterOrEqual(t, delay, expectedMin)
|
|
|
|
assert.LessOrEqual(t, delay, expectedMin+max)
|
2022-01-20 23:46:13 +00:00
|
|
|
}
|
|
|
|
|
2023-03-01 23:38:56 +00:00
|
|
|
elapsed = time.Millisecond * 5
|
|
|
|
avg = time.Millisecond * 5
|
|
|
|
|
|
|
|
expectedMin = min - elapsed
|
|
|
|
|
|
|
|
delayer = NewTimingAttackDelayer("test", avg, min, max, 10)
|
2022-01-20 23:46:13 +00:00
|
|
|
|
|
|
|
for i := 0; i < 100; i++ {
|
2023-03-01 23:38:56 +00:00
|
|
|
delay := delayer.actual(elapsed, delayer.avg(elapsed, false), false)
|
|
|
|
assert.GreaterOrEqual(t, delay, expectedMin)
|
|
|
|
assert.LessOrEqual(t, delay, expectedMin+max)
|
2022-01-20 23:46:13 +00:00
|
|
|
}
|
|
|
|
}
|
2023-03-01 23:38:56 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
|
|
*/
|