Add comprehensive security tests for quota management and relay functionality

- Introduced `relay_dual_lock_race_harness_security_tests.rs` to validate user liveness during lock hold and release cycles. - Added `relay_quota_extended_attack_surface_security_tests.rs` to cover various quota scenarios including positive, negative, edge cases, and adversarial conditions. - Implemented `relay_quota_lock_eviction_lifecycle_tdd_tests.rs` to ensure proper eviction of stale entries and lifecycle management of quota locks. - Created `relay_quota_lock_eviction_stress_security_tests.rs` to stress test the eviction mechanism under high churn conditions. - Enhanced `relay_quota_lock_pressure_adversarial_tests.rs` to verify reclaiming of unreferenced entries after explicit eviction. - Developed `relay_quota_retry_allocation_latency_security_tests.rs` to benchmark and validate latency and allocation behavior under contention.
2026-06-20 02:00:09 +07:00 · 2026-03-23 12:04:41 +04:00
parent 91be148b72
commit 6f17d4d231
42 changed files with 6774 additions and 178 deletions
@@ -12,71 +12,77 @@ fn closed_local_port() -> u16 {
    port
 }

-#[test]
-fn self_target_detection_matches_literal_ipv4_listener() {
+#[tokio::test]
+async fn self_target_detection_matches_literal_ipv4_listener() {
    let local: SocketAddr = "198.51.100.40:443".parse().unwrap();
-    assert!(is_mask_target_local_listener(
+    assert!(is_mask_target_local_listener_async(
        "198.51.100.40",
        443,
        local,
        None,
-    ));
+    )
+    .await);
 }

-#[test]
-fn self_target_detection_matches_bracketed_ipv6_listener() {
+#[tokio::test]
+async fn self_target_detection_matches_bracketed_ipv6_listener() {
    let local: SocketAddr = "[2001:db8::44]:8443".parse().unwrap();
-    assert!(is_mask_target_local_listener(
+    assert!(is_mask_target_local_listener_async(
        "[2001:db8::44]",
        8443,
        local,
        None,
-    ));
+    )
+    .await);
 }

-#[test]
-fn self_target_detection_keeps_same_ip_different_port_forwardable() {
+#[tokio::test]
+async fn self_target_detection_keeps_same_ip_different_port_forwardable() {
    let local: SocketAddr = "203.0.113.44:443".parse().unwrap();
-    assert!(!is_mask_target_local_listener(
+    assert!(!is_mask_target_local_listener_async(
        "203.0.113.44",
        8443,
        local,
        None,
-    ));
+    )
+    .await);
 }

-#[test]
-fn self_target_detection_normalizes_ipv4_mapped_ipv6_literal() {
+#[tokio::test]
+async fn self_target_detection_normalizes_ipv4_mapped_ipv6_literal() {
    let local: SocketAddr = "127.0.0.1:443".parse().unwrap();
-    assert!(is_mask_target_local_listener(
+    assert!(is_mask_target_local_listener_async(
        "::ffff:127.0.0.1",
        443,
        local,
        None,
-    ));
+    )
+    .await);
 }

-#[test]
-fn self_target_detection_unspecified_bind_blocks_loopback_target() {
+#[tokio::test]
+async fn self_target_detection_unspecified_bind_blocks_loopback_target() {
    let local: SocketAddr = "0.0.0.0:443".parse().unwrap();
-    assert!(is_mask_target_local_listener(
+    assert!(is_mask_target_local_listener_async(
        "127.0.0.1",
        443,
        local,
        None,
-    ));
+    )
+    .await);
 }

-#[test]
-fn self_target_detection_unspecified_bind_keeps_remote_target_forwardable() {
+#[tokio::test]
+async fn self_target_detection_unspecified_bind_keeps_remote_target_forwardable() {
    let local: SocketAddr = "0.0.0.0:443".parse().unwrap();
    let remote: SocketAddr = "198.51.100.44:443".parse().unwrap();
-    assert!(!is_mask_target_local_listener(
+    assert!(!is_mask_target_local_listener_async(
        "mask.example",
        443,
        local,
        Some(remote),
-    ));
+    )
+    .await);
 }

 #[tokio::test]