Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Header Value Too Many Content Type ITs #1505

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Fix Header Value Too Many Content Type ITs #1505

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
104433b
feat: try using thread safe Invocation.Builder
MiguelAHM Aug 6, 2024
bf5175a
Merge branch 'master' into fix-HeaderValue-Too-many-Content-Type
eshryane Aug 6, 2024
cd68cb0
Merge branch 'master' into fix-HeaderValue-Too-many-Content-Type
eshryane Aug 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 21 additions & 12 deletions whois-api/src/test/java/net/ripe/db/whois/api/rest/WhoisRestServiceDoSTestIntegration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,12 +182,14 @@ public void multiple_updates_per_second_then_429_too_many_requests() throws Inte
.post(Entity.entity(map(person), MediaType.APPLICATION_XML));
assertThat(HttpStatus.OK_200, is(response.getStatus()));

final Invocation.Builder updateRequest = RestTest.target(getPort(), "whois/test/person/PP1-TEST?clientIp=10.20.30.40&password=test").request();

// Simulate a DoS attack by sending many PUT requests in a short time
final Map<Integer, Integer> responsesCodesCount = IntStream.range(0, Integer.parseInt(dosUpdatesMaxSecs))
.mapToObj(updateCount -> updateRequest.put(Entity.entity(map(person), MediaType.APPLICATION_XML)))
.map(Response::getStatus)
.mapToObj(updateCount -> {
final Invocation.Builder updateRequest = RestTest.target(getPort(), "whois/test/person/PP1-TEST?clientIp=10.20.30.40&password=test")
.request(MediaType.APPLICATION_XML);

return updateRequest.put(Entity.entity(map(person), MediaType.APPLICATION_XML)).getStatus();
})
.collect(Collectors.groupingBy(
Function.identity(),
Collectors.collectingAndThen(
Expand All @@ -202,7 +204,9 @@ public void multiple_updates_per_second_then_429_too_many_requests() throws Inte
TimeUnit.SECONDS.sleep(SECONDS_NEEDED_TO_FREE_IP); // Free the IP after one second

//After a second, the user can perform more requests
final Response unLockedResponse = updateRequest.put(Entity.entity(map(person), MediaType.APPLICATION_XML));
final Response unLockedResponse = RestTest.target(getPort(), "whois/test/person/PP1-TEST?clientIp=10.20.30.40&password=test")
.request(MediaType.APPLICATION_XML)
.put(Entity.entity(map(person), MediaType.APPLICATION_XML));
assertThat(HttpStatus.OK_200, is(unLockedResponse.getStatus()));
}

Expand All @@ -223,13 +227,15 @@ public void multiple_async_updates_per_second_then_429_too_many_requests() throw
.post(Entity.entity(map(person), MediaType.APPLICATION_XML));
assertThat(HttpStatus.OK_200, is(response.getStatus()));

final Invocation.Builder updateRequest = RestTest.target(getPort(), "whois/test/person/PP1-TEST?clientIp=10.20.30.40&password=test").request();

// Simulate a DoS attack by sending many PUT requests in a short time asynchronously
final Map<Integer, Integer> responsesCodesCount = IntStream.range(0, Integer.parseInt(dosUpdatesMaxSecs))
.parallel()
.mapToObj(updateCount -> updateRequest.put(Entity.entity(map(person), MediaType.APPLICATION_XML)))
.map(Response::getStatus)
.mapToObj(updateCount -> {
final Invocation.Builder updateRequest = RestTest.target(getPort(), "whois/test/person/PP1-TEST?clientIp=10.20.30.40&password=test")
.request(MediaType.APPLICATION_XML);

return updateRequest.put(Entity.entity(map(person), MediaType.APPLICATION_XML)).getStatus();
})
.collect(Collectors.groupingBy(
Function.identity(),
Collectors.collectingAndThen(
Expand Down Expand Up @@ -268,12 +274,15 @@ public void multiple_updates_per_second_but_white_list_IP_then_200() {
.post(Entity.entity(map(person), MediaType.APPLICATION_XML));
assertThat(HttpStatus.OK_200, is(response.getStatus()));

final Invocation.Builder updateRequest = RestTest.target(getPort(), "whois/test/person/PP1-TEST?password=test").request();

// Simulate a DoS attack by sending many PUT requests in a short time
final Map<Integer, Integer> responsesCodesCount = IntStream.range(0, Integer.parseInt(dosUpdatesMaxSecs))
.mapToObj(updateCount -> updateRequest.put(Entity.entity(map(person), MediaType.APPLICATION_XML)))
.map(Response::getStatus)
.mapToObj(updateCount -> {
final Invocation.Builder updateRequest = RestTest.target(getPort(), "whois/test/person/PP1-TEST?password=test")
.request(MediaType.APPLICATION_XML);

return updateRequest.put(Entity.entity(map(person), MediaType.APPLICATION_XML)).getStatus();
})
.collect(Collectors.groupingBy(
Function.identity(),
Collectors.collectingAndThen(
Expand Down