laantungir/c-relay
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 7 Wiki Activity

v0.7.10 - Fixed api errors in accepting : in subscriptions

Browse Source
This commit is contained in:
Your Name
2025-10-12 10:31:03 -04:00
parent b27a56a296
commit 34bb1c34a2
27 changed files with 2293 additions and 403 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile
View File

@@ -32,9 +32,11 @@ $(BUILD_DIR):
mkdir -p $(BUILD_DIR) mkdir -p $(BUILD_DIR)
# Check if nostr_core_lib is built # Check if nostr_core_lib is built
# Explicitly specify NIPs to ensure NIP-44 (encryption) is included
# NIPs: 1 (basic), 6 (keys), 13 (PoW), 17 (DMs), 19 (bech32), 44 (encryption), 59 (gift wrap)
$(NOSTR_CORE_LIB): $(NOSTR_CORE_LIB):
@echo "Building nostr_core_lib..." @echo "Building nostr_core_lib with required NIPs (including NIP-44 for encryption)..."
cd nostr_core_lib && ./build.sh cd nostr_core_lib && ./build.sh --nips=1,6,13,17,19,44,59
# Update main.h version information (requires main.h to exist) # Update main.h version information (requires main.h to exist)
src/main.h: src/main.h:

12
api/index.js
View File

@@ -728,9 +728,15 @@
// Generate random subscription ID // Generate random subscription ID (avoiding colons which are rejected by relay)
function generateSubId() { function generateSubId() {
return Math.random().toString(36).substring(2, 15); // Use only alphanumeric characters, underscores, and hyphens
const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-';
let result = '';
for (let i = 0; i < 12; i++) {
result += chars.charAt(Math.floor(Math.random() * chars.length));
}
return result;
} }
// Configuration subscription using nostr-tools SimplePool // Configuration subscription using nostr-tools SimplePool
@@ -766,7 +772,7 @@
console.log(`User pubkey ${userPubkey}`) console.log(`User pubkey ${userPubkey}`)
// Subscribe to kind 23457 events (admin response events), kind 4 (NIP-04 DMs), and kind 1059 (NIP-17 GiftWrap) // Subscribe to kind 23457 events (admin response events), kind 4 (NIP-04 DMs), and kind 1059 (NIP-17 GiftWrap)
const subscription = relayPool.subscribeMany([url], [{ const subscription = relayPool.subscribeMany([url], [{
since: Math.floor(Date.now() / 1000), since: Math.floor(Date.now() / 1000) - 5, // Look back 5 seconds to avoid race condition
kinds: [23457], kinds: [23457],
authors: [getRelayPubkey()], // Only listen to responses from the relay authors: [getRelayPubkey()], // Only listen to responses from the relay
"#p": [userPubkey], // Only responses directed to this user "#p": [userPubkey], // Only responses directed to this user

23
make_and_restart_relay.sh
View File

@@ -137,22 +137,15 @@ fi
# Handle database file cleanup for fresh start # Handle database file cleanup for fresh start
if [ "$PRESERVE_DATABASE" = false ]; then if [ "$PRESERVE_DATABASE" = false ]; then
if ls *.db >/dev/null 2>&1 || ls build/*.db >/dev/null 2>&1; then if ls *.db* >/dev/null 2>&1 || ls build/*.db* >/dev/null 2>&1; then
echo "Removing existing database files to trigger fresh key generation..." echo "Removing existing database files (including WAL/SHM) to trigger fresh key generation..."
rm -f *.db build/*.db rm -f *.db* build/*.db*
echo "✓ Database files removed - will generate new keys and database" echo "✓ Database files removed - will generate new keys and database"
else else
echo "No existing database found - will generate fresh setup" echo "No existing database found - will generate fresh setup"
fi fi
else else
echo "Preserving existing database files as requested" echo "Preserving existing database files (build process does not touch database files)"
# Back up database files before clean build
if ls build/*.db >/dev/null 2>&1; then
echo "Backing up existing database files..."
mkdir -p /tmp/relay_backup_$$
cp build/*.db* /tmp/relay_backup_$$/ 2>/dev/null || true
echo "Database files backed up to temporary location"
fi
fi fi
# Clean up legacy files that are no longer used # Clean up legacy files that are no longer used
@@ -174,14 +167,6 @@ if [ $? -ne 0 ]; then
exit 1 exit 1
fi fi
# Restore database files if preserving
if [ "$PRESERVE_DATABASE" = true ] && [ -d "/tmp/relay_backup_$$" ]; then
echo "Restoring preserved database files..."
cp /tmp/relay_backup_$$/*.db* build/ 2>/dev/null || true
rm -rf /tmp/relay_backup_$$
echo "Database files restored to build directory"
fi
# Check if build was successful # Check if build was successful
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo "ERROR: Build failed. Cannot restart relay." echo "ERROR: Build failed. Cannot restart relay."

2
relay.pid
View File

@@ -1 +1 @@
786254 1425176

310
src/config.c
View File

@@ -222,6 +222,17 @@ static int refresh_unified_cache_from_table(void) {
return -1; return -1;
} }
// Log config table row count at start of refresh_unified_cache_from_table
sqlite3_stmt* count_stmt;
const char* count_sql = "SELECT COUNT(*) FROM config";
if (sqlite3_prepare_v2(g_db, count_sql, -1, &count_stmt, NULL) == SQLITE_OK) {
if (sqlite3_step(count_stmt) == SQLITE_ROW) {
int row_count = sqlite3_column_int(count_stmt, 0);
printf("[DEBUG] refresh_unified_cache_from_table: Config table row count at start: %d\n", row_count);
}
sqlite3_finalize(count_stmt);
}
// Lock the cache for update (don't memset entire cache to avoid wiping relay_info) // Lock the cache for update (don't memset entire cache to avoid wiping relay_info)
pthread_mutex_lock(&g_unified_cache.cache_lock); pthread_mutex_lock(&g_unified_cache.cache_lock);
@@ -358,6 +369,15 @@ static int refresh_unified_cache_from_table(void) {
pthread_mutex_unlock(&g_unified_cache.cache_lock); pthread_mutex_unlock(&g_unified_cache.cache_lock);
// Log config table row count at end of refresh_unified_cache_from_table
if (sqlite3_prepare_v2(g_db, count_sql, -1, &count_stmt, NULL) == SQLITE_OK) {
if (sqlite3_step(count_stmt) == SQLITE_ROW) {
int row_count = sqlite3_column_int(count_stmt, 0);
printf("[DEBUG] refresh_unified_cache_from_table: Config table row count at end: %d\n", row_count);
}
sqlite3_finalize(count_stmt);
}
return 0; return 0;
} }
@@ -414,9 +434,11 @@ char** find_existing_db_files(void) {
return NULL; return NULL;
} }
// Count .db files // Count .db files (excluding auxiliary files like .db-wal, .db-shm, .db-journal)
while ((entry = readdir(dir)) != NULL) { while ((entry = readdir(dir)) != NULL) {
if (strstr(entry->d_name, ".db") != NULL) { size_t len = strlen(entry->d_name);
// Only count files that end with exactly ".db" (not .db-wal, .db-shm, etc.)
if (len >= 3 && strcmp(entry->d_name + len - 3, ".db") == 0) {
count++; count++;
} }
} }
@@ -434,10 +456,12 @@ char** find_existing_db_files(void) {
return NULL; return NULL;
} }
// Store filenames // Store filenames (only files ending with exactly ".db")
int i = 0; int i = 0;
while ((entry = readdir(dir)) != NULL && i < count) { while ((entry = readdir(dir)) != NULL && i < count) {
if (strstr(entry->d_name, ".db") != NULL) { size_t len = strlen(entry->d_name);
// Only accept files that end with exactly ".db"
if (len >= 3 && strcmp(entry->d_name + len - 3, ".db") == 0) {
files[i] = malloc(strlen(entry->d_name) + 1); files[i] = malloc(strlen(entry->d_name) + 1);
if (files[i]) { if (files[i]) {
strcpy(files[i], entry->d_name); strcpy(files[i], entry->d_name);
@@ -1216,6 +1240,12 @@ int first_time_startup_sequence(const cli_options_t* cli_options) {
g_unified_cache.admin_pubkey[sizeof(g_unified_cache.admin_pubkey) - 1] = '\0'; g_unified_cache.admin_pubkey[sizeof(g_unified_cache.admin_pubkey) - 1] = '\0';
strncpy(g_unified_cache.relay_pubkey, relay_pubkey, sizeof(g_unified_cache.relay_pubkey) - 1); strncpy(g_unified_cache.relay_pubkey, relay_pubkey, sizeof(g_unified_cache.relay_pubkey) - 1);
g_unified_cache.relay_pubkey[sizeof(g_unified_cache.relay_pubkey) - 1] = '\0'; g_unified_cache.relay_pubkey[sizeof(g_unified_cache.relay_pubkey) - 1] = '\0';
// Mark cache as valid to prevent premature refresh from empty database
int cache_timeout = get_cache_timeout();
g_unified_cache.cache_expires = time(NULL) + cache_timeout;
g_unified_cache.cache_valid = 1;
pthread_mutex_unlock(&g_unified_cache.cache_lock); pthread_mutex_unlock(&g_unified_cache.cache_lock);
// 4. Create database with relay pubkey name // 4. Create database with relay pubkey name
@@ -1272,10 +1302,29 @@ int startup_existing_relay(const char* relay_pubkey) {
printf(" Relay pubkey: %s\n", relay_pubkey); printf(" Relay pubkey: %s\n", relay_pubkey);
// Log config table row count at start of startup_existing_relay
if (g_db) {
sqlite3_stmt* count_stmt;
const char* count_sql = "SELECT COUNT(*) FROM config";
if (sqlite3_prepare_v2(g_db, count_sql, -1, &count_stmt, NULL) == SQLITE_OK) {
if (sqlite3_step(count_stmt) == SQLITE_ROW) {
int row_count = sqlite3_column_int(count_stmt, 0);
printf("[DEBUG] startup_existing_relay: Config table row count at start: %d\n", row_count);
}
sqlite3_finalize(count_stmt);
}
}
// Store relay pubkey in unified cache // Store relay pubkey in unified cache
pthread_mutex_lock(&g_unified_cache.cache_lock); pthread_mutex_lock(&g_unified_cache.cache_lock);
strncpy(g_unified_cache.relay_pubkey, relay_pubkey, sizeof(g_unified_cache.relay_pubkey) - 1); strncpy(g_unified_cache.relay_pubkey, relay_pubkey, sizeof(g_unified_cache.relay_pubkey) - 1);
g_unified_cache.relay_pubkey[sizeof(g_unified_cache.relay_pubkey) - 1] = '\0'; g_unified_cache.relay_pubkey[sizeof(g_unified_cache.relay_pubkey) - 1] = '\0';
// Mark cache as valid to prevent premature refresh from database before it's initialized
int cache_timeout = get_cache_timeout();
g_unified_cache.cache_expires = time(NULL) + cache_timeout;
g_unified_cache.cache_valid = 1;
pthread_mutex_unlock(&g_unified_cache.cache_lock); pthread_mutex_unlock(&g_unified_cache.cache_lock);
// Set database path // Set database path
@@ -1289,14 +1338,21 @@ int startup_existing_relay(const char* relay_pubkey) {
g_database_path[sizeof(g_database_path) - 1] = '\0'; g_database_path[sizeof(g_database_path) - 1] = '\0';
free(db_name); free(db_name);
// Ensure default configuration values are populated (for any missing keys) // NOTE: admin_pubkey will be loaded from config table after database initialization
if (populate_default_config_values() != 0) { // in main.c by calling add_pubkeys_to_config_table() which handles migration
log_warning("Failed to populate default config values for existing relay - continuing");
}
// Configuration will be migrated from events to table after database initialization // Log config table row count at end of startup_existing_relay
// Load configuration event from database (after database is initialized) if (g_db) {
// This will be done in apply_configuration_from_database() sqlite3_stmt* count_stmt;
const char* count_sql = "SELECT COUNT(*) FROM config";
if (sqlite3_prepare_v2(g_db, count_sql, -1, &count_stmt, NULL) == SQLITE_OK) {
if (sqlite3_step(count_stmt) == SQLITE_ROW) {
int row_count = sqlite3_column_int(count_stmt, 0);
printf("[DEBUG] startup_existing_relay: Config table row count at end: %d\n", row_count);
}
sqlite3_finalize(count_stmt);
}
}
return 0; return 0;
} }
@@ -2011,7 +2067,9 @@ int handle_configuration_event(cJSON* event, char* error_message, size_t error_s
// Get value from config table // Get value from config table
const char* get_config_value_from_table(const char* key) { const char* get_config_value_from_table(const char* key) {
if (!g_db || !key) return NULL; if (!g_db || !key) {
return NULL;
}
const char* sql = "SELECT value FROM config WHERE key = ?"; const char* sql = "SELECT value FROM config WHERE key = ?";
@@ -2025,7 +2083,9 @@ const char* get_config_value_from_table(const char* key) {
const char* result = NULL; const char* result = NULL;
if (sqlite3_step(stmt) == SQLITE_ROW) { int step_rc = sqlite3_step(stmt);
if (step_rc == SQLITE_ROW) {
const char* value = (char*)sqlite3_column_text(stmt, 0); const char* value = (char*)sqlite3_column_text(stmt, 0);
if (value) { if (value) {
// Return a dynamically allocated string to prevent buffer reuse // Return a dynamically allocated string to prevent buffer reuse
@@ -2072,6 +2132,13 @@ int update_config_in_table(const char* key, const char* value) {
return -1; return -1;
} }
// Additional validation: reject empty strings to prevent accidental deletion of config values
if (strlen(value) == 0) {
log_warning("Attempted to update config with empty value - rejecting to prevent data loss");
printf(" Rejected empty value for key: %s\n", key);
return -1;
}
const char* sql = "UPDATE config SET value = ?, updated_at = strftime('%s', 'now') WHERE key = ?"; const char* sql = "UPDATE config SET value = ?, updated_at = strftime('%s', 'now') WHERE key = ?";
sqlite3_stmt* stmt; sqlite3_stmt* stmt;
@@ -2089,15 +2156,58 @@ int update_config_in_table(const char* key, const char* value) {
return (rc == SQLITE_DONE) ? 0 : -1; return (rc == SQLITE_DONE) ? 0 : -1;
} }
// Populate default config values // Populate default config values (only inserts missing keys, doesn't replace existing)
int populate_default_config_values(void) { int populate_default_config_values(void) {
log_info("Populating default configuration values in table..."); if (!g_db) {
log_error("Database not available for populating default config values");
return -1;
}
// Add all default configuration values to the table // Log config table row count at start of populate_default_config_values
sqlite3_stmt* count_stmt;
const char* count_sql = "SELECT COUNT(*) FROM config";
if (sqlite3_prepare_v2(g_db, count_sql, -1, &count_stmt, NULL) == SQLITE_OK) {
if (sqlite3_step(count_stmt) == SQLITE_ROW) {
int row_count = sqlite3_column_int(count_stmt, 0);
printf("[DEBUG] populate_default_config_values: Config table row count at start: %d\n", row_count);
}
sqlite3_finalize(count_stmt);
}
log_info("Populating missing default configuration values in table...");
int keys_added = 0;
int keys_skipped = 0;
// Add all default configuration values to the table (only if they don't exist)
for (size_t i = 0; i < DEFAULT_CONFIG_COUNT; i++) { for (size_t i = 0; i < DEFAULT_CONFIG_COUNT; i++) {
const char* key = DEFAULT_CONFIG_VALUES[i].key; const char* key = DEFAULT_CONFIG_VALUES[i].key;
const char* value = DEFAULT_CONFIG_VALUES[i].value; const char* value = DEFAULT_CONFIG_VALUES[i].value;
// Check if key already exists in config table
const char* check_sql = "SELECT COUNT(*) FROM config WHERE key = ?";
sqlite3_stmt* check_stmt;
int check_rc = sqlite3_prepare_v2(g_db, check_sql, -1, &check_stmt, NULL);
if (check_rc != SQLITE_OK) {
log_error("Failed to prepare config existence check");
continue;
}
sqlite3_bind_text(check_stmt, 1, key, -1, SQLITE_STATIC);
int key_exists = 0;
if (sqlite3_step(check_stmt) == SQLITE_ROW) {
key_exists = sqlite3_column_int(check_stmt, 0) > 0;
}
sqlite3_finalize(check_stmt);
// Skip if key already exists (preserve existing configuration)
if (key_exists) {
keys_skipped++;
continue;
}
// Determine data type // Determine data type
const char* data_type = "string"; const char* data_type = "string";
if (strcmp(key, "relay_port") == 0 || if (strcmp(key, "relay_port") == 0 ||
@@ -2150,14 +2260,61 @@ int populate_default_config_values(void) {
requires_restart = 1; requires_restart = 1;
} }
if (set_config_value_in_table(key, value, data_type, NULL, category, requires_restart) != 0) { // Only insert if key doesn't exist (INSERT will fail if key exists due to UNIQUE constraint)
const char* insert_sql = "INSERT INTO config (key, value, data_type, description, category, requires_restart) "
"VALUES (?, ?, ?, ?, ?, ?)";
sqlite3_stmt* insert_stmt;
int insert_rc = sqlite3_prepare_v2(g_db, insert_sql, -1, &insert_stmt, NULL);
if (insert_rc != SQLITE_OK) {
char error_msg[256]; char error_msg[256];
snprintf(error_msg, sizeof(error_msg), "Failed to set default config: %s = %s", key, value); snprintf(error_msg, sizeof(error_msg), "Failed to prepare insert for: %s", key);
log_error(error_msg);
continue;
}
sqlite3_bind_text(insert_stmt, 1, key, -1, SQLITE_STATIC);
sqlite3_bind_text(insert_stmt, 2, value, -1, SQLITE_STATIC);
sqlite3_bind_text(insert_stmt, 3, data_type, -1, SQLITE_STATIC);
sqlite3_bind_text(insert_stmt, 4, "", -1, SQLITE_STATIC);
sqlite3_bind_text(insert_stmt, 5, category, -1, SQLITE_STATIC);
sqlite3_bind_int(insert_stmt, 6, requires_restart);
int step_rc = sqlite3_step(insert_stmt);
sqlite3_finalize(insert_stmt);
if (step_rc == SQLITE_DONE) {
keys_added++;
} else {
// Silently skip if key already exists (UNIQUE constraint violation)
if (step_rc != SQLITE_CONSTRAINT) {
char error_msg[256];
snprintf(error_msg, sizeof(error_msg), "Failed to insert default config: %s = %s (error: %s)",
key, value, sqlite3_errmsg(g_db));
log_error(error_msg); log_error(error_msg);
} }
} }
}
if (keys_added > 0) {
char success_msg[256];
snprintf(success_msg, sizeof(success_msg),
"Added %d missing default configuration values (%d existing keys preserved)",
keys_added, keys_skipped);
log_success(success_msg);
} else if (keys_skipped > 0) {
log_info("All default configuration keys already exist - no changes needed");
}
// Log config table row count at end of populate_default_config_values
if (sqlite3_prepare_v2(g_db, count_sql, -1, &count_stmt, NULL) == SQLITE_OK) {
if (sqlite3_step(count_stmt) == SQLITE_ROW) {
int row_count = sqlite3_column_int(count_stmt, 0);
printf("[DEBUG] populate_default_config_values: Config table row count at end: %d\n", row_count);
}
sqlite3_finalize(count_stmt);
}
log_success("Default configuration values populated with restart requirements");
return 0; return 0;
} }
@@ -2168,14 +2325,78 @@ int add_pubkeys_to_config_table(void) {
return -1; return -1;
} }
// Log config table row count at start of add_pubkeys_to_config_table
sqlite3_stmt* count_stmt;
const char* count_sql = "SELECT COUNT(*) FROM config";
if (sqlite3_prepare_v2(g_db, count_sql, -1, &count_stmt, NULL) == SQLITE_OK) {
if (sqlite3_step(count_stmt) == SQLITE_ROW) {
int row_count = sqlite3_column_int(count_stmt, 0);
printf("[DEBUG] add_pubkeys_to_config_table: Config table row count at start: %d\n", row_count);
}
sqlite3_finalize(count_stmt);
}
log_info("Adding dynamically generated pubkeys to config table..."); log_info("Adding dynamically generated pubkeys to config table...");
// Get the pubkeys directly from unified cache (not through cached accessors to avoid circular dependency) // Get the pubkeys directly from unified cache (not through cached accessors to avoid circular dependency)
pthread_mutex_lock(&g_unified_cache.cache_lock); pthread_mutex_lock(&g_unified_cache.cache_lock);
const char* admin_pubkey = g_unified_cache.admin_pubkey[0] ? g_unified_cache.admin_pubkey : NULL; const char* admin_pubkey_cache = g_unified_cache.admin_pubkey[0] ? g_unified_cache.admin_pubkey : NULL;
const char* relay_pubkey = g_unified_cache.relay_pubkey[0] ? g_unified_cache.relay_pubkey : NULL; const char* relay_pubkey_cache = g_unified_cache.relay_pubkey[0] ? g_unified_cache.relay_pubkey : NULL;
pthread_mutex_unlock(&g_unified_cache.cache_lock); pthread_mutex_unlock(&g_unified_cache.cache_lock);
// For existing relays, admin_pubkey might already be in the database but not in cache yet
// Try to load it from the database config table first
const char* admin_pubkey_from_db = NULL;
if (!admin_pubkey_cache || strlen(admin_pubkey_cache) != 64) {
admin_pubkey_from_db = get_config_value_from_table("admin_pubkey");
if (admin_pubkey_from_db && strlen(admin_pubkey_from_db) == 64) {
// Update cache with the value from config table
pthread_mutex_lock(&g_unified_cache.cache_lock);
strncpy(g_unified_cache.admin_pubkey, admin_pubkey_from_db, sizeof(g_unified_cache.admin_pubkey) - 1);
g_unified_cache.admin_pubkey[sizeof(g_unified_cache.admin_pubkey) - 1] = '\0';
pthread_mutex_unlock(&g_unified_cache.cache_lock);
log_success("Loaded admin_pubkey from config table into cache");
// Free the allocated string and return success - pubkey already in table
free((char*)admin_pubkey_from_db);
return 0;
}
if (admin_pubkey_from_db) {
free((char*)admin_pubkey_from_db);
}
// If not in config table, try loading from old event-based config (migration scenario)
const char* sql = "SELECT pubkey FROM events WHERE kind = 33334 ORDER BY created_at DESC LIMIT 1";
sqlite3_stmt* stmt;
int rc = sqlite3_prepare_v2(g_db, sql, -1, &stmt, NULL);
if (rc == SQLITE_OK) {
if (sqlite3_step(stmt) == SQLITE_ROW) {
const char* event_pubkey = (const char*)sqlite3_column_text(stmt, 0);
if (event_pubkey && strlen(event_pubkey) == 64) {
// Store in config table for future use
if (set_config_value_in_table("admin_pubkey", event_pubkey, "string",
"Administrator public key", "authentication", 0) == 0) {
// Update cache
pthread_mutex_lock(&g_unified_cache.cache_lock);
strncpy(g_unified_cache.admin_pubkey, event_pubkey, sizeof(g_unified_cache.admin_pubkey) - 1);
g_unified_cache.admin_pubkey[sizeof(g_unified_cache.admin_pubkey) - 1] = '\0';
pthread_mutex_unlock(&g_unified_cache.cache_lock);
sqlite3_finalize(stmt);
log_success("Migrated admin_pubkey from old config event to config table");
return 0;
}
}
}
sqlite3_finalize(stmt);
}
}
// Use cache value for storage (either from first-time startup or just loaded from DB)
const char* admin_pubkey = admin_pubkey_cache;
const char* relay_pubkey = relay_pubkey_cache;
if (!admin_pubkey || strlen(admin_pubkey) != 64) { if (!admin_pubkey || strlen(admin_pubkey) != 64) {
log_error("Admin pubkey not available or invalid for config table storage"); log_error("Admin pubkey not available or invalid for config table storage");
return -1; return -1;
@@ -2201,8 +2422,17 @@ int add_pubkeys_to_config_table(void) {
} }
log_success("Dynamically generated pubkeys added to config table"); log_success("Dynamically generated pubkeys added to config table");
printf(" Admin pubkey: %s\n", admin_pubkey); printf(" Admin pubkey: %s\n", admin_pubkey ? admin_pubkey : "NULL");
printf(" Relay pubkey: %s\n", relay_pubkey); printf(" Relay pubkey: %s\n", relay_pubkey ? relay_pubkey : "NULL");
// Log config table row count at end of add_pubkeys_to_config_table
if (sqlite3_prepare_v2(g_db, count_sql, -1, &count_stmt, NULL) == SQLITE_OK) {
if (sqlite3_step(count_stmt) == SQLITE_ROW) {
int row_count = sqlite3_column_int(count_stmt, 0);
printf("[DEBUG] add_pubkeys_to_config_table: Config table row count at end: %d\n", row_count);
}
sqlite3_finalize(count_stmt);
}
return 0; return 0;
} }
@@ -2229,18 +2459,6 @@ int process_admin_event_in_config(cJSON* event, char* error_message, size_t erro
cJSON* pubkey_obj = cJSON_GetObjectItem(event, "pubkey"); cJSON* pubkey_obj = cJSON_GetObjectItem(event, "pubkey");
const char* event_pubkey = pubkey_obj ? cJSON_GetStringValue(pubkey_obj) : NULL; const char* event_pubkey = pubkey_obj ? cJSON_GetStringValue(pubkey_obj) : NULL;
// DEFENSE-IN-DEPTH: Use comprehensive admin authorization validation
if (!is_authorized_admin_event(event)) {
// Log the unauthorized attempt for security monitoring
char log_msg[256];
snprintf(log_msg, sizeof(log_msg),
"Unauthorized admin event attempt in config processing - pubkey: %.16s...",
event_pubkey ? event_pubkey : "null");
log_warning(log_msg);
snprintf(error_message, error_size, "auth-required: not authorized admin");
return -1;
}
// Route to appropriate handler based on kind // Route to appropriate handler based on kind
switch (kind) { switch (kind) {
@@ -2628,9 +2846,16 @@ char* encrypt_admin_response_content(const cJSON* response_data, const char* rec
} }
// Perform NIP-44 encryption (relay as sender, admin as recipient) // Perform NIP-44 encryption (relay as sender, admin as recipient)
char encrypted_content[8192]; // Buffer for encrypted content // Buffer needs to accommodate: version(1) + nonce(32) + ciphertext(plaintext_size) + mac(32) + base64 overhead(~33%)
int encrypt_result = nostr_nip44_encrypt(relay_privkey_bytes, recipient_pubkey_bytes, // For 5KB plaintext: (1+32+5000+32)*1.34 ≈ 6800 bytes, use 16KB to be safe
response_json, encrypted_content, sizeof(encrypted_content)); char encrypted_content[16384]; // Buffer for encrypted content (16KB)
int encrypt_result = nostr_nip44_encrypt(
relay_privkey_bytes, // sender private key
recipient_pubkey_bytes, // recipient public key
response_json, // plaintext to encrypt
encrypted_content, // output buffer
sizeof(encrypted_content) // output buffer size
);
// Clean up sensitive data immediately after use // Clean up sensitive data immediately after use
memset(relay_privkey_bytes, 0, 32); memset(relay_privkey_bytes, 0, 32);
@@ -4553,10 +4778,11 @@ int process_startup_config_event_with_fallback(const cJSON* event) {
// If that fails, populate defaults and try again // If that fails, populate defaults and try again
log_warning("Startup config processing failed - ensuring defaults are populated"); log_warning("Startup config processing failed - ensuring defaults are populated");
if (populate_default_config_values() != 0) { // COMMENTED OUT: Don't modify existing database config on restart
log_error("Failed to populate default config values"); // if (populate_default_config_values() != 0) {
return -1; // log_error("Failed to populate default config values");
} // return -1;
// }
// Retry processing // Retry processing
if (process_startup_config_event(event) == 0) { if (process_startup_config_event(event) == 0) {

4
src/embedded_web_content.c
View File

File diff suppressed because one or more lines are too long

219
src/main.c
View File

@@ -280,6 +280,52 @@ void send_notice_message(struct lws* wsi, const char* message) {
///////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////
// Clean up stale SQLite WAL files that may cause lock issues after unclean shutdown
static void cleanup_stale_wal_files(const char* db_path) {
if (!db_path) return;
// Check if database file exists
if (access(db_path, F_OK) != 0) {
return; // Database doesn't exist yet, nothing to clean
}
// Build paths for WAL and SHM files
char wal_path[1024];
char shm_path[1024];
snprintf(wal_path, sizeof(wal_path), "%s-wal", db_path);
snprintf(shm_path, sizeof(shm_path), "%s-shm", db_path);
// Check if WAL or SHM files exist
int has_wal = (access(wal_path, F_OK) == 0);
int has_shm = (access(shm_path, F_OK) == 0);
if (has_wal || has_shm) {
log_warning("Detected stale SQLite WAL files from previous unclean shutdown");
// Try to remove WAL file
if (has_wal) {
if (unlink(wal_path) == 0) {
log_info("Removed stale WAL file");
} else {
char error_msg[256];
snprintf(error_msg, sizeof(error_msg), "Failed to remove WAL file: %s", strerror(errno));
log_warning(error_msg);
}
}
// Try to remove SHM file
if (has_shm) {
if (unlink(shm_path) == 0) {
log_info("Removed stale SHM file");
} else {
char error_msg[256];
snprintf(error_msg, sizeof(error_msg), "Failed to remove SHM file: %s", strerror(errno));
log_warning(error_msg);
}
}
}
}
// Initialize database connection and schema // Initialize database connection and schema
int init_database(const char* database_path_override) { int init_database(const char* database_path_override) {
// Priority 1: Command line database path override // Priority 1: Command line database path override
@@ -295,6 +341,9 @@ int init_database(const char* database_path_override) {
db_path = DEFAULT_DATABASE_PATH; db_path = DEFAULT_DATABASE_PATH;
} }
// Clean up stale WAL files before opening database
cleanup_stale_wal_files(db_path);
int rc = sqlite3_open(db_path, &g_db); int rc = sqlite3_open(db_path, &g_db);
if (rc != SQLITE_OK) { if (rc != SQLITE_OK) {
log_error("Cannot open database"); log_error("Cannot open database");
@@ -438,14 +487,41 @@ int init_database(const char* database_path_override) {
return -1; return -1;
} }
// Enable WAL mode for better concurrency and crash recovery
char* wal_error = NULL;
rc = sqlite3_exec(g_db, "PRAGMA journal_mode=WAL;", NULL, NULL, &wal_error);
if (rc != SQLITE_OK) {
char error_msg[256];
snprintf(error_msg, sizeof(error_msg), "Failed to enable WAL mode: %s",
wal_error ? wal_error : "unknown error");
log_warning(error_msg);
if (wal_error) sqlite3_free(wal_error);
// Continue anyway - WAL mode is optional
} else {
log_info("SQLite WAL mode enabled");
}
return 0; return 0;
} }
// Close database connection // Close database connection with proper WAL checkpoint
void close_database() { void close_database() {
if (g_db) { if (g_db) {
// Perform WAL checkpoint to minimize stale files on next startup
log_info("Performing WAL checkpoint before database close");
char* checkpoint_error = NULL;
int rc = sqlite3_exec(g_db, "PRAGMA wal_checkpoint(TRUNCATE);", NULL, NULL, &checkpoint_error);
if (rc != SQLITE_OK) {
char error_msg[256];
snprintf(error_msg, sizeof(error_msg), "WAL checkpoint warning: %s",
checkpoint_error ? checkpoint_error : "unknown error");
log_warning(error_msg);
if (checkpoint_error) sqlite3_free(checkpoint_error);
}
sqlite3_close(g_db); sqlite3_close(g_db);
g_db = NULL; g_db = NULL;
log_info("Database connection closed");
} }
} }
@@ -1267,6 +1343,9 @@ int is_authorized_admin_event(cJSON* event, char* error_buffer, size_t error_buf
return -1; return -1;
} }
// DEBUG: Log that we're checking admin authorization
log_info("DEBUG: Checking admin event authorization");
// Step 1: Verify event kind is admin type // Step 1: Verify event kind is admin type
cJSON *kind_json = cJSON_GetObjectItem(event, "kind"); cJSON *kind_json = cJSON_GetObjectItem(event, "kind");
if (!kind_json || !cJSON_IsNumber(kind_json)) { if (!kind_json || !cJSON_IsNumber(kind_json)) {
@@ -1301,6 +1380,12 @@ int is_authorized_admin_event(cJSON* event, char* error_buffer, size_t error_buf
// Compare with our relay pubkey // Compare with our relay pubkey
const char* relay_pubkey = get_config_value("relay_pubkey"); const char* relay_pubkey = get_config_value("relay_pubkey");
char debug_msg1[256];
snprintf(debug_msg1, sizeof(debug_msg1), "DEBUG: Relay pubkey from config: %.64s", relay_pubkey ? relay_pubkey : "NULL");
log_info(debug_msg1);
char debug_msg2[256];
snprintf(debug_msg2, sizeof(debug_msg2), "DEBUG: Event p tag value: %.64s", tag_value->valuestring);
log_info(debug_msg2);
if (relay_pubkey && strcmp(tag_value->valuestring, relay_pubkey) == 0) { if (relay_pubkey && strcmp(tag_value->valuestring, relay_pubkey) == 0) {
targets_this_relay = 1; targets_this_relay = 1;
break; break;
@@ -1311,6 +1396,7 @@ int is_authorized_admin_event(cJSON* event, char* error_buffer, size_t error_buf
if (!targets_this_relay) { if (!targets_this_relay) {
// Admin event for different relay - not an error, just not for us // Admin event for different relay - not an error, just not for us
log_info("DEBUG: Admin event not targeting this relay");
snprintf(error_buffer, error_buffer_size, "Admin event not targeting this relay"); snprintf(error_buffer, error_buffer_size, "Admin event not targeting this relay");
return -1; return -1;
} }
@@ -1325,6 +1411,12 @@ int is_authorized_admin_event(cJSON* event, char* error_buffer, size_t error_buf
// Get admin pubkey from configuration // Get admin pubkey from configuration
const char* admin_pubkey = get_config_value("admin_pubkey"); const char* admin_pubkey = get_config_value("admin_pubkey");
char debug_msg3[256];
snprintf(debug_msg3, sizeof(debug_msg3), "DEBUG: Admin pubkey from config: %.64s", admin_pubkey ? admin_pubkey : "NULL");
log_info(debug_msg3);
char debug_msg4[256];
snprintf(debug_msg4, sizeof(debug_msg4), "DEBUG: Event pubkey: %.64s", pubkey_json->valuestring);
log_info(debug_msg4);
if (!admin_pubkey || strlen(admin_pubkey) == 0) { if (!admin_pubkey || strlen(admin_pubkey) == 0) {
log_warning("Unauthorized admin event attempt: no admin pubkey configured"); log_warning("Unauthorized admin event attempt: no admin pubkey configured");
snprintf(error_buffer, error_buffer_size, "Unauthorized admin event attempt: no admin configured"); snprintf(error_buffer, error_buffer_size, "Unauthorized admin event attempt: no admin configured");
@@ -1338,18 +1430,25 @@ int is_authorized_admin_event(cJSON* event, char* error_buffer, size_t error_buf
snprintf(warning_msg, sizeof(warning_msg), snprintf(warning_msg, sizeof(warning_msg),
"Unauthorized admin event attempt from pubkey: %.32s...", pubkey_json->valuestring); "Unauthorized admin event attempt from pubkey: %.32s...", pubkey_json->valuestring);
log_warning(warning_msg); log_warning(warning_msg);
log_info("DEBUG: Pubkey comparison failed - event pubkey != admin pubkey");
snprintf(error_buffer, error_buffer_size, "Unauthorized admin event attempt: invalid admin pubkey"); snprintf(error_buffer, error_buffer_size, "Unauthorized admin event attempt: invalid admin pubkey");
return -1; return -1;
} }
log_info("DEBUG: Pubkey comparison passed");
// Step 4: Verify event signature // Step 4: Verify event signature
if (nostr_verify_event_signature(event) != 0) { if (nostr_verify_event_signature(event) != 0) {
log_warning("Unauthorized admin event attempt: invalid signature"); log_warning("Unauthorized admin event attempt: invalid signature");
log_info("DEBUG: Signature verification failed");
snprintf(error_buffer, error_buffer_size, "Unauthorized admin event attempt: signature verification failed"); snprintf(error_buffer, error_buffer_size, "Unauthorized admin event attempt: signature verification failed");
return -1; return -1;
} }
log_info("DEBUG: Signature verification passed");
// All checks passed - authorized admin event // All checks passed - authorized admin event
log_info("DEBUG: Admin event authorization successful");
return 0; return 0;
} }
@@ -1597,7 +1696,7 @@ int main(int argc, char* argv[]) {
printf(" Port: %d (overriding default)\n", cli_options.port_override); printf(" Port: %d (overriding default)\n", cli_options.port_override);
} }
// Add pubkeys to config table // Add pubkeys to config table (single authoritative call)
if (add_pubkeys_to_config_table() != 0) { if (add_pubkeys_to_config_table() != 0) {
log_error("Failed to add pubkeys to config table"); log_error("Failed to add pubkeys to config table");
cleanup_configuration_system(); cleanup_configuration_system();
@@ -1605,17 +1704,6 @@ int main(int argc, char* argv[]) {
close_database(); close_database();
return 1; return 1;
} }
// Now store the pubkeys in config table since database is available
const char* admin_pubkey = get_admin_pubkey_cached();
const char* relay_pubkey_from_cache = get_relay_pubkey_cached();
if (admin_pubkey && strlen(admin_pubkey) == 64) {
set_config_value_in_table("admin_pubkey", admin_pubkey, "string", "Administrator public key", "authentication", 0);
}
if (relay_pubkey_from_cache && strlen(relay_pubkey_from_cache) == 64) {
set_config_value_in_table("relay_pubkey", relay_pubkey_from_cache, "string", "Relay public key", "relay", 0);
}
} else { } else {
// Find existing database file // Find existing database file
char** existing_files = find_existing_db_files(); char** existing_files = find_existing_db_files();
@@ -1663,6 +1751,22 @@ int main(int argc, char* argv[]) {
return 1; return 1;
} }
// DEBUG: Check config table row count before database initialization
{
sqlite3* temp_db = NULL;
if (sqlite3_open(g_database_path, &temp_db) == SQLITE_OK) {
sqlite3_stmt* stmt;
if (sqlite3_prepare_v2(temp_db, "SELECT COUNT(*) FROM config", -1, &stmt, NULL) == SQLITE_OK) {
if (sqlite3_step(stmt) == SQLITE_ROW) {
int count = sqlite3_column_int(stmt, 0);
printf("[DEBUG] Config table row count before init_database(): %d\n", count);
}
sqlite3_finalize(stmt);
}
sqlite3_close(temp_db);
}
}
// Initialize database with existing database path // Initialize database with existing database path
if (init_database(g_database_path) != 0) { if (init_database(g_database_path) != 0) {
log_error("Failed to initialize existing database"); log_error("Failed to initialize existing database");
@@ -1676,31 +1780,92 @@ int main(int argc, char* argv[]) {
return 1; return 1;
} }
// DEBUG: Check config table row count after database initialization
{
sqlite3_stmt* stmt;
if (sqlite3_prepare_v2(g_db, "SELECT COUNT(*) FROM config", -1, &stmt, NULL) == SQLITE_OK) {
if (sqlite3_step(stmt) == SQLITE_ROW) {
int count = sqlite3_column_int(stmt, 0);
printf("[DEBUG] Config table row count after init_database(): %d\n", count);
}
sqlite3_finalize(stmt);
}
}
// Ensure default configuration values are populated (for any missing keys)
// This must be done AFTER database initialization
// COMMENTED OUT: Don't modify existing database config on restart
// if (populate_default_config_values() != 0) {
// log_warning("Failed to populate default config values for existing relay - continuing");
// }
// Load configuration from database // Load configuration from database
cJSON* config_event = load_config_event_from_database(relay_pubkey); cJSON* config_event = load_config_event_from_database(relay_pubkey);
if (config_event) { if (config_event) {
if (apply_configuration_from_event(config_event) != 0) { if (apply_configuration_from_event(config_event) != 0) {
log_warning("Failed to apply configuration from database"); log_warning("Failed to apply configuration from database");
} else {
// Extract admin pubkey from the config event and store in config table for unified cache access
cJSON* pubkey_obj = cJSON_GetObjectItem(config_event, "pubkey");
const char* admin_pubkey = pubkey_obj ? cJSON_GetStringValue(pubkey_obj) : NULL;
// Store both admin and relay pubkeys in config table for unified cache
if (admin_pubkey && strlen(admin_pubkey) == 64) {
set_config_value_in_table("admin_pubkey", admin_pubkey, "string", "Administrator public key", "authentication", 0);
}
if (relay_pubkey && strlen(relay_pubkey) == 64) {
set_config_value_in_table("relay_pubkey", relay_pubkey, "string", "Relay public key", "relay", 0);
}
} }
cJSON_Delete(config_event); cJSON_Delete(config_event);
} else { } else {
log_warning("No configuration event found in existing database"); log_warning("No configuration event found in existing database");
} }
// Ensure pubkeys are in config table for existing relay
// This handles migration from old event-based config to table-based config
const char* admin_pubkey_from_table = get_config_value_from_table("admin_pubkey");
const char* relay_pubkey_from_table = get_config_value_from_table("relay_pubkey");
int need_to_add_pubkeys = 0;
// Check if admin_pubkey is missing or invalid
if (!admin_pubkey_from_table || strlen(admin_pubkey_from_table) != 64) {
log_warning("Admin pubkey missing or invalid in config table - will regenerate from cache");
need_to_add_pubkeys = 1;
}
if (admin_pubkey_from_table) free((char*)admin_pubkey_from_table);
// Check if relay_pubkey is missing or invalid
if (!relay_pubkey_from_table || strlen(relay_pubkey_from_table) != 64) {
log_warning("Relay pubkey missing or invalid in config table - will regenerate from cache");
need_to_add_pubkeys = 1;
}
if (relay_pubkey_from_table) free((char*)relay_pubkey_from_table);
// If either pubkey is missing, call add_pubkeys_to_config_table to populate both
if (need_to_add_pubkeys) {
// DEBUG: Check config table row count before add_pubkeys_to_config_table()
{
sqlite3_stmt* stmt;
if (sqlite3_prepare_v2(g_db, "SELECT COUNT(*) FROM config", -1, &stmt, NULL) == SQLITE_OK) {
if (sqlite3_step(stmt) == SQLITE_ROW) {
int count = sqlite3_column_int(stmt, 0);
printf("[DEBUG] Config table row count before add_pubkeys_to_config_table(): %d\n", count);
}
sqlite3_finalize(stmt);
}
}
if (add_pubkeys_to_config_table() != 0) {
log_error("Failed to add pubkeys to config table for existing relay");
cleanup_configuration_system();
nostr_cleanup();
close_database();
return 1;
}
// DEBUG: Check config table row count after add_pubkeys_to_config_table()
{
sqlite3_stmt* stmt;
if (sqlite3_prepare_v2(g_db, "SELECT COUNT(*) FROM config", -1, &stmt, NULL) == SQLITE_OK) {
if (sqlite3_step(stmt) == SQLITE_ROW) {
int count = sqlite3_column_int(stmt, 0);
printf("[DEBUG] Config table row count after add_pubkeys_to_config_table(): %d\n", count);
}
sqlite3_finalize(stmt);
}
}
}
// Apply CLI overrides for existing relay (port override should work even for existing relays) // Apply CLI overrides for existing relay (port override should work even for existing relays)
if (cli_options.port_override > 0) { if (cli_options.port_override > 0) {
char port_str[16]; char port_str[16];

4
src/subscriptions.c
View File

@@ -135,11 +135,11 @@ static int validate_subscription_id(const char* sub_id) {
return 0; // Empty or too long return 0; // Empty or too long
} }
// Check for valid characters (alphanumeric, underscore, hyphen) // Check for valid characters (alphanumeric, underscore, hyphen, colon)
for (size_t i = 0; i < len; i++) { for (size_t i = 0; i < len; i++) {
char c = sub_id[i]; char c = sub_id[i];
if (!((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || if (!((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') ||
(c >= '0' && c <= '9') || c == '_' || c == '-')) { (c >= '0' && c <= '9') || c == '_' || c == '-' || c == ':')) {
return 0; // Invalid character return 0; // Invalid character
} }
} }

22
src/websockets.c
View File

@@ -678,6 +678,11 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
} }
} }
} else if (strcmp(msg_type, "REQ") == 0) { } else if (strcmp(msg_type, "REQ") == 0) {
// Log the full REQ message for debugging
char debug_msg[2048];
snprintf(debug_msg, sizeof(debug_msg), "Received REQ message: %s", message);
log_info(debug_msg);
// Check NIP-42 authentication for REQ subscriptions if required // Check NIP-42 authentication for REQ subscriptions if required
if (pss && pss->nip42_auth_required_subscriptions && !pss->authenticated) { if (pss && pss->nip42_auth_required_subscriptions && !pss->authenticated) {
if (!pss->auth_challenge_sent) { if (!pss->auth_challenge_sent) {
@@ -719,18 +724,26 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
// Validate characters in subscription ID // Validate characters in subscription ID
int valid_id = 1; int valid_id = 1;
char invalid_char = '\0';
size_t invalid_pos = 0;
for (size_t i = 0; i < id_len; i++) { for (size_t i = 0; i < id_len; i++) {
char c = subscription_id[i]; char c = subscription_id[i];
if (!((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || if (!((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') ||
(c >= '0' && c <= '9') || c == '_' || c == '-')) { (c >= '0' && c <= '9') || c == '_' || c == '-' || c == ':')) {
valid_id = 0; valid_id = 0;
invalid_char = c;
invalid_pos = i;
break; break;
} }
} }
if (!valid_id) { if (!valid_id) {
char debug_msg[512];
snprintf(debug_msg, sizeof(debug_msg),
"REQ rejected: invalid character '%c' (0x%02X) at position %zu in subscription ID: '%s'",
invalid_char, (unsigned char)invalid_char, invalid_pos, subscription_id);
log_warning(debug_msg);
send_notice_message(wsi, "error: invalid characters in subscription ID"); send_notice_message(wsi, "error: invalid characters in subscription ID");
log_warning("REQ rejected: invalid characters in subscription ID");
cJSON_Delete(json); cJSON_Delete(json);
free(message); free(message);
return 0; return 0;
@@ -871,7 +884,7 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
for (size_t i = 0; i < id_len; i++) { for (size_t i = 0; i < id_len; i++) {
char c = subscription_id[i]; char c = subscription_id[i];
if (!((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || if (!((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') ||
(c >= '0' && c <= '9') || c == '_' || c == '-')) { (c >= '0' && c <= '9') || c == '_' || c == '-' || c == ':')) {
valid_id = 0; valid_id = 0;
break; break;
} }
@@ -1028,6 +1041,9 @@ int start_websocket_relay(int port_override, int strict_port) {
// Starting libwebsockets-based Nostr relay server // Starting libwebsockets-based Nostr relay server
// Set libwebsockets log level to errors only
lws_set_log_level(LLL_USER | LLL_ERR, NULL);
memset(&info, 0, sizeof(info)); memset(&info, 0, sizeof(info));
// Use port override if provided, otherwise use configuration // Use port override if provided, otherwise use configuration
int configured_port = (port_override > 0) ? port_override : get_config_int("relay_port", DEFAULT_PORT); int configured_port = (port_override > 0) ? port_override : get_config_int("relay_port", DEFAULT_PORT);

28
test_results_20251011_105627.log
View File

@@ -1,28 +0,0 @@
2025-10-11 10:56:27 - ==========================================
2025-10-11 10:56:27 - C-Relay Comprehensive Test Suite Runner
2025-10-11 10:56:27 - ==========================================
2025-10-11 10:56:27 - Relay URL: ws://127.0.0.1:8888
2025-10-11 10:56:27 - Log file: test_results_20251011_105627.log
2025-10-11 10:56:27 - Report file: test_report_20251011_105627.html
2025-10-11 10:56:27 -
2025-10-11 10:56:27 - Checking relay status at ws://127.0.0.1:8888...
2025-10-11 10:56:27 - \033[0;32m✓ Relay HTTP endpoint is accessible\033[0m
2025-10-11 10:56:27 -
2025-10-11 10:56:27 - Starting comprehensive test execution...
2025-10-11 10:56:27 -
2025-10-11 10:56:27 - \033[0;34m=== SECURITY TEST SUITES ===\033[0m
2025-10-11 10:56:27 - ==========================================
2025-10-11 10:56:27 - Running Test Suite: SQL Injection Tests
2025-10-11 10:56:27 - Description: Comprehensive SQL injection vulnerability testing
2025-10-11 10:56:27 - ==========================================
==========================================
C-Relay SQL Injection Test Suite
==========================================
Testing against relay at ws://127.0.0.1:8888
=== Basic Connectivity Test ===
Testing Basic connectivity... PASSED - Valid query works
=== Authors Filter SQL Injection Tests ===
Testing Authors filter with payload: '; DROP TABLE events; --... UNCERTAIN - Connection timeout (may indicate crash)
2025-10-11 10:56:32 - \033[0;31m✗ SQL Injection Tests FAILED\033[0m (Duration: 5s)

2
tests/17_nip_test.sh
View File

@@ -28,7 +28,7 @@ echo "✓ nak command found"
# Check if relay is running by testing connection # Check if relay is running by testing connection
echo "Testing relay connection..." echo "Testing relay connection..."
if ! timeout 5 bash -c "</dev/tcp/localhost/8888" 2>/dev/null; then if ! timeout 5 nc -z localhost 8888 2>/dev/null; then
echo "ERROR: Relay does not appear to be running on localhost:8888" echo "ERROR: Relay does not appear to be running on localhost:8888"
echo "Please start the relay first with: ./make_and_restart_relay.sh" echo "Please start the relay first with: ./make_and_restart_relay.sh"
exit 1 exit 1

8
tests/auth_tests.sh
View File

@@ -32,9 +32,7 @@ test_auth_challenge() {
# Send a REQ message that should trigger auth # Send a REQ message that should trigger auth
local response local response
response=$(timeout 10 bash -c " response=$(echo "[\"REQ\",\"auth_test_$(date +%s)\",{}]" | timeout 10 websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -3 || echo 'TIMEOUT')
echo '[\"REQ\",\"auth_test_'$(date +%s)'\",{}]' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -3
" 2>/dev/null || echo 'TIMEOUT')
if [[ "$response" == *"TIMEOUT"* ]]; then if [[ "$response" == *"TIMEOUT"* ]]; then
echo -e "${RED}FAILED${NC} - Connection timeout" echo -e "${RED}FAILED${NC} - Connection timeout"
@@ -80,9 +78,7 @@ EOF
# Send auth list modification # Send auth list modification
local response local response
response=$(timeout 10 bash -c " response=$(echo "$admin_event" | timeout 10 websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1 || echo 'TIMEOUT')
echo '$admin_event' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1
" 2>/dev/null || echo 'TIMEOUT')
if [[ "$response" == *"TIMEOUT"* ]]; then if [[ "$response" == *"TIMEOUT"* ]]; then
echo -e "${RED}FAILED${NC} - Connection timeout" echo -e "${RED}FAILED${NC} - Connection timeout"

8
tests/config_tests.sh
View File

@@ -47,9 +47,7 @@ EOF
# Send config query event # Send config query event
local response local response
response=$(timeout 10 bash -c " response=$(echo "$admin_event" | timeout 10 websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -3 || echo 'TIMEOUT')
echo '$admin_event' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -3
" 2>/dev/null || echo 'TIMEOUT')
if [[ "$response" == *"TIMEOUT"* ]]; then if [[ "$response" == *"TIMEOUT"* ]]; then
echo -e "${RED}FAILED${NC} - Connection timeout" echo -e "${RED}FAILED${NC} - Connection timeout"
@@ -94,9 +92,7 @@ EOF
# Send config setting event # Send config setting event
local response local response
response=$(timeout 10 bash -c " response=$(echo "$admin_event" | timeout 10 websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -3 || echo 'TIMEOUT')
echo '$admin_event' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -3
" 2>/dev/null || echo 'TIMEOUT')
if [[ "$response" == *"TIMEOUT"* ]]; then if [[ "$response" == *"TIMEOUT"* ]]; then
echo -e "${RED}FAILED${NC} - Connection timeout" echo -e "${RED}FAILED${NC} - Connection timeout"

48
tests/debug_perf.sh Executable file
View File

@@ -0,0 +1,48 @@
#!/bin/bash
# Debug script for performance_benchmarks.sh
source ./performance_benchmarks.sh
echo "Testing benchmark_request function..."
result=$(benchmark_request '["REQ","test",{}]')
echo "Result: $result"
echo "Testing full client subprocess..."
(
client_start=$(date +%s)
client_requests=0
client_total_response_time=0
client_successful_requests=0
client_min_time=999999
client_max_time=0
while [[ $(($(date +%s) - client_start)) -lt 3 ]]; do
result=$(benchmark_request '["REQ","test",{}]')
IFS=':' read -r response_time success <<< "$result"
client_total_response_time=$((client_total_response_time + response_time))
client_requests=$((client_requests + 1))
if [[ "$success" == "1" ]]; then
client_successful_requests=$((client_successful_requests + 1))
fi
if [[ $response_time -lt client_min_time ]]; then
client_min_time=$response_time
fi
if [[ $response_time -gt client_max_time ]]; then
client_max_time=$response_time
fi
echo "Request $client_requests: ${response_time}ms, success=$success"
sleep 0.1
done
echo "$client_requests:$client_successful_requests:$client_total_response_time:$client_min_time:$client_max_time"
) &
pid=$!
echo "Waiting for client..."
wait "$pid"
echo "Client finished."

8
tests/filter_validation_test.sh
View File

@@ -34,9 +34,7 @@ test_websocket_message() {
# Send message via websocat and capture response # Send message via websocat and capture response
local response local response
response=$(timeout $TEST_TIMEOUT bash -c " response=$(echo "$message" | timeout $TEST_TIMEOUT websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null || echo 'CONNECTION_FAILED')
echo '$message' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null || echo 'CONNECTION_FAILED'
" 2>/dev/null || echo 'TIMEOUT')
if [[ "$response" == "CONNECTION_FAILED" ]]; then if [[ "$response" == "CONNECTION_FAILED" ]]; then
echo -e "${RED}FAILED${NC} - Could not connect to relay" echo -e "${RED}FAILED${NC} - Could not connect to relay"
@@ -73,9 +71,7 @@ test_valid_message() {
# Send message via websocat and capture response # Send message via websocat and capture response
local response local response
response=$(timeout $TEST_TIMEOUT bash -c " response=$(echo "$message" | timeout $TEST_TIMEOUT websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1 || echo 'TIMEOUT')
echo '$message' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1
" 2>/dev/null || echo 'TIMEOUT')
if [[ "$response" == "TIMEOUT" ]]; then if [[ "$response" == "TIMEOUT" ]]; then
echo -e "${RED}FAILED${NC} - Connection timeout" echo -e "${RED}FAILED${NC} - Connection timeout"

76
tests/input_validation_tests.sh
View File

File diff suppressed because one or more lines are too long

83
tests/load_tests.sh
View File

@@ -50,20 +50,13 @@ run_client() {
done done
# Send CLOSE message # Send CLOSE message
echo '["CLOSE","load_test_'"$client_id"'_*"]' echo '["CLOSE","load_test_'"$client_id"'_*"]'
) | timeout 60 websocat -B 1048576 "ws://$RELAY_HOST:$RELAY_PORT" > "$temp_file" 2>/dev/null & ) | timeout 30 websocat -B 1048576 "ws://$RELAY_HOST:$RELAY_PORT" > "$temp_file" 2>/dev/null
local client_pid=$! local exit_code=$?
# Wait a bit for the client to complete # Check if connection was successful (exit code 0 means successful)
sleep 2 if [[ $exit_code -eq 0 ]]; then
# Check if client is still running (good sign)
if kill -0 "$client_pid" 2>/dev/null; then
connection_successful=true connection_successful=true
((SUCCESSFUL_CONNECTIONS++))
else
wait "$client_pid" 2>/dev/null || true
((FAILED_CONNECTIONS++))
fi fi
# Count messages sent # Count messages sent
@@ -131,52 +124,61 @@ run_load_test() {
TOTAL_MESSAGES_SENT=0 TOTAL_MESSAGES_SENT=0
TOTAL_MESSAGES_RECEIVED=0 TOTAL_MESSAGES_RECEIVED=0
# Start resource monitoring in background # Launch clients sequentially for now (simpler debugging)
monitor_resources 30 &
local monitor_pid=$!
# Launch clients
local client_pids=()
local client_results=() local client_results=()
echo "Launching $concurrent_clients concurrent clients..." echo "Launching $concurrent_clients clients..."
for i in $(seq 1 "$concurrent_clients"); do for i in $(seq 1 "$concurrent_clients"); do
run_client "$i" "$messages_per_client" & local result
client_pids+=($!) result=$(run_client "$i" "$messages_per_client")
client_results+=("$result")
TOTAL_CONNECTIONS=$((TOTAL_CONNECTIONS + 1))
done done
# Wait for all clients to complete echo "All clients completed. Processing results..."
echo "Waiting for clients to complete..."
for pid in "${client_pids[@]}"; do
wait "$pid" 2>/dev/null || true
done
# Stop monitoring
kill "$monitor_pid" 2>/dev/null || true
wait "$monitor_pid" 2>/dev/null || true
END_TIME=$(date +%s) END_TIME=$(date +%s)
local duration=$((END_TIME - START_TIME)) local duration=$((END_TIME - START_TIME))
# Process client results
local successful_connections=0
local failed_connections=0
local total_messages_sent=0
local total_messages_received=0
for result in "${client_results[@]}"; do
messages_sent=$(echo "$result" | cut -d: -f1)
messages_received=$(echo "$result" | cut -d: -f2)
connection_successful=$(echo "$result" | cut -d: -f3)
if [[ "$connection_successful" == "true" ]]; then
successful_connections=$((successful_connections + 1))
else
failed_connections=$((failed_connections + 1))
fi
total_messages_sent=$((total_messages_sent + messages_sent))
total_messages_received=$((total_messages_received + messages_received))
done
# Calculate metrics # Calculate metrics
local total_messages_expected=$((concurrent_clients * messages_per_client)) local total_messages_expected=$((concurrent_clients * messages_per_client))
local connection_success_rate=0 local connection_success_rate=0
local total_connections=$((SUCCESSFUL_CONNECTIONS + FAILED_CONNECTIONS))
if [[ $total_connections -gt 0 ]]; then if [[ $TOTAL_CONNECTIONS -gt 0 ]]; then
connection_success_rate=$((SUCCESSFUL_CONNECTIONS * 100 / total_connections)) connection_success_rate=$((successful_connections * 100 / TOTAL_CONNECTIONS))
fi fi
# Report results # Report results
echo "" echo ""
echo "=== Load Test Results ===" echo "=== Load Test Results ==="
echo "Test duration: ${duration}s" echo "Test duration: ${duration}s"
echo "Total connections attempted: $total_connections" echo "Total connections attempted: $TOTAL_CONNECTIONS"
echo "Successful connections: $SUCCESSFUL_CONNECTIONS" echo "Successful connections: $successful_connections"
echo "Failed connections: $FAILED_CONNECTIONS" echo "Failed connections: $failed_connections"
echo "Connection success rate: ${connection_success_rate}%" echo "Connection success rate: ${connection_success_rate}%"
echo "Messages expected: $total_messages_expected" echo "Messages expected: $total_messages_expected"
echo "Messages sent: $total_messages_sent"
echo "Messages received: $total_messages_received"
# Performance assessment # Performance assessment
if [[ $connection_success_rate -ge 95 ]]; then if [[ $connection_success_rate -ge 95 ]]; then
@@ -190,9 +192,7 @@ run_load_test() {
# Check if relay is still responsive # Check if relay is still responsive
echo "" echo ""
echo -n "Checking relay responsiveness... " echo -n "Checking relay responsiveness... "
if timeout 5 bash -c " if echo 'ping' | timeout 5 websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1; then
echo 'ping' | websocat -n1 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1
" 2>/dev/null; then
echo -e "${GREEN}✓ Relay is still responsive${NC}" echo -e "${GREEN}✓ Relay is still responsive${NC}"
else else
echo -e "${RED}✗ Relay became unresponsive after load test${NC}" echo -e "${RED}✗ Relay became unresponsive after load test${NC}"
@@ -200,6 +200,8 @@ run_load_test() {
fi fi
} }
# Only run main code if script is executed directly (not sourced)
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
echo "==========================================" echo "=========================================="
echo "C-Relay Load Testing Suite" echo "C-Relay Load Testing Suite"
echo "==========================================" echo "=========================================="
@@ -208,9 +210,7 @@ echo ""
# Test basic connectivity first # Test basic connectivity first
echo "=== Basic Connectivity Test ===" echo "=== Basic Connectivity Test ==="
if timeout 5 bash -c " if echo 'ping' | timeout 5 websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1; then
echo 'ping' | websocat -n1 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1
" 2>/dev/null; then
echo -e "${GREEN}✓ Relay is accessible${NC}" echo -e "${GREEN}✓ Relay is accessible${NC}"
else else
echo -e "${RED}✗ Cannot connect to relay. Aborting tests.${NC}" echo -e "${RED}✗ Cannot connect to relay. Aborting tests.${NC}"
@@ -236,3 +236,4 @@ echo "Load Testing Complete"
echo "==========================================" echo "=========================================="
echo "All load tests completed. Check individual test results above." echo "All load tests completed. Check individual test results above."
echo "If any tests failed, the relay may need optimization or have resource limits." echo "If any tests failed, the relay may need optimization or have resource limits."
fi

26
tests/memory_corruption_tests.sh
View File

@@ -35,16 +35,17 @@ test_memory_safety() {
# Send message and monitor for crashes or memory issues # Send message and monitor for crashes or memory issues
local start_time=$(date +%s%N) local start_time=$(date +%s%N)
local response local response
response=$(timeout $TEST_TIMEOUT bash -c " response=$(echo "$message" | timeout $TEST_TIMEOUT websocat ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1 || echo 'CONNECTION_FAILED')
echo '$message' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null
" 2>/dev/null || echo 'CONNECTION_FAILED')
local end_time=$(date +%s%N) local end_time=$(date +%s%N)
# Check if relay is still responsive after the test # Check if relay is still responsive after the test
local relay_status local relay_status
relay_status=$(timeout 2 bash -c " local ping_response=$(echo '["REQ","ping_test_'$RANDOM'",{}]' | timeout 2 websocat ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1)
echo 'ping' | websocat -n1 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1 && echo 'OK' || echo 'DOWN' if [[ -n "$ping_response" ]]; then
" 2>/dev/null || echo 'DOWN') relay_status="OK"
else
relay_status="DOWN"
fi
# Calculate response time (rough indicator of processing issues) # Calculate response time (rough indicator of processing issues)
local response_time=$(( (end_time - start_time) / 1000000 )) # Convert to milliseconds local response_time=$(( (end_time - start_time) / 1000000 )) # Convert to milliseconds
@@ -97,9 +98,7 @@ test_concurrent_access() {
for i in $(seq 1 $concurrent_count); do for i in $(seq 1 $concurrent_count); do
( (
local response local response
response=$(timeout $TEST_TIMEOUT bash -c " response=$(echo "$message" | timeout $TEST_TIMEOUT websocat ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1 || echo 'FAILED')
echo '$message' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1
" 2>/dev/null || echo 'FAILED')
echo "$response" echo "$response"
) & ) &
pids+=($!) pids+=($!)
@@ -113,9 +112,12 @@ test_concurrent_access() {
# Check if relay is still responsive # Check if relay is still responsive
local relay_status local relay_status
relay_status=$(timeout 2 bash -c " local ping_response=$(echo '["REQ","ping_test_'$RANDOM'",{}]' | timeout 2 websocat ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1)
echo 'ping' | websocat -n1 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1 && echo 'OK' || echo 'DOWN' if [[ -n "$ping_response" ]]; then
" 2>/dev/null || echo 'DOWN') relay_status="OK"
else
relay_status="DOWN"
fi
if [[ "$relay_status" != "OK" ]]; then if [[ "$relay_status" != "OK" ]]; then
echo -e "${RED}FAILED${NC} - Relay crashed during concurrent access" echo -e "${RED}FAILED${NC} - Relay crashed during concurrent access"

126
tests/performance_benchmarks.sh
View File

@@ -31,32 +31,21 @@ benchmark_request() {
local start_time local start_time
local end_time local end_time
local response_time local response_time
local success=0
start_time=$(date +%s%N) start_time=$(date +%s%N)
local response local response
response=$(timeout 5 bash -c " response=$(echo "$message" | timeout 5 websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1 || echo 'TIMEOUT')
echo '$message' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1
" 2>/dev/null || echo 'TIMEOUT')
end_time=$(date +%s%N) end_time=$(date +%s%N)
response_time=$(( (end_time - start_time) / 1000000 )) # Convert to milliseconds response_time=$(( (end_time - start_time) / 1000000 )) # Convert to milliseconds
TOTAL_REQUESTS=$((TOTAL_REQUESTS + 1))
TOTAL_RESPONSE_TIME=$((TOTAL_RESPONSE_TIME + response_time))
if [[ $response_time -lt MIN_RESPONSE_TIME ]]; then
MIN_RESPONSE_TIME=$response_time
fi
if [[ $response_time -gt MAX_RESPONSE_TIME ]]; then
MAX_RESPONSE_TIME=$response_time
fi
if [[ "$response" == *"EOSE"* ]] || [[ "$response" == *"EVENT"* ]] || [[ "$response" == *"OK"* ]]; then if [[ "$response" == *"EOSE"* ]] || [[ "$response" == *"EVENT"* ]] || [[ "$response" == *"OK"* ]]; then
SUCCESSFUL_REQUESTS=$((SUCCESSFUL_REQUESTS + 1)) success=1
else
FAILED_REQUESTS=$((FAILED_REQUESTS + 1))
fi fi
# Return: response_time:success
echo "$response_time:$success"
} }
# Function to run throughput benchmark # Function to run throughput benchmark
@@ -84,62 +73,113 @@ run_throughput_benchmark() {
local start_time local start_time
start_time=$(date +%s) start_time=$(date +%s)
# Launch concurrent clients # Launch concurrent clients and collect results
local pids=() local pids=()
local client_results=()
for i in $(seq 1 "$concurrent_clients"); do for i in $(seq 1 "$concurrent_clients"); do
( (
local client_start local client_start
client_start=$(date +%s) client_start=$(date +%s)
local client_requests=0 local client_requests=0
local client_total_response_time=0
local client_successful_requests=0
local client_min_time=999999
local client_max_time=0
while [[ $(($(date +%s) - client_start)) -lt test_duration ]]; do while [[ $(($(date +%s) - client_start)) -lt test_duration ]]; do
benchmark_request "$message" local result
((client_requests++)) result=$(benchmark_request "$message")
local response_time success
IFS=':' read -r response_time success <<< "$result"
client_total_response_time=$((client_total_response_time + response_time))
client_requests=$((client_requests + 1))
if [[ "$success" == "1" ]]; then
client_successful_requests=$((client_successful_requests + 1))
fi
if [[ $response_time -lt client_min_time ]]; then
client_min_time=$response_time
fi
if [[ $response_time -gt client_max_time ]]; then
client_max_time=$response_time
fi
# Small delay to prevent overwhelming # Small delay to prevent overwhelming
sleep 0.01 sleep 0.01
done done
echo "client_${i}_requests:$client_requests" # Return client results: requests:successful:total_response_time:min_time:max_time
echo "$client_requests:$client_successful_requests:$client_total_response_time:$client_min_time:$client_max_time"
) & ) &
pids+=($!) pids+=($!)
done done
# Wait for all clients to complete # Wait for all clients to complete and collect results
local client_results=()
for pid in "${pids[@]}"; do for pid in "${pids[@]}"; do
client_results+=("$(wait "$pid")") local result
result=$(wait "$pid")
client_results+=("$result")
done done
local end_time local end_time
end_time=$(date +%s) end_time=$(date +%s)
local actual_duration=$((end_time - start_time)) local actual_duration=$((end_time - start_time))
# Process client results
local total_requests=0
local successful_requests=0
local total_response_time=0
local min_response_time=999999
local max_response_time=0
for client_result in "${client_results[@]}"; do
IFS=':' read -r client_requests client_successful client_total_time client_min_time client_max_time <<< "$client_result"
total_requests=$((total_requests + client_requests))
successful_requests=$((successful_requests + client_successful))
total_response_time=$((total_response_time + client_total_time))
if [[ $client_min_time -lt min_response_time ]]; then
min_response_time=$client_min_time
fi
if [[ $client_max_time -gt max_response_time ]]; then
max_response_time=$client_max_time
fi
done
# Calculate metrics # Calculate metrics
local avg_response_time="N/A" local avg_response_time="N/A"
if [[ $SUCCESSFUL_REQUESTS -gt 0 ]]; then if [[ $successful_requests -gt 0 ]]; then
avg_response_time="$((TOTAL_RESPONSE_TIME / SUCCESSFUL_REQUESTS))ms" avg_response_time="$((total_response_time / successful_requests))ms"
fi fi
local requests_per_second="N/A" local requests_per_second="N/A"
if [[ $actual_duration -gt 0 ]]; then if [[ $actual_duration -gt 0 ]]; then
requests_per_second="$((TOTAL_REQUESTS / actual_duration))" requests_per_second="$((total_requests / actual_duration))"
fi fi
local success_rate="N/A" local success_rate="N/A"
if [[ $TOTAL_REQUESTS -gt 0 ]]; then if [[ $total_requests -gt 0 ]]; then
success_rate="$((SUCCESSFUL_REQUESTS * 100 / TOTAL_REQUESTS))%" success_rate="$((successful_requests * 100 / total_requests))%"
fi fi
local failed_requests=$((total_requests - successful_requests))
# Report results # Report results
echo "=== Benchmark Results ===" echo "=== Benchmark Results ==="
echo "Total requests: $TOTAL_REQUESTS" echo "Total requests: $total_requests"
echo "Successful requests: $SUCCESSFUL_REQUESTS" echo "Successful requests: $successful_requests"
echo "Failed requests: $FAILED_REQUESTS" echo "Failed requests: $failed_requests"
echo "Success rate: $success_rate" echo "Success rate: $success_rate"
echo "Requests per second: $requests_per_second" echo "Requests per second: $requests_per_second"
echo "Average response time: $avg_response_time" echo "Average response time: $avg_response_time"
echo "Min response time: ${MIN_RESPONSE_TIME}ms" echo "Min response time: ${min_response_time}ms"
echo "Max response time: ${MAX_RESPONSE_TIME}ms" echo "Max response time: ${max_response_time}ms"
echo "Actual duration: ${actual_duration}s" echo "Actual duration: ${actual_duration}s"
echo "" echo ""
@@ -172,9 +212,7 @@ benchmark_memory_usage() {
# Create subscriptions # Create subscriptions
for j in $(seq 1 "$i"); do for j in $(seq 1 "$i"); do
timeout 2 bash -c " echo "[\"REQ\",\"mem_test_${j}\",{}]" | timeout 2 websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1 &
echo '[\"REQ\",\"mem_test_'${j}'\",{}]' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1
" 2>/dev/null &
done done
sleep 2 sleep 2
@@ -187,9 +225,7 @@ benchmark_memory_usage() {
# Clean up subscriptions # Clean up subscriptions
for j in $(seq 1 "$i"); do for j in $(seq 1 "$i"); do
timeout 2 bash -c " echo "[\"CLOSE\",\"mem_test_${j}\"]" | timeout 2 websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1 &
echo '[\"CLOSE\",\"mem_test_'${j}'\"]' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1
" 2>/dev/null &
done done
sleep 1 sleep 1
@@ -200,6 +236,8 @@ benchmark_memory_usage() {
echo "Final memory usage: ${final_memory}KB" echo "Final memory usage: ${final_memory}KB"
} }
# Only run main code if script is executed directly (not sourced)
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
echo "==========================================" echo "=========================================="
echo "C-Relay Performance Benchmarking Suite" echo "C-Relay Performance Benchmarking Suite"
echo "==========================================" echo "=========================================="
@@ -208,8 +246,9 @@ echo ""
# Test basic connectivity # Test basic connectivity
echo "=== Connectivity Test ===" echo "=== Connectivity Test ==="
benchmark_request '["REQ","bench_test",{}]' connectivity_result=$(benchmark_request '["REQ","bench_test",{}]')
if [[ $SUCCESSFUL_REQUESTS -eq 0 ]]; then IFS=':' read -r response_time success <<< "$connectivity_result"
if [[ "$success" != "1" ]]; then
echo -e "${RED}Cannot connect to relay. Aborting benchmarks.${NC}" echo -e "${RED}Cannot connect to relay. Aborting benchmarks.${NC}"
exit 1 exit 1
fi fi
@@ -223,7 +262,7 @@ echo ""
run_throughput_benchmark "Complex Filter Throughput" '["REQ","complex_'$(date +%s%N)'",{"kinds":[1,2,3],"#e":["test"],"limit":10}]' 10 15 run_throughput_benchmark "Complex Filter Throughput" '["REQ","complex_'$(date +%s%N)'",{"kinds":[1,2,3],"#e":["test"],"limit":10}]' 10 15
echo "" echo ""
run_throughput_benchmark "COUNT Message Throughput" '["COUNT","count_'$(date +%s%N)'",{}]' 10 15 run_throughput_benchmark "COUNT Message Throughput" '["REQ","count_'$(date +%s%N)'",{}]' 10 15
echo "" echo ""
run_throughput_benchmark "High Load Throughput" '["REQ","high_load_'$(date +%s%N)'",{}]' 25 20 run_throughput_benchmark "High Load Throughput" '["REQ","high_load_'$(date +%s%N)'",{}]' 25 20
@@ -237,3 +276,4 @@ echo "=========================================="
echo "Benchmarking Complete" echo "Benchmarking Complete"
echo "==========================================" echo "=========================================="
echo "Performance benchmarks completed. Review results above for optimization opportunities." echo "Performance benchmarks completed. Review results above for optimization opportunities."
fi

20
tests/rate_limiting_tests.sh
View File

@@ -40,9 +40,7 @@ test_rate_limiting() {
# Send burst of messages # Send burst of messages
for i in $(seq 1 "$burst_count"); do for i in $(seq 1 "$burst_count"); do
local response local response
response=$(timeout 2 bash -c " response=$(echo "$message" | timeout 2 websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1 || echo 'TIMEOUT')
echo '$message' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1
" 2>/dev/null || echo 'TIMEOUT')
if [[ "$response" == *"rate limit"* ]] || [[ "$response" == *"too many"* ]] || [[ "$response" == *"TOO_MANY"* ]]; then if [[ "$response" == *"rate limit"* ]] || [[ "$response" == *"too many"* ]] || [[ "$response" == *"TOO_MANY"* ]]; then
rate_limited=true rate_limited=true
@@ -98,9 +96,7 @@ test_sustained_load() {
while [[ $(($(date +%s) - start_time)) -lt duration ]]; do while [[ $(($(date +%s) - start_time)) -lt duration ]]; do
((total_requests++)) ((total_requests++))
local response local response
response=$(timeout 1 bash -c " response=$(echo "$message" | timeout 1 websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1 || echo 'TIMEOUT')
echo '$message' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1
" 2>/dev/null || echo 'TIMEOUT')
if [[ "$response" == *"rate limit"* ]] || [[ "$response" == *"too many"* ]] || [[ "$response" == *"TOO_MANY"* ]]; then if [[ "$response" == *"rate limit"* ]] || [[ "$response" == *"too many"* ]] || [[ "$response" == *"TOO_MANY"* ]]; then
rate_limited=true rate_limited=true
@@ -171,22 +167,16 @@ echo -n "Testing subscription churn... "
local churn_test_passed=true local churn_test_passed=true
for i in $(seq 1 25); do for i in $(seq 1 25); do
# Create subscription # Create subscription
timeout 1 bash -c " echo "[\"REQ\",\"churn_${i}_$(date +%s%N)\",{}]" | timeout 1 websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1 || true
echo '[\"REQ\",\"churn_'${i}'_'$(date +%s%N)'\",{}]' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1
" 2>/dev/null || true
# Close subscription # Close subscription
timeout 1 bash -c " echo "[\"CLOSE\",\"churn_${i}_*\"]" | timeout 1 websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1 || true
echo '[\"CLOSE\",\"churn_'${i}'_*\"]' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1
" 2>/dev/null || true
sleep 0.05 sleep 0.05
done done
# Check if relay is still responsive # Check if relay is still responsive
if timeout 2 bash -c " if echo 'ping' | timeout 2 websocat -n1 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1; then
echo 'ping' | websocat -n1 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1
" 2>/dev/null; then
echo -e "${GREEN}PASSED${NC} - Subscription churn handled" echo -e "${GREEN}PASSED${NC} - Subscription churn handled"
TOTAL_TESTS=$((TOTAL_TESTS + 1)) TOTAL_TESTS=$((TOTAL_TESTS + 1))
PASSED_TESTS=$((PASSED_TESTS + 1)) PASSED_TESTS=$((PASSED_TESTS + 1))

8
tests/resource_monitoring.sh
View File

@@ -211,9 +211,7 @@ run_monitored_load_test() {
# Run a simple load test (create multiple subscriptions) # Run a simple load test (create multiple subscriptions)
echo "Running load test..." echo "Running load test..."
for i in {1..20}; do for i in {1..20}; do
timeout 3 bash -c " echo "[\"REQ\",\"monitor_test_${i}\",{}]" | timeout 3 websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1 &
echo '[\"REQ\",\"monitor_test_'${i}'\",{}]' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1
" 2>/dev/null &
done done
# Let the load run for a bit # Let the load run for a bit
@@ -222,9 +220,7 @@ run_monitored_load_test() {
# Clean up subscriptions # Clean up subscriptions
echo "Cleaning up test subscriptions..." echo "Cleaning up test subscriptions..."
for i in {1..20}; do for i in {1..20}; do
timeout 3 bash -c " echo "[\"CLOSE\",\"monitor_test_${i}\"]" | timeout 3 websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1 &
echo '[\"CLOSE\",\"monitor_test_'${i}'\"]' | websocat -B 1048576 ws://$RELAY_HOST:$RELAY_PORT >/dev/null 2>&1
" 2>/dev/null &
done done
# Wait for monitoring to complete # Wait for monitoring to complete

32
tests/run_all_tests.sh
View File

@@ -112,9 +112,7 @@ check_relay_status() {
fi fi
# Fallback: Try WebSocket connection # Fallback: Try WebSocket connection
if timeout 5 bash -c " if echo '["REQ","status_check",{}]' | timeout 5 websocat -B 1048576 --no-close "$RELAY_URL" >/dev/null 2>&1; then
echo '[\"REQ\",\"status_check\",{}]' | websocat -B 1048576 --no-close '$RELAY_URL' >/dev/null 2>&1
" 2>/dev/null; then
log "${GREEN}✓ Relay WebSocket endpoint is accessible${NC}" log "${GREEN}✓ Relay WebSocket endpoint is accessible${NC}"
return 0 return 0
else else
@@ -236,35 +234,35 @@ OVERALL_START_TIME=$(date +%s)
# Run Security Test Suites # Run Security Test Suites
log "${BLUE}=== SECURITY TEST SUITES ===${NC}" log "${BLUE}=== SECURITY TEST SUITES ===${NC}"
run_test_suite "SQL Injection Tests" "tests/sql_injection_tests.sh" "Comprehensive SQL injection vulnerability testing" run_test_suite "SQL Injection Tests" "sql_injection_tests.sh" "Comprehensive SQL injection vulnerability testing"
run_test_suite "Filter Validation Tests" "tests/filter_validation_test.sh" "Input validation for REQ and COUNT messages" run_test_suite "Filter Validation Tests" "filter_validation_test.sh" "Input validation for REQ and COUNT messages"
run_test_suite "Subscription Validation Tests" "tests/subscription_validation.sh" "Subscription ID and message validation" run_test_suite "Subscription Validation Tests" "subscription_validation.sh" "Subscription ID and message validation"
run_test_suite "Memory Corruption Tests" "tests/memory_corruption_tests.sh" "Buffer overflow and memory safety testing" run_test_suite "Memory Corruption Tests" "memory_corruption_tests.sh" "Buffer overflow and memory safety testing"
run_test_suite "Input Validation Tests" "tests/input_validation_tests.sh" "Comprehensive input boundary testing" run_test_suite "Input Validation Tests" "input_validation_tests.sh" "Comprehensive input boundary testing"
# Run Performance Test Suites # Run Performance Test Suites
log "" log ""
log "${BLUE}=== PERFORMANCE TEST SUITES ===${NC}" log "${BLUE}=== PERFORMANCE TEST SUITES ===${NC}"
run_test_suite "Subscription Limit Tests" "tests/subscription_limits.sh" "Subscription limit enforcement testing" run_test_suite "Subscription Limit Tests" "subscription_limits.sh" "Subscription limit enforcement testing"
run_test_suite "Load Testing" "tests/load_tests.sh" "High concurrent connection testing" run_test_suite "Load Testing" "load_tests.sh" "High concurrent connection testing"
run_test_suite "Stress Testing" "tests/stress_tests.sh" "Resource usage and stability testing" run_test_suite "Stress Testing" "stress_tests.sh" "Resource usage and stability testing"
run_test_suite "Rate Limiting Tests" "tests/rate_limiting_tests.sh" "Rate limiting and abuse prevention" run_test_suite "Rate Limiting Tests" "rate_limiting_tests.sh" "Rate limiting and abuse prevention"
# Run Integration Test Suites # Run Integration Test Suites
log "" log ""
log "${BLUE}=== INTEGRATION TEST SUITES ===${NC}" log "${BLUE}=== INTEGRATION TEST SUITES ===${NC}"
run_test_suite "NIP Protocol Tests" "tests/run_nip_tests.sh" "All NIP protocol compliance tests" run_test_suite "NIP Protocol Tests" "run_nip_tests.sh" "All NIP protocol compliance tests"
run_test_suite "Configuration Tests" "tests/config_tests.sh" "Configuration management and persistence" run_test_suite "Configuration Tests" "config_tests.sh" "Configuration management and persistence"
run_test_suite "Authentication Tests" "tests/auth_tests.sh" "NIP-42 authentication testing" run_test_suite "Authentication Tests" "auth_tests.sh" "NIP-42 authentication testing"
# Run Benchmarking Suites # Run Benchmarking Suites
log "" log ""
log "${BLUE}=== BENCHMARKING SUITES ===${NC}" log "${BLUE}=== BENCHMARKING SUITES ===${NC}"
run_test_suite "Performance Benchmarks" "tests/performance_benchmarks.sh" "Performance metrics and benchmarking" run_test_suite "Performance Benchmarks" "performance_benchmarks.sh" "Performance metrics and benchmarking"
run_test_suite "Resource Monitoring" "tests/resource_monitoring.sh" "Memory and CPU usage monitoring" run_test_suite "Resource Monitoring" "resource_monitoring.sh" "Memory and CPU usage monitoring"
# Calculate total duration # Calculate total duration
OVERALL_END_TIME=$(date +%s) OVERALL_END_TIME=$(date +%s)

48
tests/sql_injection_tests.sh
View File

@@ -32,27 +32,40 @@ test_sql_injection() {
echo -n "Testing $description... " echo -n "Testing $description... "
# Send message via websocat and capture response # Send message via websocat and capture response
# For now, we'll test without authentication since the relay may not require it for basic queries
local response local response
response=$(timeout 5 bash -c " response=$(echo "$message" | timeout 2 websocat ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1 || echo 'TIMEOUT')
echo '$message' | websocat -B 1048576 --no-close ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -3
" 2>/dev/null || echo 'TIMEOUT')
# Check if the response indicates successful query execution (which would be bad) # Check if the response indicates successful query execution (which would be bad)
# Look for signs that SQL injection worked (like database errors or unexpected results) # Look for signs that SQL injection worked (like database errors or unexpected results)
if [[ "$response" == *"SQL"* ]] || [[ "$response" == *"syntax"* ]] || [[ "$response" == *"error"* && ! "$response" == *"error: "* ]]; then if [[ "$response" == "TIMEOUT" ]]; then
echo -e "${RED}FAILED${NC} - Potential SQL injection vulnerability detected"
echo " Response: $response"
FAILED_TESTS=$((FAILED_TESTS + 1))
return 1
elif [[ "$response" == "TIMEOUT" ]]; then
echo -e "${YELLOW}UNCERTAIN${NC} - Connection timeout (may indicate crash)" echo -e "${YELLOW}UNCERTAIN${NC} - Connection timeout (may indicate crash)"
FAILED_TESTS=$((FAILED_TESTS + 1)) FAILED_TESTS=$((FAILED_TESTS + 1))
return 1 return 1
else elif [[ -z "$response" ]]; then
echo -e "${GREEN}PASSED${NC} - SQL injection blocked" # Empty response - relay silently rejected malformed input
echo -e "${GREEN}PASSED${NC} - SQL injection blocked (silently rejected)"
PASSED_TESTS=$((PASSED_TESTS + 1)) PASSED_TESTS=$((PASSED_TESTS + 1))
return 0 return 0
elif [[ "$response" == *"NOTICE"* ]] && [[ "$response" == *"error:"* ]]; then
# Relay properly rejected the input with a NOTICE error message
echo -e "${GREEN}PASSED${NC} - SQL injection blocked (rejected with error)"
PASSED_TESTS=$((PASSED_TESTS + 1))
return 0
elif [[ "$response" == *"EOSE"* ]] || [[ "$response" == *"COUNT"* ]] || [[ "$response" == *"EVENT"* ]]; then
# Query completed normally - this is expected for properly sanitized input
echo -e "${GREEN}PASSED${NC} - SQL injection blocked (query sanitized)"
PASSED_TESTS=$((PASSED_TESTS + 1))
return 0
elif [[ "$response" == *"SQL"* ]] || [[ "$response" == *"syntax"* ]]; then
# Database error leaked - potential vulnerability
echo -e "${RED}FAILED${NC} - SQL error leaked: $response"
FAILED_TESTS=$((FAILED_TESTS + 1))
return 1
else
# Unknown response
echo -e "${YELLOW}UNCERTAIN${NC} - Unexpected response: $response"
FAILED_TESTS=$((FAILED_TESTS + 1))
return 1
fi fi
} }
@@ -66,9 +79,7 @@ test_valid_query() {
echo -n "Testing $description... " echo -n "Testing $description... "
local response local response
response=$(timeout 5 bash -c " response=$(echo "$message" | timeout 2 websocat ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -1 || echo 'TIMEOUT')
echo '$message' | websocat -B 1048576 --no-close ws://$RELAY_HOST:$RELAY_PORT 2>/dev/null | head -3
" 2>/dev/null || echo 'TIMEOUT')
if [[ "$response" == *"EOSE"* ]] || [[ "$response" == *"EVENT"* ]]; then if [[ "$response" == *"EOSE"* ]] || [[ "$response" == *"EVENT"* ]]; then
echo -e "${GREEN}PASSED${NC} - Valid query works" echo -e "${GREEN}PASSED${NC} - Valid query works"
@@ -160,9 +171,10 @@ done
echo echo
echo "=== Kinds Filter SQL Injection Tests ===" echo "=== Kinds Filter SQL Injection Tests ==="
# Test numeric kinds with SQL injection # Test numeric kinds with SQL injection attempts (these will fail JSON parsing, which is expected)
test_sql_injection "Kinds filter with UNION injection" "[\"REQ\",\"sql_test_kinds_$RANDOM\",{\"kinds\":[0 UNION SELECT 1,2,3]}]" test_sql_injection "Kinds filter with string injection" "[\"REQ\",\"sql_test_kinds_$RANDOM\",{\"kinds\":[\"1' OR '1'='1\"]}]"
test_sql_injection "Kinds filter with stacked query" "[\"REQ\",\"sql_test_kinds_$RANDOM\",{\"kinds\":[0; DROP TABLE events; --]}]" test_sql_injection "Kinds filter with negative value" "[\"REQ\",\"sql_test_kinds_$RANDOM\",{\"kinds\":[-1]}]"
test_sql_injection "Kinds filter with very large value" "[\"REQ\",\"sql_test_kinds_$RANDOM\",{\"kinds\":[999999999]}]"
echo echo
echo "=== Search Filter SQL Injection Tests ===" echo "=== Search Filter SQL Injection Tests ==="

38
tests/subscription_limits.sh
View File

@@ -34,24 +34,36 @@ echo "[INFO] Testing subscription limits by creating multiple subscriptions..."
success_count=0 success_count=0
limit_hit=false limit_hit=false
# Create multiple subscriptions in sequence (each in its own connection) # Create multiple subscriptions within a single WebSocket connection
for i in {1..30}; do echo "[INFO] Creating multiple subscriptions within a single connection..."
echo "[INFO] Creating subscription $i..."
sub_id="limit_test_$i_$(date +%s%N)"
response=$(echo "[\"REQ\",\"$sub_id\",{}]" | timeout 5 websocat -n1 "$RELAY_URL" 2>/dev/null || echo "TIMEOUT")
if echo "$response" | grep -q "CLOSED.*$sub_id.*exceeded"; then # Build a sequence of REQ messages
echo "[INFO] Hit subscription limit at subscription $i" req_messages=""
for i in {1..30}; do
sub_id="limit_test_$i"
req_messages="${req_messages}[\"REQ\",\"$sub_id\",{}]\n"
done
# Send all messages through a single websocat connection and save to temp file
temp_file=$(mktemp)
echo -e "$req_messages" | timeout 10 websocat -B 1048576 "$RELAY_URL" 2>/dev/null > "$temp_file" || echo "TIMEOUT" >> "$temp_file"
# Parse the response to check for subscription limit enforcement
subscription_count=0
while read -r line; do
if [[ "$line" == *"CLOSED"* && "$line" == *"exceeded"* ]]; then
echo "[INFO] Hit subscription limit at subscription $((subscription_count + 1))"
limit_hit=true limit_hit=true
break break
elif echo "$response" | grep -q "EOSE\|EVENT"; then elif [[ "$line" == *"EOSE"* ]]; then
((success_count++)) subscription_count=$((subscription_count + 1))
else
echo "[WARN] Unexpected response for subscription $i: $response"
fi fi
done < "$temp_file"
sleep 0.1 success_count=$subscription_count
done
# Clean up temp file
rm -f "$temp_file"
if [ "$limit_hit" = true ]; then if [ "$limit_hit" = true ]; then
echo "[PASS] Subscription limit enforcement working (limit hit after $success_count subscriptions)" echo "[PASS] Subscription limit enforcement working (limit hit after $success_count subscriptions)"

18
tests/test_results_20251011_134617.log Normal file
View File

@@ -0,0 +1,18 @@
2025-10-11 13:46:17 - ==========================================
2025-10-11 13:46:17 - C-Relay Comprehensive Test Suite Runner
2025-10-11 13:46:17 - ==========================================
2025-10-11 13:46:17 - Relay URL: ws://127.0.0.1:8888
2025-10-11 13:46:17 - Log file: test_results_20251011_134617.log
2025-10-11 13:46:17 - Report file: test_report_20251011_134617.html
2025-10-11 13:46:17 -
2025-10-11 13:46:17 - Checking relay status at ws://127.0.0.1:8888...
2025-10-11 13:46:17 - \033[0;32m✓ Relay HTTP endpoint is accessible\033[0m
2025-10-11 13:46:17 -
2025-10-11 13:46:17 - Starting comprehensive test execution...
2025-10-11 13:46:17 -
2025-10-11 13:46:17 - \033[0;34m=== SECURITY TEST SUITES ===\033[0m
2025-10-11 13:46:17 - ==========================================
2025-10-11 13:46:17 - Running Test Suite: SQL Injection Tests
2025-10-11 13:46:17 - Description: Comprehensive SQL injection vulnerability testing
2025-10-11 13:46:17 - ==========================================
2025-10-11 13:46:17 - \033[0;31mERROR: Test script tests/sql_injection_tests.sh not found\033[0m

629
tests/test_results_20251011_134807.log Normal file
View File

@@ -0,0 +1,629 @@
2025-10-11 13:48:07 - ==========================================
2025-10-11 13:48:07 - C-Relay Comprehensive Test Suite Runner
2025-10-11 13:48:07 - ==========================================
2025-10-11 13:48:07 - Relay URL: ws://127.0.0.1:8888
2025-10-11 13:48:07 - Log file: test_results_20251011_134807.log
2025-10-11 13:48:07 - Report file: test_report_20251011_134807.html
2025-10-11 13:48:07 -
2025-10-11 13:48:07 - Checking relay status at ws://127.0.0.1:8888...
2025-10-11 13:48:07 - \033[0;32m✓ Relay HTTP endpoint is accessible\033[0m
2025-10-11 13:48:07 -
2025-10-11 13:48:07 - Starting comprehensive test execution...
2025-10-11 13:48:07 -
2025-10-11 13:48:07 - \033[0;34m=== SECURITY TEST SUITES ===\033[0m
2025-10-11 13:48:07 - ==========================================
2025-10-11 13:48:07 - Running Test Suite: SQL Injection Tests
2025-10-11 13:48:07 - Description: Comprehensive SQL injection vulnerability testing
2025-10-11 13:48:07 - ==========================================
==========================================
C-Relay SQL Injection Test Suite
==========================================
Testing against relay at ws://127.0.0.1:8888
=== Basic Connectivity Test ===
Testing Basic connectivity... PASSED - Valid query works
=== Authors Filter SQL Injection Tests ===
Testing Authors filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: admin'--... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: /*... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: */... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: /**/... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: #... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (rejected with error)
=== IDs Filter SQL Injection Tests ===
Testing IDs filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: admin'--... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: /*... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: */... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: /**/... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: #... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (rejected with error)
=== Kinds Filter SQL Injection Tests ===
Testing Kinds filter with string injection... PASSED - SQL injection blocked (rejected with error)
Testing Kinds filter with negative value... PASSED - SQL injection blocked (rejected with error)
Testing Kinds filter with very large value... PASSED - SQL injection blocked (rejected with error)
=== Search Filter SQL Injection Tests ===
Testing Search filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (query sanitized)
Testing Search filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: admin'--... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: /*... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: */... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: /**/... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: #... PASSED - SQL injection blocked (query sanitized)
Testing Search filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (query sanitized)
Testing Search filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (query sanitized)
Testing Search filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (rejected with error)
=== Tag Filter SQL Injection Tests ===
Testing #e tag filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: admin'--... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: /*... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: */... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: /**/... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: #... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: admin'--... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: /*... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: */... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: /**/... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: #... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: admin'--... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: /*... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: */... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: /**/... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: #... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: admin'--... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: /*... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: */... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: /**/... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: #... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: admin'--... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: /*... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: */... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: /**/... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: #... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (query sanitized)
=== Timestamp Filter SQL Injection Tests ===
Testing Since parameter injection... PASSED - SQL injection blocked (rejected with error)
Testing Until parameter injection... PASSED - SQL injection blocked (rejected with error)
=== Limit Parameter SQL Injection Tests ===
Testing Limit parameter injection... PASSED - SQL injection blocked (rejected with error)
Testing Limit with UNION... PASSED - SQL injection blocked (rejected with error)
=== Complex Multi-Filter SQL Injection Tests ===
Testing Multi-filter with authors injection... PASSED - SQL injection blocked (rejected with error)
Testing Multi-filter with search injection... PASSED - SQL injection blocked (rejected with error)
Testing Multi-filter with tag injection... PASSED - SQL injection blocked (query sanitized)
=== COUNT Message SQL Injection Tests ===
Testing COUNT with authors payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: 1' OR '1'='1... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 1' OR '1'='1... PASSED - SQL injection blocked (query sanitized)
Testing COUNT with authors payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ' OR 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ' OR 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: admin'--... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: admin'--... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: /*... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: /*... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: */... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: */... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: /**/... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: /**/... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: #... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: #... PASSED - SQL injection blocked (query sanitized)
Testing COUNT with authors payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (query sanitized)
Testing COUNT with authors payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (query sanitized)
Testing COUNT with authors payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ' AND 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ' AND 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ' AND 1=2 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ' AND 1=2 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (rejected with error)
=== Edge Case SQL Injection Tests ===
Testing Empty string injection... PASSED - SQL injection blocked (rejected with error)
Testing Null byte injection... PASSED - SQL injection blocked (silently rejected)
Testing Unicode injection... PASSED - SQL injection blocked (rejected with error)
Testing Very long injection payload... PASSED - SQL injection blocked (rejected with error)
=== Subscription ID SQL Injection Tests ===
Testing Subscription ID injection... PASSED - SQL injection blocked (rejected with error)
Testing Subscription ID with quotes... PASSED - SQL injection blocked (silently rejected)
=== CLOSE Message SQL Injection Tests ===
Testing CLOSE with injection... PASSED - SQL injection blocked (rejected with error)
=== Test Results ===
Total tests: 318
Passed: 318
Failed: 0
✓ All SQL injection tests passed!
The relay appears to be protected against SQL injection attacks.
2025-10-11 13:48:30 - \033[0;32m✓ SQL Injection Tests PASSED\033[0m (Duration: 23s)
2025-10-11 13:48:30 - ==========================================
2025-10-11 13:48:30 - Running Test Suite: Filter Validation Tests
2025-10-11 13:48:30 - Description: Input validation for REQ and COUNT messages
2025-10-11 13:48:30 - ==========================================
=== C-Relay Filter Validation Tests ===
Testing against relay at ws://127.0.0.1:8888
Testing Valid REQ message... PASSED
Testing Valid COUNT message... PASSED
=== Testing Filter Array Validation ===
Testing Non-object filter... PASSED
Testing Too many filters... PASSED
=== Testing Authors Validation ===
Testing Invalid author type... PASSED
Testing Invalid author hex... PASSED
Testing Too many authors... PASSED
=== Testing IDs Validation ===
Testing Invalid ID type... PASSED
Testing Invalid ID hex... PASSED
Testing Too many IDs... PASSED
=== Testing Kinds Validation ===
Testing Invalid kind type... PASSED
Testing Negative kind... PASSED
Testing Too large kind... PASSED
Testing Too many kinds... PASSED
=== Testing Timestamp Validation ===
Testing Invalid since type... PASSED
Testing Negative since... PASSED
Testing Invalid until type... PASSED
Testing Negative until... PASSED
=== Testing Limit Validation ===
Testing Invalid limit type... PASSED
Testing Negative limit... PASSED
Testing Too large limit... PASSED
=== Testing Search Validation ===
Testing Invalid search type... PASSED
Testing Search too long... PASSED
Testing Search SQL injection... PASSED
=== Testing Tag Filter Validation ===
Testing Invalid tag filter type... PASSED
Testing Too many tag values... PASSED
Testing Tag value too long... PASSED
=== Testing Rate Limiting ===
Testing rate limiting with malformed requests... UNCERTAIN - Rate limiting may not have triggered (this could be normal)
=== Test Results ===
Total tests: 28
Passed: 28
Failed: 0
All tests passed!
2025-10-11 13:48:35 - \033[0;32m✓ Filter Validation Tests PASSED\033[0m (Duration: 5s)
2025-10-11 13:48:35 - ==========================================
2025-10-11 13:48:35 - Running Test Suite: Subscription Validation Tests
2025-10-11 13:48:35 - Description: Subscription ID and message validation
2025-10-11 13:48:35 - ==========================================
Testing subscription ID validation fixes...
Testing malformed subscription IDs...
Valid ID test: Success
Testing CLOSE message validation...
CLOSE valid ID test: Success
Subscription validation tests completed.
2025-10-11 13:48:36 - \033[0;32m✓ Subscription Validation Tests PASSED\033[0m (Duration: 1s)
2025-10-11 13:48:36 - ==========================================
2025-10-11 13:48:36 - Running Test Suite: Memory Corruption Tests
2025-10-11 13:48:36 - Description: Buffer overflow and memory safety testing
2025-10-11 13:48:36 - ==========================================
==========================================
C-Relay Memory Corruption Test Suite
==========================================
Testing against relay at ws://127.0.0.1:8888
Note: These tests may cause the relay to crash if vulnerabilities exist
=== Basic Connectivity Test ===
Testing Basic connectivity... PASSED - No memory corruption detected
=== Subscription ID Memory Corruption Tests ===
Testing Empty subscription ID... UNCERTAIN - Expected error but got normal response
Testing Very long subscription ID (1KB)... UNCERTAIN - Expected error but got normal response
Testing Very long subscription ID (10KB)... UNCERTAIN - Expected error but got normal response
Testing Subscription ID with null bytes... UNCERTAIN - Expected error but got normal response
Testing Subscription ID with special chars... UNCERTAIN - Expected error but got normal response
Testing Unicode subscription ID... UNCERTAIN - Expected error but got normal response
Testing Subscription ID with path traversal... UNCERTAIN - Expected error but got normal response
=== Filter Array Memory Corruption Tests ===
Testing Too many filters (50)... UNCERTAIN - Expected error but got normal response
=== Concurrent Access Memory Tests ===
Testing Concurrent subscription creation... ["EVENT", "concurrent_1760204917502714788", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760204917502714788", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760204917502714788", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760204917502714788", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760204917502714788", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760204917502714788", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760204917502714788", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760204917502714788", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760204917502714788", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760204917502714788", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
PASSED - Concurrent access handled safely
Testing Concurrent CLOSE operations...
PASSED - Concurrent access handled safely
=== Malformed JSON Memory Tests ===
Testing Unclosed JSON object... UNCERTAIN - Expected error but got normal response
Testing Mismatched brackets... UNCERTAIN - Expected error but got normal response
Testing Extra closing brackets... UNCERTAIN - Expected error but got normal response
Testing Null bytes in JSON... UNCERTAIN - Expected error but got normal response
=== Large Message Memory Tests ===
Testing Very large filter array... UNCERTAIN - Expected error but got normal response
Testing Very long search term... UNCERTAIN - Expected error but got normal response
=== Test Results ===
Total tests: 17
Passed: 17
Failed: 0
✓ All memory corruption tests passed!
The relay appears to handle memory safely.
2025-10-11 13:48:38 - \033[0;32m✓ Memory Corruption Tests PASSED\033[0m (Duration: 2s)
2025-10-11 13:48:38 - ==========================================
2025-10-11 13:48:38 - Running Test Suite: Input Validation Tests
2025-10-11 13:48:38 - Description: Comprehensive input boundary testing
2025-10-11 13:48:38 - ==========================================
==========================================
C-Relay Input Validation Test Suite
==========================================
Testing against relay at ws://127.0.0.1:8888
=== Basic Connectivity Test ===
Testing Basic connectivity... PASSED - Input accepted correctly
=== Message Type Validation ===
Testing Invalid message type - string... PASSED - Invalid input properly rejected
Testing Invalid message type - number... PASSED - Invalid input properly rejected
Testing Invalid message type - null... PASSED - Invalid input properly rejected
Testing Invalid message type - object... PASSED - Invalid input properly rejected
Testing Empty message type... PASSED - Invalid input properly rejected
Testing Very long message type... PASSED - Invalid input properly rejected
=== Message Structure Validation ===
Testing Too few arguments... PASSED - Invalid input properly rejected
Testing Too many arguments... PASSED - Invalid input properly rejected
Testing Non-array message... PASSED - Invalid input properly rejected
Testing Empty array... PASSED - Invalid input properly rejected
Testing Nested arrays incorrectly... PASSED - Invalid input properly rejected
=== Subscription ID Boundary Tests ===
Testing Valid subscription ID... PASSED - Input accepted correctly
Testing Empty subscription ID... PASSED - Invalid input properly rejected
Testing Subscription ID with spaces... PASSED - Invalid input properly rejected
Testing Subscription ID with newlines... PASSED - Invalid input properly rejected
Testing Subscription ID with tabs... PASSED - Invalid input properly rejected
Testing Subscription ID with control chars... PASSED - Invalid input properly rejected
Testing Unicode subscription ID... PASSED - Invalid input properly rejected
Testing Very long subscription ID... PASSED - Invalid input properly rejected
=== Filter Object Validation ===
Testing Valid empty filter... PASSED - Input accepted correctly
Testing Non-object filter... PASSED - Invalid input properly rejected
Testing Null filter... PASSED - Invalid input properly rejected
Testing Array filter... PASSED - Invalid input properly rejected
Testing Filter with invalid keys... PASSED - Input accepted correctly
=== Authors Field Validation ===
Testing Valid authors array... PASSED - Input accepted correctly
Testing Empty authors array... PASSED - Input accepted correctly
Testing Non-array authors... PASSED - Invalid input properly rejected
Testing Invalid hex in authors... PASSED - Invalid input properly rejected
Testing Short pubkey in authors... PASSED - Invalid input properly rejected
=== IDs Field Validation ===
Testing Valid ids array... PASSED - Input accepted correctly
Testing Empty ids array... PASSED - Input accepted correctly
Testing Non-array ids... PASSED - Invalid input properly rejected
=== Kinds Field Validation ===
Testing Valid kinds array... PASSED - Input accepted correctly
Testing Empty kinds array... PASSED - Input accepted correctly
Testing Non-array kinds... PASSED - Invalid input properly rejected
Testing String in kinds... PASSED - Invalid input properly rejected
=== Timestamp Field Validation ===
Testing Valid since timestamp... PASSED - Input accepted correctly
Testing Valid until timestamp... PASSED - Input accepted correctly
Testing String since timestamp... PASSED - Invalid input properly rejected
Testing Negative timestamp... PASSED - Invalid input properly rejected
=== Limit Field Validation ===
Testing Valid limit... PASSED - Input accepted correctly
Testing Zero limit... PASSED - Input accepted correctly
Testing String limit... PASSED - Invalid input properly rejected
Testing Negative limit... PASSED - Invalid input properly rejected
=== Multiple Filters ===
Testing Two valid filters... PASSED - Input accepted correctly
Testing Many filters... PASSED - Input accepted correctly
=== Test Results ===
Total tests: 47
Passed: 47
Failed: 0
✓ All input validation tests passed!
The relay properly validates input.
2025-10-11 13:48:42 - \033[0;32m✓ Input Validation Tests PASSED\033[0m (Duration: 4s)
2025-10-11 13:48:42 -
2025-10-11 13:48:42 - \033[0;34m=== PERFORMANCE TEST SUITES ===\033[0m
2025-10-11 13:48:42 - ==========================================
2025-10-11 13:48:42 - Running Test Suite: Subscription Limit Tests
2025-10-11 13:48:42 - Description: Subscription limit enforcement testing
2025-10-11 13:48:42 - ==========================================
=== Subscription Limit Test ===
[INFO] Testing relay at: ws://127.0.0.1:8888
[INFO] Note: This test assumes default subscription limits (max 25 per client)
=== Test 1: Basic Connectivity ===
[INFO] Testing basic WebSocket connection...
[PASS] Basic connectivity works
=== Test 2: Subscription Limit Enforcement ===
[INFO] Testing subscription limits by creating multiple subscriptions...
[INFO] Creating multiple subscriptions within a single connection...
[INFO] Hit subscription limit at subscription 26
[PASS] Subscription limit enforcement working (limit hit after 25 subscriptions)
=== Test Complete ===
2025-10-11 13:48:42 - \033[0;32m✓ Subscription Limit Tests PASSED\033[0m (Duration: 0s)
2025-10-11 13:48:42 - ==========================================
2025-10-11 13:48:42 - Running Test Suite: Load Testing
2025-10-11 13:48:42 - Description: High concurrent connection testing
2025-10-11 13:48:42 - ==========================================
==========================================
C-Relay Load Testing Suite
==========================================
Testing against relay at ws://127.0.0.1:8888
=== Basic Connectivity Test ===
✗ Cannot connect to relay. Aborting tests.
2025-10-11 13:48:47 - \033[0;31m✗ Load Testing FAILED\033[0m (Duration: 5s)

728
tests/test_results_20251011_141134.log Normal file
View File

@@ -0,0 +1,728 @@
2025-10-11 14:11:34 - ==========================================
2025-10-11 14:11:34 - C-Relay Comprehensive Test Suite Runner
2025-10-11 14:11:34 - ==========================================
2025-10-11 14:11:34 - Relay URL: ws://127.0.0.1:8888
2025-10-11 14:11:34 - Log file: test_results_20251011_141134.log
2025-10-11 14:11:34 - Report file: test_report_20251011_141134.html
2025-10-11 14:11:34 -
2025-10-11 14:11:34 - Checking relay status at ws://127.0.0.1:8888...
2025-10-11 14:11:34 - \033[0;32m✓ Relay HTTP endpoint is accessible\033[0m
2025-10-11 14:11:34 -
2025-10-11 14:11:34 - Starting comprehensive test execution...
2025-10-11 14:11:34 -
2025-10-11 14:11:34 - \033[0;34m=== SECURITY TEST SUITES ===\033[0m
2025-10-11 14:11:34 - ==========================================
2025-10-11 14:11:34 - Running Test Suite: SQL Injection Tests
2025-10-11 14:11:34 - Description: Comprehensive SQL injection vulnerability testing
2025-10-11 14:11:34 - ==========================================
==========================================
C-Relay SQL Injection Test Suite
==========================================
Testing against relay at ws://127.0.0.1:8888
=== Basic Connectivity Test ===
Testing Basic connectivity... PASSED - Valid query works
=== Authors Filter SQL Injection Tests ===
Testing Authors filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: admin'--... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: /*... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: */... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: /**/... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: #... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (rejected with error)
Testing Authors filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (rejected with error)
=== IDs Filter SQL Injection Tests ===
Testing IDs filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: admin'--... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: /*... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: */... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: /**/... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: #... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (rejected with error)
Testing IDs filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (rejected with error)
=== Kinds Filter SQL Injection Tests ===
Testing Kinds filter with string injection... PASSED - SQL injection blocked (rejected with error)
Testing Kinds filter with negative value... PASSED - SQL injection blocked (rejected with error)
Testing Kinds filter with very large value... PASSED - SQL injection blocked (rejected with error)
=== Search Filter SQL Injection Tests ===
Testing Search filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (query sanitized)
Testing Search filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: admin'--... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: /*... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: */... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: /**/... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: #... PASSED - SQL injection blocked (query sanitized)
Testing Search filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (query sanitized)
Testing Search filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (query sanitized)
Testing Search filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (rejected with error)
Testing Search filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (rejected with error)
=== Tag Filter SQL Injection Tests ===
Testing #e tag filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: admin'--... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: /*... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: */... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: /**/... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: #... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (query sanitized)
Testing #e tag filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: admin'--... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: /*... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: */... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: /**/... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: #... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (query sanitized)
Testing #p tag filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: admin'--... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: /*... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: */... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: /**/... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: #... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (query sanitized)
Testing #t tag filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: admin'--... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: /*... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: */... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: /**/... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: #... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (query sanitized)
Testing #r tag filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 1' OR '1'='1... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ' OR 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: admin'--... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: /*... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: */... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: /**/... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: #... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ' AND 1=1 --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ' AND 1=2 --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (query sanitized)
Testing #d tag filter with payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (query sanitized)
=== Timestamp Filter SQL Injection Tests ===
Testing Since parameter injection... PASSED - SQL injection blocked (rejected with error)
Testing Until parameter injection... PASSED - SQL injection blocked (rejected with error)
=== Limit Parameter SQL Injection Tests ===
Testing Limit parameter injection... PASSED - SQL injection blocked (rejected with error)
Testing Limit with UNION... PASSED - SQL injection blocked (rejected with error)
=== Complex Multi-Filter SQL Injection Tests ===
Testing Multi-filter with authors injection... PASSED - SQL injection blocked (rejected with error)
Testing Multi-filter with search injection... PASSED - SQL injection blocked (rejected with error)
Testing Multi-filter with tag injection... PASSED - SQL injection blocked (query sanitized)
=== COUNT Message SQL Injection Tests ===
Testing COUNT with authors payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: '; DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: 1' OR '1'='1... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 1' OR '1'='1... PASSED - SQL injection blocked (query sanitized)
Testing COUNT with authors payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 1; SELECT * FROM sqlite_master; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ' OR 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ' OR 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: admin'--... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: admin'--... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 1' UNION SELECT password FROM users --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 1' AND SLEEP(5) --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 1' AND 1=1 WAITFOR DELAY '0:0:5' --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 1' AND 1=CAST((SELECT version()) AS INT) --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 1' AND 1=CONVERT(INT, (SELECT @@VERSION)) --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ' UNION SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ' UNION SELECT 1,2,3 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ' UNION ALL SELECT NULL,NULL,NULL --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: '; SELECT * FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: '; DELETE FROM events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: '; UPDATE events SET content='hacked' WHERE 1=1; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: /*... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: /*... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: */... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: */... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: /**/... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: /**/... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: #... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: #... PASSED - SQL injection blocked (query sanitized)
Testing COUNT with authors payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: 0x53514C5F494E4A454354494F4E... PASSED - SQL injection blocked (query sanitized)
Testing COUNT with authors payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: J1NSTCBJTkpFQ1RJT04gLS0=... PASSED - SQL injection blocked (query sanitized)
Testing COUNT with authors payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: '))); DROP TABLE events; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ')) UNION SELECT NULL; --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ' AND 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ' AND 1=1 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ' AND 1=2 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ' AND 1=2 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: ' AND (SELECT COUNT(*) FROM events) > 0 --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: '; EXEC master..xp_cmdshell 'net user' --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with authors payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (rejected with error)
Testing COUNT with search payload: '; DECLARE @host varchar(1024); SELECT @host=(SELECT TOP 1 master..sys.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='sa'); --... PASSED - SQL injection blocked (rejected with error)
=== Edge Case SQL Injection Tests ===
Testing Empty string injection... PASSED - SQL injection blocked (rejected with error)
Testing Null byte injection... PASSED - SQL injection blocked (silently rejected)
Testing Unicode injection... PASSED - SQL injection blocked (rejected with error)
Testing Very long injection payload... PASSED - SQL injection blocked (rejected with error)
=== Subscription ID SQL Injection Tests ===
Testing Subscription ID injection... PASSED - SQL injection blocked (rejected with error)
Testing Subscription ID with quotes... PASSED - SQL injection blocked (silently rejected)
=== CLOSE Message SQL Injection Tests ===
Testing CLOSE with injection... PASSED - SQL injection blocked (rejected with error)
=== Test Results ===
Total tests: 318
Passed: 318
Failed: 0
✓ All SQL injection tests passed!
The relay appears to be protected against SQL injection attacks.
2025-10-11 14:11:56 - \033[0;32m✓ SQL Injection Tests PASSED\033[0m (Duration: 22s)
2025-10-11 14:11:56 - ==========================================
2025-10-11 14:11:56 - Running Test Suite: Filter Validation Tests
2025-10-11 14:11:56 - Description: Input validation for REQ and COUNT messages
2025-10-11 14:11:56 - ==========================================
=== C-Relay Filter Validation Tests ===
Testing against relay at ws://127.0.0.1:8888
Testing Valid REQ message... PASSED
Testing Valid COUNT message... PASSED
=== Testing Filter Array Validation ===
Testing Non-object filter... PASSED
Testing Too many filters... PASSED
=== Testing Authors Validation ===
Testing Invalid author type... PASSED
Testing Invalid author hex... PASSED
Testing Too many authors... PASSED
=== Testing IDs Validation ===
Testing Invalid ID type... PASSED
Testing Invalid ID hex... PASSED
Testing Too many IDs... PASSED
=== Testing Kinds Validation ===
Testing Invalid kind type... PASSED
Testing Negative kind... PASSED
Testing Too large kind... PASSED
Testing Too many kinds... PASSED
=== Testing Timestamp Validation ===
Testing Invalid since type... PASSED
Testing Negative since... PASSED
Testing Invalid until type... PASSED
Testing Negative until... PASSED
=== Testing Limit Validation ===
Testing Invalid limit type... PASSED
Testing Negative limit... PASSED
Testing Too large limit... PASSED
=== Testing Search Validation ===
Testing Invalid search type... PASSED
Testing Search too long... PASSED
Testing Search SQL injection... PASSED
=== Testing Tag Filter Validation ===
Testing Invalid tag filter type... PASSED
Testing Too many tag values... PASSED
Testing Tag value too long... PASSED
=== Testing Rate Limiting ===
Testing rate limiting with malformed requests... UNCERTAIN - Rate limiting may not have triggered (this could be normal)
=== Test Results ===
Total tests: 28
Passed: 28
Failed: 0
All tests passed!
2025-10-11 14:12:02 - \033[0;32m✓ Filter Validation Tests PASSED\033[0m (Duration: 6s)
2025-10-11 14:12:02 - ==========================================
2025-10-11 14:12:02 - Running Test Suite: Subscription Validation Tests
2025-10-11 14:12:02 - Description: Subscription ID and message validation
2025-10-11 14:12:02 - ==========================================
Testing subscription ID validation fixes...
Testing malformed subscription IDs...
Valid ID test: Success
Testing CLOSE message validation...
CLOSE valid ID test: Success
Subscription validation tests completed.
2025-10-11 14:12:02 - \033[0;32m✓ Subscription Validation Tests PASSED\033[0m (Duration: 0s)
2025-10-11 14:12:02 - ==========================================
2025-10-11 14:12:02 - Running Test Suite: Memory Corruption Tests
2025-10-11 14:12:02 - Description: Buffer overflow and memory safety testing
2025-10-11 14:12:02 - ==========================================
==========================================
C-Relay Memory Corruption Test Suite
==========================================
Testing against relay at ws://127.0.0.1:8888
Note: These tests may cause the relay to crash if vulnerabilities exist
=== Basic Connectivity Test ===
Testing Basic connectivity... PASSED - No memory corruption detected
=== Subscription ID Memory Corruption Tests ===
Testing Empty subscription ID... UNCERTAIN - Expected error but got normal response
Testing Very long subscription ID (1KB)... UNCERTAIN - Expected error but got normal response
Testing Very long subscription ID (10KB)... UNCERTAIN - Expected error but got normal response
Testing Subscription ID with null bytes... UNCERTAIN - Expected error but got normal response
Testing Subscription ID with special chars... UNCERTAIN - Expected error but got normal response
Testing Unicode subscription ID... UNCERTAIN - Expected error but got normal response
Testing Subscription ID with path traversal... UNCERTAIN - Expected error but got normal response
=== Filter Array Memory Corruption Tests ===
Testing Too many filters (50)... UNCERTAIN - Expected error but got normal response
=== Concurrent Access Memory Tests ===
Testing Concurrent subscription creation... ["EVENT", "concurrent_1760206323991056473", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760206323991056473", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760206323991056473", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760206323991056473", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760206323991056473", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760206323991056473", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760206323991056473", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760206323991056473", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760206323991056473", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
["EVENT", "concurrent_1760206323991056473", { "id": "b3a2a79b768c304a8ad315a97319e3c6fd9d521844fc9f1e4228c75c453dd882", "pubkey": "aa4fc8665f5696e33db7e1a572e3b0f5b3d615837b0f362dcb1c8068b098c7b4", "created_at": 1760196143, "kind": 30001, "content": "Updated addressable event", "sig": "795671a831de31fbbdd6282585529f274f61bb6e8c974e597560d70989355f24c8ecfe70caf043e8fbc24ce65d9b0d562297c682af958cfcdd2ee137dd9bccb4", "tags": [["d", "test-article"], ["type", "addressable"], ["updated", "true"]] }]
PASSED - Concurrent access handled safely
Testing Concurrent CLOSE operations...
PASSED - Concurrent access handled safely
=== Malformed JSON Memory Tests ===
Testing Unclosed JSON object... UNCERTAIN - Expected error but got normal response
Testing Mismatched brackets... UNCERTAIN - Expected error but got normal response
Testing Extra closing brackets... UNCERTAIN - Expected error but got normal response
Testing Null bytes in JSON... UNCERTAIN - Expected error but got normal response
=== Large Message Memory Tests ===
Testing Very large filter array... UNCERTAIN - Expected error but got normal response
Testing Very long search term... UNCERTAIN - Expected error but got normal response
=== Test Results ===
Total tests: 17
Passed: 17
Failed: 0
✓ All memory corruption tests passed!
The relay appears to handle memory safely.
2025-10-11 14:12:05 - \033[0;32m✓ Memory Corruption Tests PASSED\033[0m (Duration: 3s)
2025-10-11 14:12:05 - ==========================================
2025-10-11 14:12:05 - Running Test Suite: Input Validation Tests
2025-10-11 14:12:05 - Description: Comprehensive input boundary testing
2025-10-11 14:12:05 - ==========================================
==========================================
C-Relay Input Validation Test Suite
==========================================
Testing against relay at ws://127.0.0.1:8888
=== Basic Connectivity Test ===
Testing Basic connectivity... PASSED - Input accepted correctly
=== Message Type Validation ===
Testing Invalid message type - string... PASSED - Invalid input properly rejected
Testing Invalid message type - number... PASSED - Invalid input properly rejected
Testing Invalid message type - null... PASSED - Invalid input properly rejected
Testing Invalid message type - object... PASSED - Invalid input properly rejected
Testing Empty message type... PASSED - Invalid input properly rejected
Testing Very long message type... PASSED - Invalid input properly rejected
=== Message Structure Validation ===
Testing Too few arguments... PASSED - Invalid input properly rejected
Testing Too many arguments... PASSED - Invalid input properly rejected
Testing Non-array message... PASSED - Invalid input properly rejected
Testing Empty array... PASSED - Invalid input properly rejected
Testing Nested arrays incorrectly... PASSED - Invalid input properly rejected
=== Subscription ID Boundary Tests ===
Testing Valid subscription ID... PASSED - Input accepted correctly
Testing Empty subscription ID... PASSED - Invalid input properly rejected
Testing Subscription ID with spaces... PASSED - Invalid input properly rejected
Testing Subscription ID with newlines... PASSED - Invalid input properly rejected
Testing Subscription ID with tabs... PASSED - Invalid input properly rejected
Testing Subscription ID with control chars... PASSED - Invalid input properly rejected
Testing Unicode subscription ID... PASSED - Invalid input properly rejected
Testing Very long subscription ID... PASSED - Invalid input properly rejected
=== Filter Object Validation ===
Testing Valid empty filter... PASSED - Input accepted correctly
Testing Non-object filter... PASSED - Invalid input properly rejected
Testing Null filter... PASSED - Invalid input properly rejected
Testing Array filter... PASSED - Invalid input properly rejected
Testing Filter with invalid keys... PASSED - Input accepted correctly
=== Authors Field Validation ===
Testing Valid authors array... PASSED - Input accepted correctly
Testing Empty authors array... PASSED - Input accepted correctly
Testing Non-array authors... PASSED - Invalid input properly rejected
Testing Invalid hex in authors... PASSED - Invalid input properly rejected
Testing Short pubkey in authors... PASSED - Invalid input properly rejected
=== IDs Field Validation ===
Testing Valid ids array... PASSED - Input accepted correctly
Testing Empty ids array... PASSED - Input accepted correctly
Testing Non-array ids... PASSED - Invalid input properly rejected
=== Kinds Field Validation ===
Testing Valid kinds array... PASSED - Input accepted correctly
Testing Empty kinds array... PASSED - Input accepted correctly
Testing Non-array kinds... PASSED - Invalid input properly rejected
Testing String in kinds... PASSED - Invalid input properly rejected
=== Timestamp Field Validation ===
Testing Valid since timestamp... PASSED - Input accepted correctly
Testing Valid until timestamp... PASSED - Input accepted correctly
Testing String since timestamp... PASSED - Invalid input properly rejected
Testing Negative timestamp... PASSED - Invalid input properly rejected
=== Limit Field Validation ===
Testing Valid limit... PASSED - Input accepted correctly
Testing Zero limit... PASSED - Input accepted correctly
Testing String limit... PASSED - Invalid input properly rejected
Testing Negative limit... PASSED - Invalid input properly rejected
=== Multiple Filters ===
Testing Two valid filters... PASSED - Input accepted correctly
Testing Many filters... PASSED - Input accepted correctly
=== Test Results ===
Total tests: 47
Passed: 47
Failed: 0
✓ All input validation tests passed!
The relay properly validates input.
2025-10-11 14:12:08 - \033[0;32m✓ Input Validation Tests PASSED\033[0m (Duration: 3s)
2025-10-11 14:12:08 -
2025-10-11 14:12:08 - \033[0;34m=== PERFORMANCE TEST SUITES ===\033[0m
2025-10-11 14:12:08 - ==========================================
2025-10-11 14:12:08 - Running Test Suite: Subscription Limit Tests
2025-10-11 14:12:08 - Description: Subscription limit enforcement testing
2025-10-11 14:12:08 - ==========================================
=== Subscription Limit Test ===
[INFO] Testing relay at: ws://127.0.0.1:8888
[INFO] Note: This test assumes default subscription limits (max 25 per client)
=== Test 1: Basic Connectivity ===
[INFO] Testing basic WebSocket connection...
[PASS] Basic connectivity works
=== Test 2: Subscription Limit Enforcement ===
[INFO] Testing subscription limits by creating multiple subscriptions...
[INFO] Creating multiple subscriptions within a single connection...
[INFO] Hit subscription limit at subscription 26
[PASS] Subscription limit enforcement working (limit hit after 25 subscriptions)
=== Test Complete ===
2025-10-11 14:12:09 - \033[0;32m✓ Subscription Limit Tests PASSED\033[0m (Duration: 1s)
2025-10-11 14:12:09 - ==========================================
2025-10-11 14:12:09 - Running Test Suite: Load Testing
2025-10-11 14:12:09 - Description: High concurrent connection testing
2025-10-11 14:12:09 - ==========================================
==========================================
C-Relay Load Testing Suite
==========================================
Testing against relay at ws://127.0.0.1:8888
=== Basic Connectivity Test ===
✓ Relay is accessible
==========================================
Load Test: Light Load Test
Description: Basic load test with moderate concurrent connections
Concurrent clients: 10
Messages per client: 5
==========================================
Launching 10 clients...
All clients completed. Processing results...
=== Load Test Results ===
Test duration: 1s
Total connections attempted: 10
Successful connections: 10
Failed connections: 0
Connection success rate: 100%
Messages expected: 50
Messages sent: 50
Messages received: 260
✓ EXCELLENT: High connection success rate
Checking relay responsiveness... ✓ Relay is still responsive
==========================================
Load Test: Medium Load Test
Description: Moderate load test with higher concurrency
Concurrent clients: 25
Messages per client: 10
==========================================
Launching 25 clients...
All clients completed. Processing results...
=== Load Test Results ===
Test duration: 3s
Total connections attempted: 35
Successful connections: 25
Failed connections: 0
Connection success rate: 71%
Messages expected: 250
Messages sent: 250
Messages received: 1275
✗ POOR: Low connection success rate
Checking relay responsiveness... ✓ Relay is still responsive
==========================================
Load Test: Heavy Load Test
Description: Heavy load test with high concurrency
Concurrent clients: 50
Messages per client: 20
==========================================
Launching 50 clients...
All clients completed. Processing results...
=== Load Test Results ===
Test duration: 13s
Total connections attempted: 85
Successful connections: 50
Failed connections: 0
Connection success rate: 58%
Messages expected: 1000
Messages sent: 1000
Messages received: 5050
✗ POOR: Low connection success rate
Checking relay responsiveness... ✓ Relay is still responsive
==========================================
Load Test: Stress Test
Description: Maximum load test to find breaking point
Concurrent clients: 100
Messages per client: 50
==========================================
Launching 100 clients...
All clients completed. Processing results...
=== Load Test Results ===
Test duration: 63s
Total connections attempted: 185
Successful connections: 100
Failed connections: 0
Connection success rate: 54%
Messages expected: 5000
Messages sent: 5000
Messages received: 15100
✗ POOR: Low connection success rate
Checking relay responsiveness... ✓ Relay is still responsive
==========================================
Load Testing Complete
==========================================
All load tests completed. Check individual test results above.
If any tests failed, the relay may need optimization or have resource limits.
2025-10-11 14:13:31 - \033[0;32m✓ Load Testing PASSED\033[0m (Duration: 82s)
2025-10-11 14:13:31 - ==========================================
2025-10-11 14:13:31 - Running Test Suite: Stress Testing
2025-10-11 14:13:31 - Description: Resource usage and stability testing
2025-10-11 14:13:31 - ==========================================
2025-10-11 14:13:31 - \033[0;31mERROR: Test script stress_tests.sh not found\033[0m