feat(net): add unit test for url checking

xxo1shine · xxo1shine · commit bfa2ffef5e74 · 2023-03-23T12:27:18.000+08:00
diff --git a/framework/src/test/java/org/tron/core/services/filter/HttpApiAccessFilterTest.java b/framework/src/test/java/org/tron/core/services/filter/HttpApiAccessFilterTest.java
@@ -4,7 +4,9 @@
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.lang.reflect.Method;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import org.apache.http.HttpResponse;
@@ -21,10 +23,13 @@
 import org.tron.common.application.Application;
 import org.tron.common.application.ApplicationFactory;
 import org.tron.common.application.TronApplicationContext;
+import org.tron.common.parameter.CommonParameter;
 import org.tron.common.utils.FileUtil;
+import org.tron.common.utils.ReflectUtils;
 import org.tron.core.Constant;
 import org.tron.core.config.DefaultConfig;
 import org.tron.core.config.args.Args;
+import org.tron.core.net.peer.PeerConnection;
 import org.tron.core.services.http.FullNodeHttpApiService;
 import org.tron.core.services.interfaceOnPBFT.http.PBFT.HttpApiOnPBFTService;
 import org.tron.core.services.interfaceOnSolidity.http.solidity.HttpApiOnSolidityService;
@@ -37,6 +42,7 @@ public class HttpApiAccessFilterTest {
   private static Application appTest;
   private static CloseableHttpClient httpClient = HttpClients.createDefault();
   private static String dbPath = "output_http_api_access_filter_test";
+  private static HttpApiAccessFilter httpApiAccessFilter;
 
   /**
    * init dependencies.
@@ -47,7 +53,7 @@ public static void init() {
     Args.getInstance().setFullNodeAllowShieldedTransactionArgs(false);
     context = new TronApplicationContext(DefaultConfig.class);
     appTest = ApplicationFactory.create(context);
-
+    httpApiAccessFilter = context.getBean(HttpApiAccessFilter.class);
     FullNodeHttpApiService httpApiService = context
             .getBean(FullNodeHttpApiService.class);
     HttpApiOnSolidityService httpApiOnSolidityService = context
@@ -153,4 +159,31 @@ private int getReuqestCode(String url) {
 
     return 0;
   }
+
+  @Test
+  public void testIsDisabled() throws Exception {
+    List<String> list = new ArrayList<>();
+    list.add("getnowblock");
+    CommonParameter.getInstance().setDisabledApiList(list);
+    Method privateMethod = httpApiAccessFilter.getClass()
+            .getDeclaredMethod("isDisabled", String.class);
+    privateMethod.setAccessible(true);
+
+    String url = "/wallet/getnowblock";
+    boolean f = (boolean) privateMethod.invoke(httpApiAccessFilter,url);
+    Assert.assertTrue(f);
+
+    url = "/wallet/a/../b/../getnowblock";
+    f = (boolean) privateMethod.invoke(httpApiAccessFilter,url);
+    Assert.assertTrue(f);
+
+    url = "/wallet/a/b/../getnowblock";
+    f = (boolean) privateMethod.invoke(httpApiAccessFilter,url);
+    Assert.assertTrue(!f);
+
+    url = "/wallet/getblock";
+    f = (boolean) privateMethod.invoke(httpApiAccessFilter,url);
+    Assert.assertTrue(!f);
+  }
+
 }
