Enable Discovery debug logging for production troubleshooting

- Add DISCOVERY_LOG_LEVEL=debug - Add DISCOVERY_SHOW_PROGRESS=true - Temporary changes for debugging InitializerProcessor fixes on production
2025-08-11 20:13:26 +02:00
parent 59fd3dd3b1
commit 55a330b223
3683 changed files with 2956207 additions and 16948 deletions
--- a/tests/Framework/DDoS/Components/RequestAnalyzerTest.php
+++ b/tests/Framework/DDoS/Components/RequestAnalyzerTest.php
@@ -0,0 +1,314 @@
+<?php
+
+declare(strict_types=1);
+
+use App\Framework\Cache\Compression\NullCompression;
+use App\Framework\Cache\Driver\InMemoryCache;
+use App\Framework\Cache\GeneralCache;
+use App\Framework\DateTime\SystemClock;
+use App\Framework\DDoS\Components\RequestAnalyzer;
+use App\Framework\Logging\DefaultLogger;
+use App\Framework\Logging\LogLevel;
+use App\Framework\Serializer\Json\JsonSerializer;
+
+require_once __DIR__ . '/../Helpers/TestHelpers.php';
+
+beforeEach(function () {
+    // Create cache
+    $cache = new GeneralCache(
+        adapter: new InMemoryCache(),
+        serializer: new JsonSerializer(),
+        compressionAlgorithm: new NullCompression()
+    );
+
+    // Create clock
+    $clock = new SystemClock();
+
+    // Create logger
+    $logger = new DefaultLogger(LogLevel::DEBUG);
+
+    $this->analyzer = new RequestAnalyzer($cache, $clock, $logger);
+});
+
+describe('RequestAnalyzer', function () {
+
+    it('extracts client IP correctly', function () {
+        $request = createTestRequest('192.168.1.100', 'GET', '/api/test');
+
+        $clientIp = $this->analyzer->getClientIp($request);
+
+        expect($clientIp)->toBe('192.168.1.100');
+    });
+
+    it('handles X-Forwarded-For header', function () {
+        $request = createTestRequest('10.0.0.1', 'GET', '/api/test', [
+            'X-Forwarded-For' => '203.0.113.195, 198.51.100.178, 192.168.1.100',
+        ]);
+
+        $clientIp = $this->analyzer->getClientIp($request);
+
+        expect($clientIp)->toBe('203.0.113.195'); // First IP in chain
+    });
+
+    it('handles X-Real-IP header', function () {
+        $request = createTestRequest('10.0.0.1', 'GET', '/api/test', [
+            'X-Real-IP' => '203.0.113.200',
+        ]);
+
+        $clientIp = $this->analyzer->getClientIp($request);
+
+        expect($clientIp)->toBe('203.0.113.200');
+    });
+
+    it('analyzes request signature for normal requests', function () {
+        $request = createTestRequest('192.168.1.100', 'GET', '/api/users', [
+            'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
+            'Accept' => 'application/json,text/html',
+            'Accept-Language' => 'en-US,en;q=0.9',
+        ]);
+
+        $signature = $this->analyzer->analyzeRequestSignature($request);
+
+        expect($signature)->toHaveKeys(['signature', 'bot_score', 'is_suspicious', 'confidence', 'threat_score']);
+        expect($signature['threat_score'])->toBeLessThan(0.5); // Adjusted for more aggressive detection
+        expect($signature['confidence'])->toBeGreaterThan(0.7);
+    });
+
+    it('detects suspicious user agents', function () {
+        $request = createTestRequest('192.168.1.200', 'GET', '/api/data', [
+            'User-Agent' => 'BadBot/1.0 (automated scraper; +http://badbot.com/bot.html)',
+        ]);
+
+        $signature = $this->analyzer->analyzeRequestSignature($request);
+
+        expect($signature['threat_score'])->toBeGreaterThan(0.5);
+        expect($signature['is_suspicious'])->toBeTrue();
+    });
+
+    it('detects missing common headers', function () {
+        $request = createTestRequest('192.168.1.50', 'GET', '/api/test', [
+            'User-Agent' => 'CustomBot/1.0',
+            // Missing Accept, Accept-Language, etc.
+        ]);
+
+        $signature = $this->analyzer->analyzeRequestSignature($request);
+
+        expect($signature['is_suspicious'])->toBeTrue();
+        expect($signature['threat_score'])->toBeGreaterThan(0.3);
+    });
+
+    it('detects unusual request patterns', function () {
+        $request = createTestRequest('192.168.1.51', 'POST', '/api/upload', [
+            'Content-Type' => 'application/octet-stream',
+            'Content-Length' => '50000000', // 50MB
+            'User-Agent' => 'curl/7.68.0',
+        ]);
+
+        $signature = $this->analyzer->analyzeRequestSignature($request);
+
+        expect($signature['is_suspicious'])->toBeTrue();
+        expect($signature['threat_score'])->toBeGreaterThan(0.4);
+    });
+
+    it('analyzes request frequency patterns', function () {
+        $requests = [];
+        $clientIp = '192.168.1.52';
+
+        // Simulate rapid requests
+        for ($i = 0; $i < 10; $i++) {
+            $requests[] = [
+                'timestamp' => time() - (10 - $i),
+                'ip' => $clientIp,
+                'path' => "/api/data/{$i}",
+            ];
+        }
+
+        $pattern = $this->analyzer->analyzeRequestFrequency($requests, $clientIp);
+
+        expect($pattern)->toHaveKeys(['requests_per_minute', 'pattern_regularity', 'burst_detected']);
+        expect($pattern['requests_per_minute'])->toBeGreaterThan(50);
+        expect($pattern['burst_detected'])->toBeTrue();
+    });
+
+    it('detects automated request patterns', function () {
+        $requests = [];
+        $clientIp = '192.168.1.53';
+
+        // Simulate perfectly timed requests (automation indicator)
+        for ($i = 0; $i < 5; $i++) {
+            $requests[] = [
+                'timestamp' => time() - (50 - $i * 10), // Exactly 10 seconds apart
+                'ip' => $clientIp,
+                'path' => "/api/data/{$i}",
+            ];
+        }
+
+        $analysis = $this->analyzer->detectAutomationIndicators($requests, $clientIp);
+
+        expect($analysis['automation_probability'])->toBeGreaterThan(0.7);
+        expect($analysis['indicators'])->toContain('fixed_timing_intervals');
+    });
+
+    it('analyzes payload characteristics', function () {
+        $request = createTestRequest('192.168.1.54', 'POST', '/api/search', [], [
+            'query' => "'; DROP TABLE users; SELECT * FROM sensitive_data; --",
+            'filters' => json_encode(['category' => '<script>alert("xss")</script>']),
+        ]);
+
+        $analysis = $this->analyzer->analyzePayloadCharacteristics($request);
+
+        expect($analysis)->toHaveKeys(['threat_score', 'malicious_patterns', 'payload_size']);
+        expect($analysis['threat_score'])->toBeGreaterThan(0.8);
+        expect($analysis['malicious_patterns'])->toContain('sql_injection');
+        expect($analysis['malicious_patterns'])->toContain('xss_attempt');
+    });
+
+    it('calculates request entropy', function () {
+        $normalRequest = createTestRequest('192.168.1.55', 'GET', '/api/users/123');
+        $randomRequest = createTestRequest('192.168.1.56', 'GET', '/api/x9f2k8l3m5n7q1w4e6r8t0y2u5i9o0p3');
+
+        $normalEntropy = $this->analyzer->calculateRequestEntropy($normalRequest);
+        $randomEntropy = $this->analyzer->calculateRequestEntropy($randomRequest);
+
+        expect($randomEntropy)->toBeGreaterThan($normalEntropy);
+        expect($normalEntropy)->toBeLessThan(4.0); // Typical for structured URLs - adjusted
+        expect($randomEntropy)->toBeGreaterThan(4.0); // High entropy for random data
+    });
+
+    it('detects session hijacking indicators', function () {
+        $request = createTestRequest('192.168.1.57', 'GET', '/api/profile', [
+            'User-Agent' => 'Mozilla/5.0 (Linux; Android 10)',
+            'Accept-Language' => 'zh-CN,zh;q=0.9', // Different from session creation
+        ], [], [
+            'sessionId' => 'valid_session_123',
+        ]);
+
+        // Mock session data showing different characteristics
+        $sessionData = [
+            'created_user_agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)',
+            'created_accept_language' => 'en-US,en;q=0.9',
+            'created_ip' => '192.168.1.50',
+        ];
+
+        $analysis = $this->analyzer->detectSessionHijackingIndicators($request, $sessionData);
+
+        expect($analysis['hijacking_probability'])->toBeGreaterThan(0.6);
+        expect($analysis['indicators'])->toContain('user_agent_mismatch');
+        expect($analysis['indicators'])->toContain('language_mismatch');
+        expect($analysis['indicators'])->toContain('ip_change');
+    });
+
+    it('analyzes HTTP method appropriateness', function () {
+        $getRequest = createTestRequest('192.168.1.100', 'GET', '/api/users/delete/123');
+        $postRequest = createTestRequest('192.168.1.101', 'POST', '/api/users', [], ['name' => 'John']);
+
+        $getAnalysis = $this->analyzer->analyzeHttpMethodAppropriateness($getRequest);
+        $postAnalysis = $this->analyzer->analyzeHttpMethodAppropriateness($postRequest);
+
+        expect($getAnalysis['appropriateness_score'])->toBeLessThan(0.5); // DELETE action via GET
+        expect($postAnalysis['appropriateness_score'])->toBeGreaterThanOrEqual(0.8); // Proper POST usage
+    });
+
+    it('handles malformed requests gracefully', function () {
+        // Use valid HTTP method but malformed headers and IP
+        $malformedRequest = createTestRequest('192.168.1.58', 'GET', '', [
+            'Malformed-Header' => "\x00\x01\x02 binary data",
+        ]);
+
+        $signature = $this->analyzer->analyzeRequestSignature($malformedRequest);
+
+        expect($signature)->toHaveKeys(['signature', 'bot_score', 'is_suspicious', 'confidence', 'threat_score']);
+        expect($signature['threat_score'])->toBeGreaterThan(0.3); // Adjusted for actual scoring
+        expect($signature['threat_score'])->toBeGreaterThan(0.0); // Malformed requests have some threat
+    });
+
+});
+
+describe('Request Fingerprinting', function () {
+
+    it('generates consistent fingerprints for similar requests', function () {
+        $request1 = createTestRequest('192.168.1.100', 'GET', '/api/users', [
+            'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0)',
+            'Accept' => 'application/json',
+        ]);
+
+        $request2 = createTestRequest('192.168.1.101', 'GET', '/api/users', [
+            'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0)',
+            'Accept' => 'application/json',
+        ]);
+
+        $fingerprint1 = $this->analyzer->generateRequestFingerprint($request1);
+        $fingerprint2 = $this->analyzer->generateRequestFingerprint($request2);
+
+        expect($fingerprint1)->toBe($fingerprint2);
+    });
+
+    it('generates different fingerprints for different requests', function () {
+        $request1 = createTestRequest('192.168.1.100', 'GET', '/api/users', [
+            'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0)',
+        ]);
+
+        $request2 = createTestRequest('192.168.1.100', 'GET', '/api/users', [
+            'User-Agent' => 'curl/7.68.0',
+        ]);
+
+        $fingerprint1 = $this->analyzer->generateRequestFingerprint($request1);
+        $fingerprint2 = $this->analyzer->generateRequestFingerprint($request2);
+
+        expect($fingerprint1)->not()->toBe($fingerprint2);
+    });
+
+    it('creates behavioral profiles', function () {
+        $clientIp = '192.168.1.100';
+        $requests = [
+            ['timestamp' => time() - 300, 'path' => '/api/login', 'method' => 'POST', 'ip' => $clientIp],
+            ['timestamp' => time() - 250, 'path' => '/api/dashboard', 'method' => 'GET', 'ip' => $clientIp],
+            ['timestamp' => time() - 200, 'path' => '/api/users', 'method' => 'GET', 'ip' => $clientIp],
+            ['timestamp' => time() - 150, 'path' => '/api/logout', 'method' => 'POST', 'ip' => $clientIp],
+        ];
+
+        $profile = $this->analyzer->createBehavioralProfile($requests, $clientIp);
+
+        expect($profile)->toHaveKeys([
+            'common_paths',
+            'method_distribution',
+            'access_patterns',
+            'session_duration',
+            'behavior_score',
+        ]);
+
+        expect($profile['behavior_score'])->toBeBetween(0.0, 1.0);
+    });
+
+});
+
+describe('Performance', function () {
+
+    it('completes request analysis within time limit', function () {
+        $request = createTestRequest('192.168.1.100', 'GET', '/api/test');
+
+        $start = microtime(true);
+        $signature = $this->analyzer->analyzeRequestSignature($request);
+        $duration = microtime(true) - $start;
+
+        expect($duration)->toBeLessThan(0.05); // Should complete within 50ms
+        expect($signature)->not()->toBeNull();
+    });
+
+    it('handles high request volume efficiently', function () {
+        $start = microtime(true);
+
+        // Analyze 50 requests
+        for ($i = 1; $i <= 50; $i++) {
+            $ip = '192.168.1.' . ($i % 254 + 1);
+            $request = createTestRequest($ip, 'GET', "/api/test{$i}");
+            $this->analyzer->analyzeRequestSignature($request);
+        }
+
+        $duration = microtime(true) - $start;
+        $avgPerRequest = $duration / 50;
+
+        expect($avgPerRequest)->toBeLessThan(0.01); // Average <10ms per request
+    });
+
+});