Alan-Jowett / sonde / 23461945560
82%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 74
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 85.741% (+0.02%) from 85.723%
23461945560

push

github

web-flow 
test(node): close 6 security and pairing validation gaps (T-N925, T-N927, T-N929, T-N934, T-N940, T-N941) (#418)

* test(node): close 6 security and pairing validation gaps (T-N925, T-N927, T-N929, T-N934, T-N940, T-N941)

Add 7 tests covering the 6 validation gaps identified in issue #350:

Security-critical (HIGH):
- T-N941: PEER_ACK with corrupted HMAC silently discarded (ND-0912)
- T-N940: NODE_PROVISION with invalid \payload_len\ rejected (ND-0905),
  with a variant for max u16 \payload_len\
- T-N927: RNG health-check failure aborts wake cycle (ND-0304 AC3).
  Adds \Rng::check_health()\ trait method with default \	rue\, health
  check at \un_wake_cycle\ entry, and \WakeCycleOutcome::RngHealthCheckFailed\
- T-N925: APP_DATA_REPLY with mismatched nonce discarded (ND-0302)

Pairing flow:
- T-N929: Write to read-only \sonde_context\ rejected (ND-0505 AC5/AC6).
  Uses the real \SondeBpfInterpreter\ to verify writes are rejected and
  the original context is unchanged (defence-in-depth via local copy).
- T-N934: Stack overflow beyond total stack boundary terminates BPF
  program (ND-0605 AC4)

Closes #350

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: handle RngHealthCheckFailed in ESP entry point, tighten test assertions

Address review feedback:
- Add \RngHealthCheckFailed\ arm to the match in \src/bin/node.rs\
  (reboots on degraded RNG — safer than transmitting predictable nonces).
- Assert specific error variants in T-N929 (\RuntimeError\) and T-N934
  (\RuntimeError | InvalidBytecode\) instead of generic \is_err()\.
- Run \cargo fmt\ to fix formatting.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: address review feedback — move RNG check after identity load, use defensive indexing

- Move RNG health check after identity load so unpaired nodes still
  return Unpaired (sleep indefinitely) instead of reboot-looping
- Use `body[37..37 + actual_payload.len()]` instead of hard-coded 41
- U... (continued)

55 of 59 new or added lines in 3 files covered. (93.22%)

20782 of 24238 relevant lines covered (85.74%)

168.92 hits per line

Uncovered Changes

Lines Coverage File
4
94.43
 -1.08% crates/sonde-node/src/sonde_bpf_adapter.rs
Jobs
ID Job ID Ran Files Coverage
1 23461945560.1 74
85.74
 GitHub Action Run
Source Files on build 23461945560