fix: address security review findings

This commit is contained in:
Marek Miklewicz
2026-06-30 11:41:40 +02:00
parent 3b096b67bb
commit 54b2e620ff
12 changed files with 188 additions and 31 deletions
+19
View File
@@ -0,0 +1,19 @@
<?php
declare(strict_types=1);
require_once PLUGIN_ROOT . '/exec/lib/RateLimiter.php';
test('rate limiter enforces limit across sequential requests', function (): void {
$limiter = new RateLimiter(TEST_TMP . '/rate-limit');
$limiter->assertAllowed('user-mxtest', 2, 60);
$limiter->assertAllowed('user-mxtest', 2, 60);
try {
$limiter->assertAllowed('user-mxtest', 2, 60);
throw new RuntimeException('Expected third request to be rate limited');
} catch (RuntimeException $e) {
assert_contains('rate limit', strtolower($e->getMessage()));
}
});