Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
71b9709
Add comprehensive test suite with 400 tests across 10 modules
claude Mar 25, 2026
95d79d2
Add TEST_F fixture support and 11 comprehensive test suites (790 tota…
claude Mar 25, 2026
8d48847
Add 3 adversarial stress test suites (902 total tests)
claude Mar 25, 2026
4c5618f
Add MANGOS_TEST_MODE to bypass DBC/map/DB validation for testing
claude Mar 25, 2026
3113853
Fix FPE crash in test mode and add 30 network stress tests
claude Mar 25, 2026
d62efb5
Add WoW 4.3.4 mock client and fix 5 server bugs found during testing
claude Mar 25, 2026
97318ee
Fix uint32 overflow UB in damage/XP/health calculations and 2 test fa…
claude Mar 26, 2026
d0bd70a
Merge pull request #96 from mangosthree/claude/test-server-robustness…
Krilliac Mar 26, 2026
9abf603
Add MariaDB setup and database stress test suite
claude Mar 26, 2026
5e52858
Fix 4 security exploits found via live mock-client testing
claude Mar 26, 2026
e90b606
Add build artifacts to .gitignore
claude Mar 26, 2026
0b97b9b
Fix .gitignore to exclude etc/ install directory
claude Mar 26, 2026
6eb28b4
Merge pull request #97 from mangosthree/claude/setup-mariadb-stress-t…
Krilliac Mar 26, 2026
355764c
Security hardening: fix vulnerabilities found via live exploit testing
claude Mar 26, 2026
d4cc267
Merge pull request #98 from mangosthree/claude/setup-server-security-…
Krilliac Mar 26, 2026
326cb2f
[Tests] Add Cata 4.0.1 crushing-blow spec tests
r-log May 15, 2026
668c185
[Tests] Cata crushing-blow: verified magnitudes, drop tank-stance
r-log May 15, 2026
ceb68e2
[Tests] Cata 4.3.4 armor DR: regression guard
r-log May 15, 2026
d49c129
[Tests] Cata 4.3.4 PvP resilience: damage-reduction spec
r-log May 15, 2026
4de06f9
Merge branch 'master' into claude/add-comprehensive-tests-1WQJB
billy1arm May 16, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -129,3 +129,9 @@ msbuild.cmd

# File generated during compile
/dep/libmpq/compile

# Build artifacts
_build/
_install/
/etc/
tests/build/
7 changes: 7 additions & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ option(PLAYERBOTS "Enable Player Bots" OFF)
option(SOAP "Enable remote access via SOAP" OFF)
option(PCH "Enable precompiled headers" ON)
option(DEBUG "Enable debug build (only on non IDEs)" OFF)
option(MANGOS_TEST_MODE "Enable test mode: skip DBC/map/DB validation" OFF)
#==================================================================================
message("")
message(
Expand Down Expand Up @@ -127,4 +128,10 @@ endif()
add_subdirectory(dep)
add_subdirectory(src)

option(BUILD_TESTS "Build the test suite" OFF)
if(BUILD_TESTS)
enable_testing()
add_subdirectory(tests)
endif()

include(${CMAKE_SOURCE_DIR}/cmake/StatusInfo.cmake)
6 changes: 6 additions & 0 deletions cmake/SetDefinitions.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -188,3 +188,9 @@ unset(DEFAULT_COMPILE_OPTS)
if(MSVC)
set(CMAKE_VS_INCLUDE_INSTALL_TO_DEFAULT_BUILD ON)
endif()

# Test mode: skip DBC/map/DB validation for running without game data
if(MANGOS_TEST_MODE)
add_definitions(-DMANGOS_TEST_MODE)
message(STATUS "TEST MODE ENABLED: DBC/map/DB validation will be skipped")
endif()
119 changes: 119 additions & 0 deletions sql/security_hardening.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@
-- ============================================================================
-- MaNGOS Three — Security Hardening Script
-- Run AFTER setup_mariadb.sql to apply security fixes and constraints.
-- Usage: mariadb -u root < sql/security_hardening.sql
-- ============================================================================

-- ── Restrict mangos user to only needed privileges (not ALL) ─────────────
-- Revoke ALL and grant only what the server actually needs
USE `realmd`;

-- Revoke dangerous privileges from mangos user on realmd
REVOKE ALL PRIVILEGES ON `realmd`.* FROM 'mangos'@'localhost';
REVOKE ALL PRIVILEGES ON `realmd`.* FROM 'mangos'@'127.0.0.1';

GRANT SELECT, INSERT, UPDATE, DELETE ON `realmd`.* TO 'mangos'@'localhost';
GRANT SELECT, INSERT, UPDATE, DELETE ON `realmd`.* TO 'mangos'@'127.0.0.1';

-- Same for character3 and mangos3
REVOKE ALL PRIVILEGES ON `character3`.* FROM 'mangos'@'localhost';
REVOKE ALL PRIVILEGES ON `character3`.* FROM 'mangos'@'127.0.0.1';
REVOKE ALL PRIVILEGES ON `mangos3`.* FROM 'mangos'@'localhost';
REVOKE ALL PRIVILEGES ON `mangos3`.* FROM 'mangos'@'127.0.0.1';

GRANT SELECT, INSERT, UPDATE, DELETE ON `character3`.* TO 'mangos'@'localhost';
GRANT SELECT, INSERT, UPDATE, DELETE ON `character3`.* TO 'mangos'@'127.0.0.1';
GRANT SELECT, INSERT, UPDATE, DELETE ON `mangos3`.* TO 'mangos'@'localhost';
GRANT SELECT, INSERT, UPDATE, DELETE ON `mangos3`.* TO 'mangos'@'127.0.0.1';

FLUSH PRIVILEGES;

-- ── Add account lockout tracking table ───────────────────────────────────
USE `realmd`;

CREATE TABLE IF NOT EXISTS `account_login_attempts` (
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
`account_id` INT UNSIGNED NOT NULL DEFAULT 0,
`ip` VARCHAR(45) NOT NULL DEFAULT '',
`login_time` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`success` TINYINT UNSIGNED NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
KEY `idx_account` (`account_id`),
KEY `idx_ip` (`ip`),
KEY `idx_time` (`login_time`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

-- ── Add rate limiting metadata table ─────────────────────────────────────
CREATE TABLE IF NOT EXISTS `ip_rate_limit` (
`ip` VARCHAR(45) NOT NULL,
`attempts` INT UNSIGNED NOT NULL DEFAULT 0,
`window_start` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`blocked_until` TIMESTAMP NULL DEFAULT NULL,
PRIMARY KEY (`ip`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

-- ── Add constraints to prevent negative/overflow money values ────────────
USE `character3`;

-- Add CHECK constraints (MariaDB 10.2.1+)
ALTER TABLE `characters` ADD CONSTRAINT `chk_money_cap`
CHECK (`money` <= 9999999999);

ALTER TABLE `characters` ADD CONSTRAINT `chk_level_range`
CHECK (`level` BETWEEN 0 AND 85);

-- ── Add audit log table for security-sensitive operations ────────────────
CREATE TABLE IF NOT EXISTS `security_audit_log` (
`id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
`timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`account_id` INT UNSIGNED NOT NULL DEFAULT 0,
`char_guid` INT UNSIGNED NOT NULL DEFAULT 0,
`action` VARCHAR(64) NOT NULL DEFAULT '',
`details` TEXT,
`ip` VARCHAR(45) NOT NULL DEFAULT '',
PRIMARY KEY (`id`),
KEY `idx_account` (`account_id`),
KEY `idx_timestamp` (`timestamp`),
KEY `idx_action` (`action`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

-- ── Harden item_instance to prevent duplication ──────────────────────────
-- Add a unique constraint on item-owner pair to prevent the same item
-- from being duplicated across multiple owners simultaneously
ALTER TABLE `item_instance` ADD CONSTRAINT `chk_item_count`
CHECK (`count` > 0 AND `count` <= 2147483647);

-- ── Prevent gold mail exploits with mail money validation ────────────────
ALTER TABLE `mail` ADD CONSTRAINT `chk_mail_money`
CHECK (`money` <= 9999999999);

-- ── Guild name uniqueness (already unique key on name in setup, verify) ──
-- Add length constraint
ALTER TABLE `guild` ADD CONSTRAINT `chk_guild_name_len`
CHECK (LENGTH(`name`) > 0 AND LENGTH(`name`) <= 24);

-- ── Anti-exploitation: add foreign key constraints for referential integrity
-- These prevent orphaned records that could be exploited

-- character_inventory must reference valid characters
ALTER TABLE `character_inventory`
ADD CONSTRAINT `fk_inv_char` FOREIGN KEY (`guid`)
REFERENCES `characters` (`guid`) ON DELETE CASCADE;

-- character_spell must reference valid characters
ALTER TABLE `character_spell`
ADD CONSTRAINT `fk_spell_char` FOREIGN KEY (`guid`)
REFERENCES `characters` (`guid`) ON DELETE CASCADE;

-- character_aura must reference valid characters
ALTER TABLE `character_aura`
ADD CONSTRAINT `fk_aura_char` FOREIGN KEY (`guid`)
REFERENCES `characters` (`guid`) ON DELETE CASCADE;

-- character_queststatus must reference valid characters
ALTER TABLE `character_queststatus`
ADD CONSTRAINT `fk_quest_char` FOREIGN KEY (`guid`)
REFERENCES `characters` (`guid`) ON DELETE CASCADE;

-- ── Done ─────────────────────────────────────────────────────────────────
SELECT 'Security hardening applied successfully' AS status;
Loading
Loading