From 0d23685b622407b54832c2aac7786ddd77253d09 Mon Sep 17 00:00:00 2001 From: Viacheslav Klimov Date: Wed, 4 Mar 2026 14:33:53 +0200 Subject: [PATCH] Fix flaky SsrfProtectionValidatorTest by moving @ResourceLock to class level Tests that read shared static state (e.g. testAllowedUrls with 8.8.8.8) could run concurrently with tests that mutate it (e.g. testAdditionalBlockedSingleIp), causing intermittent failures. Class-level @ResourceLock serializes all tests. Co-Authored-By: Claude Opus 4.6 --- .../common/util/SsrfProtectionValidatorTest.java | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/common/util/src/test/java/org/thingsboard/common/util/SsrfProtectionValidatorTest.java b/common/util/src/test/java/org/thingsboard/common/util/SsrfProtectionValidatorTest.java index ec6e51db6d..6cb2d21a9a 100644 --- a/common/util/src/test/java/org/thingsboard/common/util/SsrfProtectionValidatorTest.java +++ b/common/util/src/test/java/org/thingsboard/common/util/SsrfProtectionValidatorTest.java @@ -27,12 +27,9 @@ import java.util.List; import static org.assertj.core.api.Assertions.assertThatNoException; import static org.assertj.core.api.Assertions.assertThatThrownBy; +@ResourceLock("SsrfProtectionValidatorTest") // some tests mutate static additional-blocked-hosts public class SsrfProtectionValidatorTest { - // JUnit 5 @ResourceLock ensures that tests modifying SsrfProtectionValidator's static - // additional blocked hosts never run concurrently with each other (parallel execution is enabled). - private static final String SYNC_LOCK = "SsrfProtectionValidatorTest"; - @ParameterizedTest @ValueSource(strings = { "http://example.com", @@ -207,7 +204,6 @@ public class SsrfProtectionValidatorTest { } @Test - @ResourceLock(SYNC_LOCK) void testAdditionalBlockedSingleIp() { try { SsrfProtectionValidator.setAdditionalBlockedHosts(List.of("8.8.8.8")); @@ -222,7 +218,6 @@ public class SsrfProtectionValidatorTest { } @Test - @ResourceLock(SYNC_LOCK) void testAdditionalBlockedCidrSlash10() { try { // Use 44.0.0.0/10 (not blocked by default) to verify CIDR /10 matching @@ -243,7 +238,6 @@ public class SsrfProtectionValidatorTest { } @Test - @ResourceLock(SYNC_LOCK) void testAdditionalBlockedCidrSlash24() { try { SsrfProtectionValidator.setAdditionalBlockedHosts(List.of("198.51.100.0/24")); @@ -261,7 +255,6 @@ public class SsrfProtectionValidatorTest { } @Test - @ResourceLock(SYNC_LOCK) void testAdditionalBlockedHostnameViaValidateUri() { try { SsrfProtectionValidator.setAdditionalBlockedHosts(List.of("evil.corp")); @@ -275,7 +268,6 @@ public class SsrfProtectionValidatorTest { } @Test - @ResourceLock(SYNC_LOCK) void testAdditionalBlockedHostnameCaseInsensitive() { try { SsrfProtectionValidator.setAdditionalBlockedHosts(List.of("My-Service.Corp")); @@ -289,7 +281,6 @@ public class SsrfProtectionValidatorTest { } @Test - @ResourceLock(SYNC_LOCK) void testSetAdditionalBlockedHostsEmptyAndNull() { // Should not throw SsrfProtectionValidator.setAdditionalBlockedHosts(Collections.emptyList()); @@ -307,7 +298,6 @@ public class SsrfProtectionValidatorTest { } @Test - @ResourceLock(SYNC_LOCK) void testAdditionalBlockedCidrViaValidateUri() { // 203.0.113.0/24 (TEST-NET-3) is not blocked by default URI uri = URI.create("http://203.0.113.1"); @@ -323,7 +313,6 @@ public class SsrfProtectionValidatorTest { } @Test - @ResourceLock(SYNC_LOCK) void testAdditionalBlockedMixedConfig() { try { SsrfProtectionValidator.setAdditionalBlockedHosts(List.of("203.0.113.0/24", "evil.corp", "8.8.8.8"));