`inspect_message` seems not work on the `ic-test-state-machine`

I have this in my rust canister:

fn inspect_message() {
    let inspected_maethod_name = ic_cdk::api::call::method_name();
    if inspected_maethod_name == "create_user" {

but i still can call the create_user function in the test suit using ic-test-state-machine’s call_candid method.

Not an expert here, but inspect_message only handles ingress messages. ic-test-state-machine operates on another level.

To test the inspect_message handler you’d need to run e2e tests, i.e. running your canister on the (local) replica and calling create_user from a client.

1 Like

Any open source project used the inspect message feature? I want to get a example to learn how to use it.

Here’s one: examples/rust/nft-wallet/src/lib.rs at 71156ae52e4911a8ce7cf4ed957741a7131c9454 · dfinity/examples · GitHub

As far as I remember this only runs for calls that come through the http gateway. Other canisters that call your canister directly (inter canister call) will not go through inspect_message if I remember correctly.

So make sure that it’s not used as the sole security layer, still make sure that the methods themselves also verify access.