import unittest from unittest.mock import MagicMock from security.audit import SecureAudit from security.rbac_engine import RBACEngine import os class TestSecureAudit(unittest.TestCase): def setUp(self): # Setup mock RBAC engine self.mock_rbac = MagicMock(spec=RBACEngine) # Generate test encryption key self.test_key = os.urandom(32) # Initialize SecureAudit with in-memory DB self.audit = SecureAudit(self.mock_rbac, ":memory:", self.test_key) def test_aes_encryption(self): """Test AES-256 encryption of sensitive data""" test_data = "test_cron_expression" encrypted = self.audit._encrypt_data(test_data) decrypted = self.audit._decrypt_data(encrypted) self.assertEqual(test_data, decrypted) def test_hmac_obfuscation(self): """Test HMAC-SHA256 obfuscation of task IDs""" task_id = "task_123" obfuscated = self.audit._obfuscate_id(task_id) self.assertEqual(len(obfuscated), 64) # SHA256 hexdigest length self.assertNotEqual(task_id, obfuscated) def test_timestamp_integrity(self): """Verify timestamp integrity protection""" entry = {"operation": "test", "user": "admin"} hash_val = self.audit.log(entry) # Tamper with timestamp and verify detection with self.assertRaises(ValueError): self.audit._verify_integrity(hash_val, "tampered_timestamp") def test_log_retrieval(self): """Test encrypted log storage and retrieval""" entry = { "operation": "test", "user": "admin", "cron": "* * * * *", # Sensitive data "task_id": "sensitive_task_123" } hash_val = self.audit.log(entry) logs = self.audit.get_logs() self.assertEqual(len(logs), 1) self.assertEqual(logs[0]["integrity_hash"], hash_val) # Verify sensitive data is encrypted self.assertTrue(logs[0]["encrypted_cron"].startswith("gAAAA")) self.assertEqual(len(logs[0]["obfuscated_task_id"]), 64) if __name__ == "__main__": unittest.main()