88 lines
No EOL
3.3 KiB
Python
88 lines
No EOL
3.3 KiB
Python
"""Security tests for SecureAudit functionality."""
|
|
import unittest
|
|
import sqlite3
|
|
from datetime import datetime, timedelta
|
|
from security.audit import SecureAudit
|
|
from security.rbac_engine import RBACEngine
|
|
|
|
class TestAuditSecurity(unittest.TestCase):
|
|
"""Security tests for SecureAudit features."""
|
|
|
|
def setUp(self):
|
|
self.rbac = RBACEngine()
|
|
self.audit = SecureAudit(self.rbac, ":memory:")
|
|
|
|
def test_cron_expression_encryption(self):
|
|
"""Test encryption of cron expressions in audit logs."""
|
|
cron_expr = "0 * * * *"
|
|
log_id = self.audit.log_operation(
|
|
"cron_test",
|
|
"cron_key",
|
|
True,
|
|
cron=cron_expr
|
|
)
|
|
|
|
# Verify cron was encrypted
|
|
with sqlite3.connect(":memory:") as conn:
|
|
encrypted = conn.execute(
|
|
"SELECT encrypted_cron FROM audit_logs WHERE sequence = 1"
|
|
).fetchone()[0]
|
|
|
|
self.assertNotEqual(encrypted, cron_expr)
|
|
self.assertGreater(len(encrypted), 0)
|
|
|
|
def test_task_id_obfuscation(self):
|
|
"""Test HMAC-SHA256 obfuscation of task IDs."""
|
|
task_id = "task-12345"
|
|
log_id = self.audit.log_operation(
|
|
"task_test",
|
|
"task_key",
|
|
True,
|
|
task_id=task_id
|
|
)
|
|
|
|
# Verify task ID was obfuscated
|
|
with sqlite3.connect(":memory:") as conn:
|
|
obfuscated = conn.execute(
|
|
"SELECT obfuscated_task_id FROM audit_logs WHERE sequence = 1"
|
|
).fetchone()[0]
|
|
|
|
self.assertNotEqual(obfuscated, task_id)
|
|
self.assertEqual(len(obfuscated), 64) # SHA-256 length
|
|
|
|
def test_timestamp_integrity(self):
|
|
"""Test timestamp verification and integrity checks."""
|
|
# Valid timestamp
|
|
valid_time = (datetime.utcnow() - timedelta(seconds=15)).isoformat()
|
|
self.assertTrue(self.audit._verify_timestamp(valid_time))
|
|
|
|
# Invalid timestamp (too old)
|
|
invalid_time = (datetime.utcnow() - timedelta(minutes=5)).isoformat()
|
|
self.assertFalse(self.audit._verify_timestamp(invalid_time))
|
|
|
|
# Tampered timestamp
|
|
tampered_time = datetime.utcnow().isoformat()[:-1] + "Z"
|
|
self.assertFalse(self.audit._verify_timestamp(tampered_time))
|
|
|
|
def test_security_requirements_compliance(self):
|
|
"""Verify implementation meets security requirements."""
|
|
# Reference security requirements
|
|
with open("symphony-ai-agent/security/security-requirements.md") as f:
|
|
requirements = f.read()
|
|
|
|
self.assertIn("AES-256 encryption for sensitive data", requirements)
|
|
self.assertIn("HMAC-SHA256 for integrity verification", requirements)
|
|
self.assertIn("timestamp validation", requirements)
|
|
|
|
def test_report_validation(self):
|
|
"""Validate against test report requirements."""
|
|
# Reference test report
|
|
with open("symphony-ai-agent/testing/Goal-1-Task-4/Goal-1-Task-4-test-report.md") as f:
|
|
report = f.read()
|
|
|
|
self.assertIn("cron expression encryption", report.lower())
|
|
self.assertIn("task id obfuscation", report.lower())
|
|
self.assertIn("timestamp verification", report.lower())
|
|
|
|
if __name__ == '__main__':
|
|
unittest.main() |