ruben/ai-agent
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ai-agent/tests/security/test_audit.py

60 lines
No EOL
2.1 KiB
Python
Raw Blame History

import unittest
from unittest.mock import MagicMock
from security.audit import SecureAudit
from security.rbac_engine import RBACEngine
import os
class TestSecureAudit(unittest.TestCase):
def setUp(self):
# Setup mock RBAC engine
self.mock_rbac = MagicMock(spec=RBACEngine)
# Generate test encryption key
self.test_key = os.urandom(32)
# Initialize SecureAudit with in-memory DB
self.audit = SecureAudit(self.mock_rbac, ":memory:", self.test_key)
def test_aes_encryption(self):
"""Test AES-256 encryption of sensitive data"""
test_data = "test_cron_expression"
encrypted = self.audit._encrypt_data(test_data)
decrypted = self.audit._decrypt_data(encrypted)
self.assertEqual(test_data, decrypted)
def test_hmac_obfuscation(self):
"""Test HMAC-SHA256 obfuscation of task IDs"""
task_id = "task_123"
obfuscated = self.audit._obfuscate_id(task_id)
self.assertEqual(len(obfuscated), 64) # SHA256 hexdigest length
self.assertNotEqual(task_id, obfuscated)
def test_timestamp_integrity(self):
"""Verify timestamp integrity protection"""
entry = {"operation": "test", "user": "admin"}
hash_val = self.audit.log(entry)
# Tamper with timestamp and verify detection
with self.assertRaises(ValueError):
self.audit._verify_integrity(hash_val, "tampered_timestamp")
def test_log_retrieval(self):
"""Test encrypted log storage and retrieval"""
entry = {
"operation": "test",
"user": "admin",
"cron": "* * * * *", # Sensitive data
"task_id": "sensitive_task_123"
}
hash_val = self.audit.log(entry)
logs = self.audit.get_logs()
self.assertEqual(len(logs), 1)
self.assertEqual(logs[0]["integrity_hash"], hash_val)
# Verify sensitive data is encrypted
self.assertTrue(logs[0]["encrypted_cron"].startswith("gAAAA"))
self.assertEqual(len(logs[0]["obfuscated_task_id"]), 64)
if __name__ == "__main__":
unittest.main()
Reference in a new issue View git blame Copy permalink