feat: add business audit client
This commit is contained in:
85
audit/audit_test.go
Normal file
85
audit/audit_test.go
Normal file
@@ -0,0 +1,85 @@
|
||||
package audit
|
||||
|
||||
import "testing"
|
||||
|
||||
func TestEventNormalizeRedactsSecretsAndTruncatesEntityID(t *testing.T) {
|
||||
event := Event{
|
||||
Action: " files.share_create ",
|
||||
EntityType: " file_node ",
|
||||
EntityID: longString("x", 300),
|
||||
Details: map[string]any{
|
||||
"request_id": "rid-1",
|
||||
"password": "plain",
|
||||
"nested": map[string]any{
|
||||
"api_key": "secret",
|
||||
},
|
||||
"items": []any{
|
||||
map[string]any{"token": "secret"},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
got := event.Normalize()
|
||||
if got.Action != "files.share_create" {
|
||||
t.Fatalf("action was not trimmed: %q", got.Action)
|
||||
}
|
||||
if got.EntityType != "file_node" {
|
||||
t.Fatalf("entity type was not trimmed: %q", got.EntityType)
|
||||
}
|
||||
if len([]rune(got.EntityID)) != 255 {
|
||||
t.Fatalf("entity id was not truncated, got %d", len([]rune(got.EntityID)))
|
||||
}
|
||||
if got.Details["password"] != "***" {
|
||||
t.Fatalf("password was not redacted: %#v", got.Details["password"])
|
||||
}
|
||||
nested := got.Details["nested"].(map[string]any)
|
||||
if nested["api_key"] != "***" {
|
||||
t.Fatalf("nested api_key was not redacted: %#v", nested["api_key"])
|
||||
}
|
||||
items := got.Details["items"].([]any)
|
||||
if items[0].(map[string]any)["token"] != "***" {
|
||||
t.Fatalf("array token was not redacted: %#v", items[0])
|
||||
}
|
||||
}
|
||||
|
||||
func TestEventValidate(t *testing.T) {
|
||||
valid := Event{Action: "tasks.task_create", EntityType: "task"}
|
||||
if err := valid.Validate(); err != nil {
|
||||
t.Fatalf("valid event rejected: %v", err)
|
||||
}
|
||||
|
||||
invalidAction := Event{Action: "Task Created", EntityType: "task"}
|
||||
if err := invalidAction.Validate(); err == nil {
|
||||
t.Fatal("invalid action was accepted")
|
||||
}
|
||||
|
||||
invalidEntity := Event{Action: "tasks.task_create", EntityType: "1task"}
|
||||
if err := invalidEntity.Validate(); err == nil {
|
||||
t.Fatal("invalid entity type was accepted")
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidToken(t *testing.T) {
|
||||
tests := map[string]bool{
|
||||
"files.node_move": true,
|
||||
"ai.job-retry": true,
|
||||
"a1": true,
|
||||
"A1": false,
|
||||
"a": false,
|
||||
"files node": false,
|
||||
longString("a", MaxTokenLength+1): false,
|
||||
}
|
||||
for value, want := range tests {
|
||||
if got := ValidToken(value); got != want {
|
||||
t.Fatalf("ValidToken(%q) = %v, want %v", value, got, want)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func longString(ch string, n int) string {
|
||||
out := ""
|
||||
for range n {
|
||||
out += ch
|
||||
}
|
||||
return out
|
||||
}
|
||||
Reference in New Issue
Block a user