package audit import "testing" func TestEventNormalizeRedactsSecretsAndTruncatesEntityID(t *testing.T) { event := Event{ Action: " files.share_create ", EntityType: " file_node ", EntityID: longString("x", 300), Details: map[string]any{ "request_id": "rid-1", "password": "plain", "nested": map[string]any{ "api_key": "secret", }, "items": []any{ map[string]any{"token": "secret"}, }, }, } got := event.Normalize() if got.Action != "files.share_create" { t.Fatalf("action was not trimmed: %q", got.Action) } if got.EntityType != "file_node" { t.Fatalf("entity type was not trimmed: %q", got.EntityType) } if len([]rune(got.EntityID)) != 255 { t.Fatalf("entity id was not truncated, got %d", len([]rune(got.EntityID))) } if got.Details["password"] != "***" { t.Fatalf("password was not redacted: %#v", got.Details["password"]) } nested := got.Details["nested"].(map[string]any) if nested["api_key"] != "***" { t.Fatalf("nested api_key was not redacted: %#v", nested["api_key"]) } items := got.Details["items"].([]any) if items[0].(map[string]any)["token"] != "***" { t.Fatalf("array token was not redacted: %#v", items[0]) } } func TestEventValidate(t *testing.T) { valid := Event{Action: "tasks.task_create", EntityType: "task"} if err := valid.Validate(); err != nil { t.Fatalf("valid event rejected: %v", err) } invalidAction := Event{Action: "Task Created", EntityType: "task"} if err := invalidAction.Validate(); err == nil { t.Fatal("invalid action was accepted") } invalidEntity := Event{Action: "tasks.task_create", EntityType: "1task"} if err := invalidEntity.Validate(); err == nil { t.Fatal("invalid entity type was accepted") } } func TestValidToken(t *testing.T) { tests := map[string]bool{ "files.node_move": true, "ai.job-retry": true, "a1": true, "A1": false, "a": false, "files node": false, longString("a", MaxTokenLength+1): false, } for value, want := range tests { if got := ValidToken(value); got != want { t.Fatalf("ValidToken(%q) = %v, want %v", value, got, want) } } } func longString(ch string, n int) string { out := "" for range n { out += ch } return out }