86 lines
2.3 KiB
Go
86 lines
2.3 KiB
Go
package audit
|
|
|
|
import "testing"
|
|
|
|
func TestEventNormalizeRedactsSecretsAndTruncatesEntityID(t *testing.T) {
|
|
event := Event{
|
|
Action: " files.share_create ",
|
|
EntityType: " file_node ",
|
|
EntityID: longString("x", 300),
|
|
Details: map[string]any{
|
|
"request_id": "rid-1",
|
|
"password": "plain",
|
|
"nested": map[string]any{
|
|
"api_key": "secret",
|
|
},
|
|
"items": []any{
|
|
map[string]any{"token": "secret"},
|
|
},
|
|
},
|
|
}
|
|
|
|
got := event.Normalize()
|
|
if got.Action != "files.share_create" {
|
|
t.Fatalf("action was not trimmed: %q", got.Action)
|
|
}
|
|
if got.EntityType != "file_node" {
|
|
t.Fatalf("entity type was not trimmed: %q", got.EntityType)
|
|
}
|
|
if len([]rune(got.EntityID)) != 255 {
|
|
t.Fatalf("entity id was not truncated, got %d", len([]rune(got.EntityID)))
|
|
}
|
|
if got.Details["password"] != "***" {
|
|
t.Fatalf("password was not redacted: %#v", got.Details["password"])
|
|
}
|
|
nested := got.Details["nested"].(map[string]any)
|
|
if nested["api_key"] != "***" {
|
|
t.Fatalf("nested api_key was not redacted: %#v", nested["api_key"])
|
|
}
|
|
items := got.Details["items"].([]any)
|
|
if items[0].(map[string]any)["token"] != "***" {
|
|
t.Fatalf("array token was not redacted: %#v", items[0])
|
|
}
|
|
}
|
|
|
|
func TestEventValidate(t *testing.T) {
|
|
valid := Event{Action: "tasks.task_create", EntityType: "task"}
|
|
if err := valid.Validate(); err != nil {
|
|
t.Fatalf("valid event rejected: %v", err)
|
|
}
|
|
|
|
invalidAction := Event{Action: "Task Created", EntityType: "task"}
|
|
if err := invalidAction.Validate(); err == nil {
|
|
t.Fatal("invalid action was accepted")
|
|
}
|
|
|
|
invalidEntity := Event{Action: "tasks.task_create", EntityType: "1task"}
|
|
if err := invalidEntity.Validate(); err == nil {
|
|
t.Fatal("invalid entity type was accepted")
|
|
}
|
|
}
|
|
|
|
func TestValidToken(t *testing.T) {
|
|
tests := map[string]bool{
|
|
"files.node_move": true,
|
|
"ai.job-retry": true,
|
|
"a1": true,
|
|
"A1": false,
|
|
"a": false,
|
|
"files node": false,
|
|
longString("a", MaxTokenLength+1): false,
|
|
}
|
|
for value, want := range tests {
|
|
if got := ValidToken(value); got != want {
|
|
t.Fatalf("ValidToken(%q) = %v, want %v", value, got, want)
|
|
}
|
|
}
|
|
}
|
|
|
|
func longString(ch string, n int) string {
|
|
out := ""
|
|
for range n {
|
|
out += ch
|
|
}
|
|
return out
|
|
}
|