v1.0 - Version stable: multi-PC, détection UI-DETR-1, 3 modes exécution

- Frontend v4 accessible sur réseau local (192.168.1.40) - Ports ouverts: 3002 (frontend), 5001 (backend), 5004 (dashboard) - Ollama GPU fonctionnel - Self-healing interactif - Dashboard confiance Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 11:23:51 +01:00
parent 21bfa3b337
commit a27b74cf22
1595 changed files with 412691 additions and 400 deletions
--- a/test_security_config.py
+++ b/test_security_config.py
@@ -0,0 +1,223 @@
+#!/usr/bin/env python3
+"""
+Test de la configuration de sécurité
+
+Valide que la configuration de sécurité fonctionne correctement.
+"""
+
+import os
+import sys
+import tempfile
+from pathlib import Path
+
+# Add current directory to path for imports
+sys.path.insert(0, str(Path(__file__).parent))
+
+from core.security import (
+    get_security_config,
+    validate_production_security,
+    is_production_environment,
+    check_security_requirements,
+    generate_secure_key,
+    ProductionSecurityError
+)
+
+def test_development_environment():
+    """Test en environnement de développement."""
+    print("🧪 Testing Development Environment...")
+    
+    # S'assurer qu'on est en développement
+    os.environ.pop("ENVIRONMENT", None)
+    
+    config = get_security_config()
+    assert config.environment == "development"
+    assert not is_production_environment()
+    
+    # En développement, la validation doit passer même avec des clés faibles
+    try:
+        validate_production_security(config)
+        print("   ✓ Development validation passed (as expected)")
+    except ProductionSecurityError:
+        print("   ❌ Development validation should not fail")
+        raise
+    
+    print("✅ Development environment test passed!")
+
+def test_production_security_validation():
+    """Test de la validation de sécurité en production."""
+    print("🧪 Testing Production Security Validation...")
+    
+    # Simuler l'environnement de production
+    os.environ["ENVIRONMENT"] = "production"
+    
+    # Test 1: Configuration insécurisée (doit échouer)
+    print("   Testing insecure configuration...")
+    os.environ["ENCRYPTION_PASSWORD"] = "rpa_vision_v3_default_key"  # Clé par défaut
+    os.environ["SECRET_KEY"] = "dev-key-change-in-production"  # Clé par défaut
+    
+    config = get_security_config()
+    assert is_production_environment()
+    
+    try:
+        validate_production_security(config)
+        print("   ❌ Insecure configuration should have failed validation")
+        assert False, "Should have raised ProductionSecurityError"
+    except ProductionSecurityError as e:
+        print(f"   ✓ Insecure configuration correctly rejected: {str(e)[:100]}...")
+    
+    # Test 2: Configuration sécurisée (doit passer)
+    print("   Testing secure configuration...")
+    secure_encryption_key = generate_secure_key(32)
+    secure_secret_key = generate_secure_key(32)
+    
+    os.environ["ENCRYPTION_PASSWORD"] = secure_encryption_key
+    os.environ["SECRET_KEY"] = secure_secret_key
+    os.environ["LOG_SENSITIVE_DATA"] = "false"
+    os.environ["STRICT_INPUT_VALIDATION"] = "true"
+    
+    config = get_security_config()
+    
+    try:
+        validate_production_security(config)
+        print("   ✓ Secure configuration passed validation")
+    except ProductionSecurityError as e:
+        print(f"   ❌ Secure configuration should have passed: {e}")
+        raise
+    
+    print("✅ Production security validation test passed!")
+
+def test_security_requirements_check():
+    """Test de la vérification des exigences de sécurité."""
+    print("🧪 Testing Security Requirements Check...")
+    
+    # Test en développement
+    os.environ["ENVIRONMENT"] = "development"
+    requirements = check_security_requirements()
+    
+    print(f"   Development requirements: {requirements}")
+    assert not requirements["production_environment"]
+    
+    # Test en production avec configuration sécurisée
+    os.environ["ENVIRONMENT"] = "production"
+    secure_key = generate_secure_key(32)
+    os.environ["ENCRYPTION_PASSWORD"] = secure_key
+    os.environ["SECRET_KEY"] = secure_key
+    
+    requirements = check_security_requirements()
+    print(f"   Production requirements: {requirements}")
+    
+    assert requirements["production_environment"]
+    assert requirements["encryption_password_set"]
+    assert requirements["encryption_password_secure"]
+    assert requirements["secret_key_set"]
+    assert requirements["secret_key_secure"]
+    
+    print("✅ Security requirements check test passed!")
+
+def test_key_generation():
+    """Test de la génération de clés sécurisées."""
+    print("🧪 Testing Secure Key Generation...")
+    
+    # Générer plusieurs clés
+    keys = [generate_secure_key(32) for _ in range(5)]
+    
+    # Vérifier qu'elles sont toutes différentes
+    assert len(set(keys)) == 5, "Generated keys should be unique"
+    
+    # Vérifier la longueur
+    for key in keys:
+        assert len(key) >= 32, f"Key too short: {len(key)}"
+    
+    print(f"   ✓ Generated {len(keys)} unique secure keys")
+    print("✅ Key generation test passed!")
+
+def test_file_permissions():
+    """Test de la validation des permissions de fichiers."""
+    print("🧪 Testing File Permissions Validation...")
+    
+    os.environ["ENVIRONMENT"] = "production"
+    
+    # Créer un fichier temporaire avec des permissions trop permissives
+    with tempfile.NamedTemporaryFile(mode='w', delete=False) as f:
+        f.write("test-key-content")
+        temp_file = f.name
+    
+    try:
+        # Définir des permissions trop permissives
+        os.chmod(temp_file, 0o666)
+        
+        os.environ["ENCRYPTION_KEY_FILE"] = temp_file
+        os.environ["ENCRYPTION_PASSWORD"] = generate_secure_key(32)
+        os.environ["SECRET_KEY"] = generate_secure_key(32)
+        
+        config = get_security_config()
+        
+        # La validation devrait émettre un warning mais pas échouer
+        try:
+            validate_production_security(config)
+            print("   ✓ File permissions warning handled correctly")
+        except ProductionSecurityError:
+            print("   ❌ File permissions should generate warning, not error")
+            raise
+        
+    finally:
+        # Nettoyer
+        os.unlink(temp_file)
+        os.environ.pop("ENCRYPTION_KEY_FILE", None)
+    
+    print("✅ File permissions test passed!")
+
+def cleanup_environment():
+    """Nettoie les variables d'environnement de test."""
+    test_vars = [
+        "ENVIRONMENT",
+        "ENCRYPTION_PASSWORD", 
+        "SECRET_KEY",
+        "LOG_SENSITIVE_DATA",
+        "STRICT_INPUT_VALIDATION",
+        "ENCRYPTION_KEY_FILE"
+    ]
+    
+    for var in test_vars:
+        os.environ.pop(var, None)
+
+def main():
+    """Fonction principale de test."""
+    print("🎯 RPA Vision V3 - Security Configuration Test")
+    print("=" * 60)
+    
+    try:
+        # Test 1: Environnement de développement
+        test_development_environment()
+        print()
+        
+        # Test 2: Validation de sécurité en production
+        test_production_security_validation()
+        print()
+        
+        # Test 3: Vérification des exigences
+        test_security_requirements_check()
+        print()
+        
+        # Test 4: Génération de clés
+        test_key_generation()
+        print()
+        
+        # Test 5: Permissions de fichiers
+        test_file_permissions()
+        print()
+        
+        print("🎉 All security tests passed!")
+        return 0
+        
+    except Exception as e:
+        print(f"❌ Test failed: {e}")
+        import traceback
+        traceback.print_exc()
+        return 1
+    
+    finally:
+        cleanup_environment()
+
+if __name__ == "__main__":
+    sys.exit(main())