#!/usr/bin/env python3 """ Test de la configuration de sécurité Valide que la configuration de sécurité fonctionne correctement. """ import os import sys import tempfile from pathlib import Path # Add current directory to path for imports sys.path.insert(0, str(Path(__file__).parent)) from core.security import ( get_security_config, validate_production_security, is_production_environment, check_security_requirements, generate_secure_key, ProductionSecurityError ) def test_development_environment(): """Test en environnement de développement.""" print("🧪 Testing Development Environment...") # S'assurer qu'on est en développement os.environ.pop("ENVIRONMENT", None) config = get_security_config() assert config.environment == "development" assert not is_production_environment() # En développement, la validation doit passer même avec des clés faibles try: validate_production_security(config) print(" ✓ Development validation passed (as expected)") except ProductionSecurityError: print(" ❌ Development validation should not fail") raise print("✅ Development environment test passed!") def test_production_security_validation(): """Test de la validation de sécurité en production.""" print("🧪 Testing Production Security Validation...") # Simuler l'environnement de production os.environ["ENVIRONMENT"] = "production" # Test 1: Configuration insécurisée (doit échouer) print(" Testing insecure configuration...") os.environ["ENCRYPTION_PASSWORD"] = "rpa_vision_v3_default_key" # Clé par défaut os.environ["SECRET_KEY"] = "dev-key-change-in-production" # Clé par défaut config = get_security_config() assert is_production_environment() try: validate_production_security(config) print(" ❌ Insecure configuration should have failed validation") assert False, "Should have raised ProductionSecurityError" except ProductionSecurityError as e: print(f" ✓ Insecure configuration correctly rejected: {str(e)[:100]}...") # Test 2: Configuration sécurisée (doit passer) print(" Testing secure configuration...") secure_encryption_key = generate_secure_key(32) secure_secret_key = generate_secure_key(32) os.environ["ENCRYPTION_PASSWORD"] = secure_encryption_key os.environ["SECRET_KEY"] = secure_secret_key os.environ["LOG_SENSITIVE_DATA"] = "false" os.environ["STRICT_INPUT_VALIDATION"] = "true" config = get_security_config() try: validate_production_security(config) print(" ✓ Secure configuration passed validation") except ProductionSecurityError as e: print(f" ❌ Secure configuration should have passed: {e}") raise print("✅ Production security validation test passed!") def test_security_requirements_check(): """Test de la vérification des exigences de sécurité.""" print("🧪 Testing Security Requirements Check...") # Test en développement os.environ["ENVIRONMENT"] = "development" requirements = check_security_requirements() print(f" Development requirements: {requirements}") assert not requirements["production_environment"] # Test en production avec configuration sécurisée os.environ["ENVIRONMENT"] = "production" secure_key = generate_secure_key(32) os.environ["ENCRYPTION_PASSWORD"] = secure_key os.environ["SECRET_KEY"] = secure_key requirements = check_security_requirements() print(f" Production requirements: {requirements}") assert requirements["production_environment"] assert requirements["encryption_password_set"] assert requirements["encryption_password_secure"] assert requirements["secret_key_set"] assert requirements["secret_key_secure"] print("✅ Security requirements check test passed!") def test_key_generation(): """Test de la génération de clés sécurisées.""" print("🧪 Testing Secure Key Generation...") # Générer plusieurs clés keys = [generate_secure_key(32) for _ in range(5)] # Vérifier qu'elles sont toutes différentes assert len(set(keys)) == 5, "Generated keys should be unique" # Vérifier la longueur for key in keys: assert len(key) >= 32, f"Key too short: {len(key)}" print(f" ✓ Generated {len(keys)} unique secure keys") print("✅ Key generation test passed!") def test_file_permissions(): """Test de la validation des permissions de fichiers.""" print("🧪 Testing File Permissions Validation...") os.environ["ENVIRONMENT"] = "production" # Créer un fichier temporaire avec des permissions trop permissives with tempfile.NamedTemporaryFile(mode='w', delete=False) as f: f.write("test-key-content") temp_file = f.name try: # Définir des permissions trop permissives os.chmod(temp_file, 0o666) os.environ["ENCRYPTION_KEY_FILE"] = temp_file os.environ["ENCRYPTION_PASSWORD"] = generate_secure_key(32) os.environ["SECRET_KEY"] = generate_secure_key(32) config = get_security_config() # La validation devrait émettre un warning mais pas échouer try: validate_production_security(config) print(" ✓ File permissions warning handled correctly") except ProductionSecurityError: print(" ❌ File permissions should generate warning, not error") raise finally: # Nettoyer os.unlink(temp_file) os.environ.pop("ENCRYPTION_KEY_FILE", None) print("✅ File permissions test passed!") def cleanup_environment(): """Nettoie les variables d'environnement de test.""" test_vars = [ "ENVIRONMENT", "ENCRYPTION_PASSWORD", "SECRET_KEY", "LOG_SENSITIVE_DATA", "STRICT_INPUT_VALIDATION", "ENCRYPTION_KEY_FILE" ] for var in test_vars: os.environ.pop(var, None) def main(): """Fonction principale de test.""" print("🎯 RPA Vision V3 - Security Configuration Test") print("=" * 60) try: # Test 1: Environnement de développement test_development_environment() print() # Test 2: Validation de sécurité en production test_production_security_validation() print() # Test 3: Vérification des exigences test_security_requirements_check() print() # Test 4: Génération de clés test_key_generation() print() # Test 5: Permissions de fichiers test_file_permissions() print() print("🎉 All security tests passed!") return 0 except Exception as e: print(f"❌ Test failed: {e}") import traceback traceback.print_exc() return 1 finally: cleanup_environment() if __name__ == "__main__": sys.exit(main())