a27b74cf22
- Frontend v4 accessible sur réseau local (192.168.1.40) - Ports ouverts: 3002 (frontend), 5001 (backend), 5004 (dashboard) - Ollama GPU fonctionnel - Self-healing interactif - Dashboard confiance Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
223 lines
7.1 KiB
Python
223 lines
7.1 KiB
Python
#!/usr/bin/env python3
|
|
"""
|
|
Test de la configuration de sécurité
|
|
|
|
Valide que la configuration de sécurité fonctionne correctement.
|
|
"""
|
|
|
|
import os
|
|
import sys
|
|
import tempfile
|
|
from pathlib import Path
|
|
|
|
# Add current directory to path for imports
|
|
sys.path.insert(0, str(Path(__file__).parent))
|
|
|
|
from core.security import (
|
|
get_security_config,
|
|
validate_production_security,
|
|
is_production_environment,
|
|
check_security_requirements,
|
|
generate_secure_key,
|
|
ProductionSecurityError
|
|
)
|
|
|
|
def test_development_environment():
|
|
"""Test en environnement de développement."""
|
|
print("🧪 Testing Development Environment...")
|
|
|
|
# S'assurer qu'on est en développement
|
|
os.environ.pop("ENVIRONMENT", None)
|
|
|
|
config = get_security_config()
|
|
assert config.environment == "development"
|
|
assert not is_production_environment()
|
|
|
|
# En développement, la validation doit passer même avec des clés faibles
|
|
try:
|
|
validate_production_security(config)
|
|
print(" ✓ Development validation passed (as expected)")
|
|
except ProductionSecurityError:
|
|
print(" ❌ Development validation should not fail")
|
|
raise
|
|
|
|
print("✅ Development environment test passed!")
|
|
|
|
def test_production_security_validation():
|
|
"""Test de la validation de sécurité en production."""
|
|
print("🧪 Testing Production Security Validation...")
|
|
|
|
# Simuler l'environnement de production
|
|
os.environ["ENVIRONMENT"] = "production"
|
|
|
|
# Test 1: Configuration insécurisée (doit échouer)
|
|
print(" Testing insecure configuration...")
|
|
os.environ["ENCRYPTION_PASSWORD"] = "rpa_vision_v3_default_key" # Clé par défaut
|
|
os.environ["SECRET_KEY"] = "dev-key-change-in-production" # Clé par défaut
|
|
|
|
config = get_security_config()
|
|
assert is_production_environment()
|
|
|
|
try:
|
|
validate_production_security(config)
|
|
print(" ❌ Insecure configuration should have failed validation")
|
|
assert False, "Should have raised ProductionSecurityError"
|
|
except ProductionSecurityError as e:
|
|
print(f" ✓ Insecure configuration correctly rejected: {str(e)[:100]}...")
|
|
|
|
# Test 2: Configuration sécurisée (doit passer)
|
|
print(" Testing secure configuration...")
|
|
secure_encryption_key = generate_secure_key(32)
|
|
secure_secret_key = generate_secure_key(32)
|
|
|
|
os.environ["ENCRYPTION_PASSWORD"] = secure_encryption_key
|
|
os.environ["SECRET_KEY"] = secure_secret_key
|
|
os.environ["LOG_SENSITIVE_DATA"] = "false"
|
|
os.environ["STRICT_INPUT_VALIDATION"] = "true"
|
|
|
|
config = get_security_config()
|
|
|
|
try:
|
|
validate_production_security(config)
|
|
print(" ✓ Secure configuration passed validation")
|
|
except ProductionSecurityError as e:
|
|
print(f" ❌ Secure configuration should have passed: {e}")
|
|
raise
|
|
|
|
print("✅ Production security validation test passed!")
|
|
|
|
def test_security_requirements_check():
|
|
"""Test de la vérification des exigences de sécurité."""
|
|
print("🧪 Testing Security Requirements Check...")
|
|
|
|
# Test en développement
|
|
os.environ["ENVIRONMENT"] = "development"
|
|
requirements = check_security_requirements()
|
|
|
|
print(f" Development requirements: {requirements}")
|
|
assert not requirements["production_environment"]
|
|
|
|
# Test en production avec configuration sécurisée
|
|
os.environ["ENVIRONMENT"] = "production"
|
|
secure_key = generate_secure_key(32)
|
|
os.environ["ENCRYPTION_PASSWORD"] = secure_key
|
|
os.environ["SECRET_KEY"] = secure_key
|
|
|
|
requirements = check_security_requirements()
|
|
print(f" Production requirements: {requirements}")
|
|
|
|
assert requirements["production_environment"]
|
|
assert requirements["encryption_password_set"]
|
|
assert requirements["encryption_password_secure"]
|
|
assert requirements["secret_key_set"]
|
|
assert requirements["secret_key_secure"]
|
|
|
|
print("✅ Security requirements check test passed!")
|
|
|
|
def test_key_generation():
|
|
"""Test de la génération de clés sécurisées."""
|
|
print("🧪 Testing Secure Key Generation...")
|
|
|
|
# Générer plusieurs clés
|
|
keys = [generate_secure_key(32) for _ in range(5)]
|
|
|
|
# Vérifier qu'elles sont toutes différentes
|
|
assert len(set(keys)) == 5, "Generated keys should be unique"
|
|
|
|
# Vérifier la longueur
|
|
for key in keys:
|
|
assert len(key) >= 32, f"Key too short: {len(key)}"
|
|
|
|
print(f" ✓ Generated {len(keys)} unique secure keys")
|
|
print("✅ Key generation test passed!")
|
|
|
|
def test_file_permissions():
|
|
"""Test de la validation des permissions de fichiers."""
|
|
print("🧪 Testing File Permissions Validation...")
|
|
|
|
os.environ["ENVIRONMENT"] = "production"
|
|
|
|
# Créer un fichier temporaire avec des permissions trop permissives
|
|
with tempfile.NamedTemporaryFile(mode='w', delete=False) as f:
|
|
f.write("test-key-content")
|
|
temp_file = f.name
|
|
|
|
try:
|
|
# Définir des permissions trop permissives
|
|
os.chmod(temp_file, 0o666)
|
|
|
|
os.environ["ENCRYPTION_KEY_FILE"] = temp_file
|
|
os.environ["ENCRYPTION_PASSWORD"] = generate_secure_key(32)
|
|
os.environ["SECRET_KEY"] = generate_secure_key(32)
|
|
|
|
config = get_security_config()
|
|
|
|
# La validation devrait émettre un warning mais pas échouer
|
|
try:
|
|
validate_production_security(config)
|
|
print(" ✓ File permissions warning handled correctly")
|
|
except ProductionSecurityError:
|
|
print(" ❌ File permissions should generate warning, not error")
|
|
raise
|
|
|
|
finally:
|
|
# Nettoyer
|
|
os.unlink(temp_file)
|
|
os.environ.pop("ENCRYPTION_KEY_FILE", None)
|
|
|
|
print("✅ File permissions test passed!")
|
|
|
|
def cleanup_environment():
|
|
"""Nettoie les variables d'environnement de test."""
|
|
test_vars = [
|
|
"ENVIRONMENT",
|
|
"ENCRYPTION_PASSWORD",
|
|
"SECRET_KEY",
|
|
"LOG_SENSITIVE_DATA",
|
|
"STRICT_INPUT_VALIDATION",
|
|
"ENCRYPTION_KEY_FILE"
|
|
]
|
|
|
|
for var in test_vars:
|
|
os.environ.pop(var, None)
|
|
|
|
def main():
|
|
"""Fonction principale de test."""
|
|
print("🎯 RPA Vision V3 - Security Configuration Test")
|
|
print("=" * 60)
|
|
|
|
try:
|
|
# Test 1: Environnement de développement
|
|
test_development_environment()
|
|
print()
|
|
|
|
# Test 2: Validation de sécurité en production
|
|
test_production_security_validation()
|
|
print()
|
|
|
|
# Test 3: Vérification des exigences
|
|
test_security_requirements_check()
|
|
print()
|
|
|
|
# Test 4: Génération de clés
|
|
test_key_generation()
|
|
print()
|
|
|
|
# Test 5: Permissions de fichiers
|
|
test_file_permissions()
|
|
print()
|
|
|
|
print("🎉 All security tests passed!")
|
|
return 0
|
|
|
|
except Exception as e:
|
|
print(f"❌ Test failed: {e}")
|
|
import traceback
|
|
traceback.print_exc()
|
|
return 1
|
|
|
|
finally:
|
|
cleanup_environment()
|
|
|
|
if __name__ == "__main__":
|
|
sys.exit(main()) |