e60cc3226c
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Successful in 9s
Blockchain Synchronization Verification / sync-verification (push) Failing after 1s
CLI Tests / test-cli (push) Failing after 3s
Documentation Validation / validate-docs (push) Successful in 6s
Documentation Validation / validate-policies-strict (push) Successful in 2s
Integration Tests / test-service-integration (push) Successful in 40s
Multi-Node Blockchain Health Monitoring / health-check (push) Successful in 1s
P2P Network Verification / p2p-verification (push) Successful in 2s
Production Tests / Production Integration Tests (push) Successful in 21s
Python Tests / test-python (push) Successful in 13s
Security Scanning / security-scan (push) Failing after 46s
Smart Contract Tests / test-solidity (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Successful in 17s
Smart Contract Tests / lint-solidity (push) Successful in 10s
- Add sys import to 29 test files across agent-coordinator, blockchain-event-bridge, blockchain-node, and coordinator-api - Remove apps/blockchain-event-bridge/tests/test_integration.py (obsolete bridge integration tests) - Remove apps/coordinator-api/tests/test_integration.py (obsolete API integration tests) - Implement GPU registration in marketplace_gpu.py with GPURegistry model persistence
66 lines
2.6 KiB
Python
66 lines
2.6 KiB
Python
"""
|
|
Security tests for database access restrictions.
|
|
|
|
Tests that database manipulation is not possible without detection.
|
|
import sys
|
|
"""
|
|
|
|
import os
|
|
import stat
|
|
import pytest
|
|
from pathlib import Path
|
|
|
|
from aitbc_chain.database import DatabaseOperationValidator, init_db
|
|
from aitbc_chain.config import settings
|
|
|
|
|
|
class TestDatabaseSecurity:
|
|
"""Test database security measures."""
|
|
|
|
def test_database_file_permissions(self):
|
|
"""Test that database file has restrictive permissions."""
|
|
# Initialize database
|
|
init_db()
|
|
|
|
# Check file permissions
|
|
db_path = settings.db_path
|
|
if db_path.exists():
|
|
file_stat = os.stat(db_path)
|
|
mode = file_stat.st_mode
|
|
|
|
# Check that file is readable/writable only by owner (600)
|
|
assert mode & stat.S_IRUSR # Owner can read
|
|
assert mode & stat.S_IWUSR # Owner can write
|
|
assert not (mode & stat.S_IRGRP) # Group cannot read
|
|
assert not (mode & stat.S_IWGRP) # Group cannot write
|
|
assert not (mode & stat.S_IROTH) # Others cannot read
|
|
assert not (mode & stat.S_IWOTH) # Others cannot write
|
|
|
|
def test_operation_validator_allowed_operations(self):
|
|
"""Test that operation validator allows valid operations."""
|
|
validator = DatabaseOperationValidator()
|
|
|
|
assert validator.validate_operation('select')
|
|
assert validator.validate_operation('insert')
|
|
assert validator.validate_operation('update')
|
|
assert validator.validate_operation('delete')
|
|
assert not validator.validate_operation('drop')
|
|
assert not validator.validate_operation('truncate')
|
|
|
|
def test_operation_validator_dangerous_queries(self):
|
|
"""Test that operation validator blocks dangerous queries."""
|
|
validator = DatabaseOperationValidator()
|
|
|
|
# Dangerous patterns should be blocked
|
|
assert not validator.validate_query('DROP TABLE account')
|
|
assert not validator.validate_query('DROP DATABASE')
|
|
assert not validator.validate_query('TRUNCATE account')
|
|
assert not validator.validate_query('ALTER TABLE account')
|
|
assert not validator.validate_query('DELETE FROM account')
|
|
assert not validator.validate_query('UPDATE account SET balance')
|
|
|
|
# Safe queries should pass
|
|
assert validator.validate_query('SELECT * FROM account')
|
|
assert validator.validate_query('INSERT INTO transaction VALUES')
|
|
assert validator.validate_query('UPDATE block SET height = 1')
|