anti
245975a6dd
Auth/session (V2.1.7, V4.1.5, V4.1.6, V2.1.4/V2.1.5): - env secret validation no longer bypassed by attacker-injectable PYTEST* env; gated on explicit DECNET_TESTING=1 (set only in conftest). - must_change_password now enforced on the SSE header-JWT path, not just ticket mint. - GET /system/deployment-mode requires viewer auth (was leaking role + topology size). - CreateUser/ResetUser passwords min_length=12; passwords >72 bytes rejected explicitly instead of bcrypt silently truncating. Swarm ingestion (V9.1.3, BUG-16): - Log listener hard-rejects peers with unparseable/empty cert CN (fail closed, ingests nothing) instead of tagging 'unknown'. - Shutdown handlers no longer swallow real errors (narrowed to CancelledError). Info leakage (V7.1.2, V14.1.2): - Exception text sanitized on swarm-update, health, tarpit, realism, file-drop, blank-topology endpoints (raw tc/docker stderr, DB/Docker errors logged server-side, generic detail returned). pyproject license corrected to AGPL-3.0. Correctness (BUG-12..16): - BUG-12 atomic credential upsert (UNIQUE constraint + IntegrityError retry, consistent principal_key canonicalization). - BUG-13 rule-tail watermark uses >= with seen-id dedup (no same-second drop). - BUG-14 worker wake cleared before wait (no lost wake during tick). - BUG-15 intel gather tolerates an unexpected provider raise. - BUG-16 see above. Already-closed (verified, no change): V2.1.6, V5.1.3, V9.1.2. Accept-risk + documented: V2.1.8 cache window, V3.1.3 idle timeout. Tests added for every fix; unanimous adversarial review after two refute-fix rounds.
48 lines
2.1 KiB
Python
48 lines
2.1 KiB
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""
|
|
Shared pytest configuration.
|
|
|
|
Env vars required by decnet.env must be set here, at module level, before
|
|
any test file imports decnet.* — pytest loads conftest.py first.
|
|
"""
|
|
import os
|
|
import tempfile
|
|
|
|
# Redirect log paths to a user-writable tempdir so unprivileged test runs
|
|
# (CI, local sans-sudo) don't try to mkdir /var/log/decnet.
|
|
_TEST_LOG_DIR = os.path.join(tempfile.gettempdir(), "decnet-tests-logs")
|
|
os.makedirs(_TEST_LOG_DIR, exist_ok=True)
|
|
os.environ.setdefault("DECNET_LOG_FILE", os.path.join(_TEST_LOG_DIR, "decnet.log"))
|
|
os.environ.setdefault("DECNET_INGEST_LOG_FILE", os.path.join(_TEST_LOG_DIR, "decnet.log"))
|
|
os.environ.setdefault("DECNET_AGENT_LOG_FILE", os.path.join(_TEST_LOG_DIR, "agent.log"))
|
|
|
|
# Explicit test-harness flag: tells env._require_env to skip secret-strength
|
|
# validation so the suite can run with weak/short secrets. This is the ONLY
|
|
# bypass — it replaced the old "any PYTEST* var present" fail-open check (V2.1.7).
|
|
os.environ["DECNET_TESTING"] = "1"
|
|
|
|
os.environ["DECNET_JWT_SECRET"] = "stable-test-secret-key-at-least-32-chars-long"
|
|
os.environ["DECNET_ADMIN_PASSWORD"] = "test-password-123"
|
|
os.environ["DECNET_DEVELOPER"] = "true"
|
|
os.environ["DECNET_DEVELOPER_TRACING"] = "false"
|
|
os.environ["DECNET_DB_TYPE"] = "sqlite"
|
|
|
|
# GeoIP enrichment is offline-by-design (RIR delegated-stats) but the
|
|
# first access triggers a background file fetch. Unit tests must never
|
|
# hit the network and don't care about country codes — disable
|
|
# enrichment globally. The geoip-specific tests re-enable it via
|
|
# monkeypatch + a temp DECNET_GEOIP_ROOT.
|
|
os.environ["DECNET_GEOIP_ENABLED"] = "false"
|
|
# Same posture for PTR resolution — tests that cover the resolver
|
|
# re-enable it explicitly via monkeypatch; everyone else gets the
|
|
# short-circuit (returns None without touching socket.gethostbyaddr).
|
|
os.environ["DECNET_PTR_ENABLED"] = "false"
|
|
|
|
import pytest
|
|
from typing import Any
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def standardize_auth_secret(monkeypatch: Any) -> None:
|
|
import decnet.web.auth
|
|
monkeypatch.setattr(decnet.web.auth, "SECRET_KEY", os.environ["DECNET_JWT_SECRET"])
|