5d9415bb9f
Unit (SQLite, pure logic): - test_templating.py: Jinja2 sandbox, regex_extract, strict-undefined, sandbox blocks attribute-access escape, output blob 10 MB cap. - test_password.py: bcrypt hash + verify, empty / malformed handling. - test_soc_token.py: 256-bit url-safe token + bcrypt verification. - test_rbac_matrix.py: F11 invariants (lead ⊇ operator, SOC restricted to detection + report-read, audit_read & ttp_promote lead-only). - test_connector_factory.py: register / build / double-register-rejected, TaskStatus terminal helper, Mythic mapping vs empty Home mapping. - test_audit_hash.py: SHA-256 chain helper is deterministic and reacts to prev_hash / metadata changes. Integration scaffold (testcontainers Postgres): - tests/integration/conftest.py spins up postgres:16-alpine, monkeypatches MIMIC_DATABASE_URL, creates a Flask app + db.create_all. - test_healthz.py: end-to-end smoke through the Flask test client. 38 unit tests pass; ruff clean.
65 lines
1.6 KiB
Python
65 lines
1.6 KiB
Python
"""Audit log hash-chain helper tests (pure function, no DB)."""
|
|
|
|
from __future__ import annotations
|
|
|
|
from datetime import UTC, datetime
|
|
from uuid import uuid4
|
|
|
|
from mimic.audit.log import audit_hash
|
|
|
|
|
|
def test_hash_changes_with_metadata() -> None:
|
|
ts = datetime(2026, 5, 21, 12, 0, tzinfo=UTC)
|
|
actor = uuid4()
|
|
base = {
|
|
"prev_hash": None,
|
|
"ts": ts,
|
|
"actor_id": actor,
|
|
"action": "ttp.create",
|
|
"resource_type": "ttp",
|
|
"resource_id": "t-1",
|
|
"metadata": {"name": "whoami"},
|
|
}
|
|
h1 = audit_hash(**base)
|
|
h2 = audit_hash(**{**base, "metadata": {"name": "whoami2"}})
|
|
assert h1 != h2
|
|
assert len(h1) == 64
|
|
assert all(c in "0123456789abcdef" for c in h1)
|
|
|
|
|
|
def test_hash_changes_with_prev_hash() -> None:
|
|
ts = datetime(2026, 5, 21, 12, 0, tzinfo=UTC)
|
|
h_no_prev = audit_hash(
|
|
prev_hash=None,
|
|
ts=ts,
|
|
actor_id=None,
|
|
action="x",
|
|
resource_type="r",
|
|
resource_id="1",
|
|
metadata={},
|
|
)
|
|
h_with_prev = audit_hash(
|
|
prev_hash="abc",
|
|
ts=ts,
|
|
actor_id=None,
|
|
action="x",
|
|
resource_type="r",
|
|
resource_id="1",
|
|
metadata={},
|
|
)
|
|
assert h_no_prev != h_with_prev
|
|
|
|
|
|
def test_hash_stable_for_same_input() -> None:
|
|
ts = datetime(2026, 5, 21, 12, 0, tzinfo=UTC)
|
|
base = {
|
|
"prev_hash": "aa",
|
|
"ts": ts,
|
|
"actor_id": None,
|
|
"action": "x",
|
|
"resource_type": "r",
|
|
"resource_id": "1",
|
|
"metadata": {"k": "v"},
|
|
}
|
|
assert audit_hash(**base) == audit_hash(**base)
|