azaion/missions
1
0
Fork 0
mirror of https://github.com/azaion/missions.git synced 2026-06-21 23:21:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
24c4561bef0e07660509c2d7933c6ccf90aeef6c
missions/tests/Azaion.Missions.E2E.Tests/Tests/Security/ErrorRedactionTests.cs
T
Oleksandr Bezdieniezhnykh 24c4561bef [AZ-581] [AZ-582] [AZ-583] [AZ-584] Sec+Res NFT tests 
Batch 3 of test implementation cycle 1 (existing-code Step 6).

- AZ-581 AuthClaimsTests: NFT-SEC-01..06+04b (foreign-keypair, byte-flip,
  30s skew, iss/aud/perms, multi-value permissions array).
- AZ-582 CrossCutting/ErrorRedaction/JwksRotation/StartupConfig/CorsConfig:
  NFT-SEC-07..13 (alg pin, kid rotation grace window, env fail-fast, CORS
  Production gate).
- AZ-583 CascadeF3/CascadeF4/MigratorRestart: NFT-RES-01..04. CascadeF4
  pins current walk-order divergence with carry_forward AC-4.6.
- AZ-584 ConfigDbStartup/JwksRotationNoRestart/DefaultVehicleRace:
  NFT-RES-05..08. NFT-RES-08 pins current behaviour (unique-index closes
  the race) with carry_forward AC-1.4.

Mock contract: SignBody accepts permissions OR permissions_array (mutually
exclusive). TokenSigner validates kid_override against published keys so
NFT-SEC-11 can assert "mock refuses old kid post-grace".

Helpers added: ForeignKeypair (test-only ECDSA P-256),
MissionsContainerHelper (docker-run wrapper for startup-time scenarios),
DockerLogs.

7 of 22 new tests are Skippable, gated on COMPOSE_RESTART_ENABLED + docker
CLI in the e2e-consumer image (explicit skip reason; no silent pass).

Build green: test csproj + jwks-mock csproj.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-15 08:58:59 +03:00

91 lines
3.5 KiB
C#
Raw Blame History

using System.Net;
using System.Net.Http.Headers;
using System.Text.Json;
using Azaion.Missions.E2E.Fixtures;
using Azaion.Missions.E2E.Helpers;
using Npgsql;
using Xunit;
namespace Azaion.Missions.E2E.Tests.Security;
/// <summary>
/// NFT-SEC-08 — security-category variant of FT-N-08. Same destructive
/// fixture (DROP TABLE vehicles CASCADE) but emphasises the redaction
/// assertions and the matching log-line presence. Lives in the
/// <c>ErrorEnvelope500</c> collection so xUnit serialises against FT-N-08
/// and the consumer image still uses one round of compose restart for both.
/// Traces: AC-8.6, AC-10.3.
/// </summary>
[Collection("ErrorEnvelope500")]
[Trait("Category", "Sec")]
[Trait("db_access", "seed-or-assert-only")]
public sealed class ErrorRedactionTests : TestBase, IClassFixture<ComposeRestartFixture>
{
private readonly ComposeRestartFixture _restart;
public ErrorRedactionTests(ComposeRestartFixture restart) => _restart = restart;
[SkippableFact]
[Trait("Traces", "AC-8.6,AC-10.3")]
[Trait("max_ms", "5000")]
public async Task NFT_SEC_08_500_body_redacts_internals_and_log_records_exception_type()
{
Skip.IfNot(_restart.Enabled,
"ComposeRestartFixture disabled (COMPOSE_RESTART_ENABLED!=1). " +
"NFT-SEC-08 drops the vehicles table and needs the full stack restart " +
"in teardown.");
// Arrange — DROP TABLE vehicles forces the SUT into the generic
// catch path on /vehicles/{any}.
DbResetFixture.ResetDatabase(TestEnvironment.DbSideChannel);
DropVehiclesTable();
var requestStart = DateTime.UtcNow;
var token = await Tokens.MintDefaultAsync();
try
{
// Act
using var req = new HttpRequestMessage(HttpMethod.Get, $"/vehicles/{Guid.NewGuid()}");
req.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token.Jwt);
using var response = await Missions.SendAsync(req);
// Assert — wire-shape is EXACTLY { statusCode, message }; no extra
// keys, no stack-leak keywords anywhere in the JSON DOM.
var problem = await HttpAssertions.AssertProblemEnvelopeAsync(
response, HttpStatusCode.InternalServerError);
Assert.Equal(500, problem.StatusCode);
Assert.Equal("Internal server error", problem.Message);
// The unhandled exception MUST still be logged. The log line
// includes the exception type (Npgsql.PostgresException) so an
// operator can diagnose without the response leaking it.
var deadline = DateTime.UtcNow.AddSeconds(2);
var sawLog = false;
while (DateTime.UtcNow < deadline)
{
if (DockerLogs.Contains("missions-sut", "Unhandled exception", requestStart))
{
sawLog = true;
break;
}
await Task.Delay(100);
}
Assert.True(sawLog,
"expected 'Unhandled exception' in missions-sut docker logs within 2s of request");
}
finally
{
_restart.RestartStack();
}
}
private static void DropVehiclesTable()
{
using var conn = new NpgsqlConnection(TestEnvironment.DbSideChannel);
conn.Open();
using var cmd = conn.CreateCommand();
cmd.CommandText = "DROP TABLE IF EXISTS vehicles CASCADE;";
cmd.ExecuteNonQuery();
}
}
Reference in New Issue View Git Blame Copy Permalink