Spaces:
Running
Running
Claude commited on
test(rename): dé-sprintage tests/security (9 fichiers, git mv)
Browse files- docs/explanation/architecture.md +10 -10
- docs/migration/option_b_test_inventory.md +1 -1
- tests/security/{test_sprint_a14_s20_corpus_service.py → test_corpus_service.py} +0 -0
- tests/security/{test_s1_csrf_required.py → test_csrf_required.py} +0 -0
- tests/security/{test_sprint_a14_s1_path_validation.py → test_path_validation.py} +0 -0
- tests/security/{test_s8_security_helpers.py → test_security_helpers.py} +0 -0
- tests/security/{test_s1_ssrf_attack.py → test_ssrf_attack.py} +0 -0
- tests/security/{test_sprint_a14_s19_workspace_manager.py → test_workspace_manager.py} +0 -0
- tests/security/{test_s1_xss_in_reports.py → test_xss_in_reports.py} +0 -0
- tests/security/{test_s1_xxe_attack.py → test_xxe_attack.py} +0 -0
- tests/security/{test_s1_zip_slip_attack.py → test_zip_slip_attack.py} +0 -0
docs/explanation/architecture.md
CHANGED
|
@@ -72,7 +72,7 @@ normalisé. Dépend du domain ; aucune logique d'évaluation.
|
|
| 72 |
Le parser XML interne (`_xml_utils.safe_parse_xml`) délègue à
|
| 73 |
`defusedxml` avec `forbid_dtd=True`, bloquant XXE, Billion Laughs
|
| 74 |
et déclarations `<!DOCTYPE>`. Les défenses sont verrouillées par
|
| 75 |
-
`tests/security/
|
| 76 |
|
| 77 |
### `picarones/evaluation/` — moteurs d'évaluation
|
| 78 |
|
|
@@ -130,7 +130,7 @@ produit un artefact texte que `evaluation/` consommera).
|
|
| 130 |
**Anti-SSRF** : `corpus/_http.py:validate_http_url` refuse
|
| 131 |
loopback, lien-local, RFC 1918, métadonnées cloud (AWS
|
| 132 |
`169.254.169.254`, GCP `metadata.google.internal`). Verrouillé par
|
| 133 |
-
`tests/security/
|
| 134 |
|
| 135 |
### `picarones/app/` — services applicatifs
|
| 136 |
|
|
@@ -153,7 +153,7 @@ Orchestration entre adapters et evaluation.
|
|
| 153 |
**Anti ZIP slip** : `corpus_service._extract_safely` rejette les
|
| 154 |
chemins absolus, `..`, octets nuls, symlinks ZIP entries
|
| 155 |
(mode UNIX 0xA000), avec garde-fou final `target.resolve().relative_to(extract_dir)`.
|
| 156 |
-
Verrouillé par `tests/security/
|
| 157 |
|
| 158 |
### `picarones/reports/` — rendu déterministe
|
| 159 |
|
|
@@ -176,7 +176,7 @@ citer.
|
|
| 176 |
helper `_safe_json_for_script_tag` qui encode `<>&` en
|
| 177 |
`<>&` pour le JSON injecté dans
|
| 178 |
`<script type="application/json">`. Verrouillé par
|
| 179 |
-
`tests/security/
|
| 180 |
|
| 181 |
### `picarones/interfaces/` — points d'entrée user-facing
|
| 182 |
|
|
@@ -187,7 +187,7 @@ helper `_safe_json_for_script_tag` qui encode `<>&` en
|
|
| 187 |
|
| 188 |
**Anti-CSRF** : middleware `csrf_middleware` actif si
|
| 189 |
`PICARONES_CSRF_REQUIRED=1`. Pattern double-submit cookie + HMAC
|
| 190 |
-
signature. Verrouillé par `tests/security/
|
| 191 |
|
| 192 |
## Principes architecturaux
|
| 193 |
|
|
@@ -229,11 +229,11 @@ de code humaine raterait :
|
|
| 229 |
Sprint S1 a ajouté 63 tests d'attaque qui verrouillent les
|
| 230 |
défenses revendiquées :
|
| 231 |
|
| 232 |
-
- `tests/security/
|
| 233 |
-
- `tests/security/
|
| 234 |
-
- `tests/security/
|
| 235 |
-
- `tests/security/
|
| 236 |
-
- `tests/security/
|
| 237 |
|
| 238 |
### Reproductibilité bit-for-bit
|
| 239 |
|
|
|
|
| 72 |
Le parser XML interne (`_xml_utils.safe_parse_xml`) délègue à
|
| 73 |
`defusedxml` avec `forbid_dtd=True`, bloquant XXE, Billion Laughs
|
| 74 |
et déclarations `<!DOCTYPE>`. Les défenses sont verrouillées par
|
| 75 |
+
`tests/security/test_xxe_attack.py` (Sprint S1.4).
|
| 76 |
|
| 77 |
### `picarones/evaluation/` — moteurs d'évaluation
|
| 78 |
|
|
|
|
| 130 |
**Anti-SSRF** : `corpus/_http.py:validate_http_url` refuse
|
| 131 |
loopback, lien-local, RFC 1918, métadonnées cloud (AWS
|
| 132 |
`169.254.169.254`, GCP `metadata.google.internal`). Verrouillé par
|
| 133 |
+
`tests/security/test_ssrf_attack.py` (Sprint S1.6).
|
| 134 |
|
| 135 |
### `picarones/app/` — services applicatifs
|
| 136 |
|
|
|
|
| 153 |
**Anti ZIP slip** : `corpus_service._extract_safely` rejette les
|
| 154 |
chemins absolus, `..`, octets nuls, symlinks ZIP entries
|
| 155 |
(mode UNIX 0xA000), avec garde-fou final `target.resolve().relative_to(extract_dir)`.
|
| 156 |
+
Verrouillé par `tests/security/test_zip_slip_attack.py`.
|
| 157 |
|
| 158 |
### `picarones/reports/` — rendu déterministe
|
| 159 |
|
|
|
|
| 176 |
helper `_safe_json_for_script_tag` qui encode `<>&` en
|
| 177 |
`<>&` pour le JSON injecté dans
|
| 178 |
`<script type="application/json">`. Verrouillé par
|
| 179 |
+
`tests/security/test_xss_in_reports.py` (Sprint S1.1).
|
| 180 |
|
| 181 |
### `picarones/interfaces/` — points d'entrée user-facing
|
| 182 |
|
|
|
|
| 187 |
|
| 188 |
**Anti-CSRF** : middleware `csrf_middleware` actif si
|
| 189 |
`PICARONES_CSRF_REQUIRED=1`. Pattern double-submit cookie + HMAC
|
| 190 |
+
signature. Verrouillé par `tests/security/test_csrf_required.py`.
|
| 191 |
|
| 192 |
## Principes architecturaux
|
| 193 |
|
|
|
|
| 229 |
Sprint S1 a ajouté 63 tests d'attaque qui verrouillent les
|
| 230 |
défenses revendiquées :
|
| 231 |
|
| 232 |
+
- `tests/security/test_xss_in_reports.py` (5) — autoescape Jinja2 + escape JSON.
|
| 233 |
+
- `tests/security/test_xxe_attack.py` (9) — XXE / Billion Laughs / DTD.
|
| 234 |
+
- `tests/security/test_zip_slip_attack.py` (9) — ZIP slip + symlinks.
|
| 235 |
+
- `tests/security/test_ssrf_attack.py` (26) — loopback, RFC 1918, métadonnées cloud.
|
| 236 |
+
- `tests/security/test_csrf_required.py` (14) — double-submit + HMAC.
|
| 237 |
|
| 238 |
### Reproductibilité bit-for-bit
|
| 239 |
|
docs/migration/option_b_test_inventory.md
CHANGED
|
@@ -60,7 +60,7 @@ fait dans une fixture partagée.
|
|
| 60 |
| B11 | `tests/integration/test_importer_fallback_wiring.py` | Fallback importer. Test d'intégration. |
|
| 61 |
| B12 | `tests/integration/test_s5_disk_full_simulation.py` | Disque plein. |
|
| 62 |
| B13 | `tests/security/test_phase1_post_rewrite_wiring.py` | Sécurité post-rewrite. |
|
| 63 |
-
| B14 | `tests/security/
|
| 64 |
| B15 | `tests/test_minimal_install.py` | Installation minimale (smoke test). |
|
| 65 |
| B16 | `tests/web/test_ux_save_compare.py` | UX save/compare web. |
|
| 66 |
|
|
|
|
| 60 |
| B11 | `tests/integration/test_importer_fallback_wiring.py` | Fallback importer. Test d'intégration. |
|
| 61 |
| B12 | `tests/integration/test_s5_disk_full_simulation.py` | Disque plein. |
|
| 62 |
| B13 | `tests/security/test_phase1_post_rewrite_wiring.py` | Sécurité post-rewrite. |
|
| 63 |
+
| B14 | `tests/security/test_xss_in_reports.py` | XSS dans rapports. |
|
| 64 |
| B15 | `tests/test_minimal_install.py` | Installation minimale (smoke test). |
|
| 65 |
| B16 | `tests/web/test_ux_save_compare.py` | UX save/compare web. |
|
| 66 |
|
tests/security/{test_sprint_a14_s20_corpus_service.py → test_corpus_service.py}
RENAMED
|
File without changes
|
tests/security/{test_s1_csrf_required.py → test_csrf_required.py}
RENAMED
|
File without changes
|
tests/security/{test_sprint_a14_s1_path_validation.py → test_path_validation.py}
RENAMED
|
File without changes
|
tests/security/{test_s8_security_helpers.py → test_security_helpers.py}
RENAMED
|
File without changes
|
tests/security/{test_s1_ssrf_attack.py → test_ssrf_attack.py}
RENAMED
|
File without changes
|
tests/security/{test_sprint_a14_s19_workspace_manager.py → test_workspace_manager.py}
RENAMED
|
File without changes
|
tests/security/{test_s1_xss_in_reports.py → test_xss_in_reports.py}
RENAMED
|
File without changes
|
tests/security/{test_s1_xxe_attack.py → test_xxe_attack.py}
RENAMED
|
File without changes
|
tests/security/{test_s1_zip_slip_attack.py → test_zip_slip_attack.py}
RENAMED
|
File without changes
|