test(management): freeze scrubber fragment coverage over DataConnection config types + document array-merge limit (plan R2-07 T12)
This commit is contained in:
@@ -42,4 +42,47 @@ public class ConfigSecretScrubberTests
|
||||
Assert.Contains("\"real\"", merged);
|
||||
Assert.DoesNotContain(ConfigSecretScrubber.Sentinel, merged);
|
||||
}
|
||||
|
||||
// ── arch-review R2 N9: frozen scrubber fragment coverage ───────────────────
|
||||
|
||||
// Frozen non-secret allowlist (arch-review R2 N9), mirroring RequiredRoleMatrixTests:
|
||||
// every string-typed property on the DataConnections config types must EITHER match
|
||||
// the scrubber's secret fragments (it gets elided) OR be listed here after a
|
||||
// deliberate "this is not a secret" decision. A new string property with neither
|
||||
// fails EveryConfigStringProperty_IsScrubbedOrDeliberatelyNonSecret, so a future
|
||||
// "SigningKey"/"Pin" cannot silently leak through List/Get/audit.
|
||||
private static readonly Dictionary<Type, string[]> KnownNonSecretStringProperties = new()
|
||||
{
|
||||
[typeof(ZB.MOM.WW.ScadaBridge.Commons.Types.DataConnections.OpcUaEndpointConfig)] = ["EndpointUrl", "SubscriptionDisplayName"],
|
||||
[typeof(ZB.MOM.WW.ScadaBridge.Commons.Types.DataConnections.OpcUaUserIdentityConfig)] = ["Username", "CertificatePath"],
|
||||
[typeof(ZB.MOM.WW.ScadaBridge.Commons.Types.DataConnections.MxGatewayEndpointConfig)] = ["Endpoint", "ClientName", "CaFile", "ServerName"],
|
||||
[typeof(ZB.MOM.WW.ScadaBridge.Commons.Types.DataConnections.OpcUaHeartbeatConfig)] = ["TagPath"],
|
||||
[typeof(ZB.MOM.WW.ScadaBridge.Commons.Types.DataConnections.OpcUaDeadbandConfig)] = [],
|
||||
};
|
||||
|
||||
[Fact]
|
||||
public void EveryConfigStringProperty_IsScrubbedOrDeliberatelyNonSecret()
|
||||
{
|
||||
foreach (var (type, allowlist) in KnownNonSecretStringProperties)
|
||||
{
|
||||
var stringProps = type.GetProperties(System.Reflection.BindingFlags.Public | System.Reflection.BindingFlags.Instance)
|
||||
.Where(p => p.PropertyType == typeof(string))
|
||||
.Select(p => p.Name);
|
||||
foreach (var name in stringProps)
|
||||
{
|
||||
var scrubbed = ConfigSecretScrubber.IsSecretName(name);
|
||||
var allowlisted = allowlist.Contains(name);
|
||||
Assert.True(scrubbed ^ allowlisted,
|
||||
$"{type.Name}.{name}: must be EITHER fragment-scrubbed OR explicitly " +
|
||||
"allowlisted as non-secret (and never both) — see arch-review R2 N9.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData("Password")]
|
||||
[InlineData("CertificatePassword")]
|
||||
[InlineData("ApiKey")]
|
||||
public void KnownSecretProperties_MatchTheFragmentList(string name)
|
||||
=> Assert.True(ConfigSecretScrubber.IsSecretName(name));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user