Add comprehensive security tests for injection, input validation, rat…#5
Merged
Add comprehensive security tests for injection, input validation, rat…#5
Conversation
…e limiting, security headers, and error responses - Implement tests for various injection vulnerabilities including SQL, command, header, NoSQL, and XSS. - Create input validation tests covering boundary conditions, type validation, size limits, and malformed input handling. - Introduce rate limiting tests to ensure proper enforcement and behavior under concurrent requests. - Add tests for security headers to verify presence and correct configuration. - Ensure error responses do not leak sensitive information and are consistent across different scenarios.
- Simplified assertion messages in various security tests to enhance clarity. - Consolidated multiline assertions into single-line formats where applicable. - Ensured consistent formatting across test cases for better maintainability.
- Added new event types for authorization success and failure in audit_events.py. - Extended TokenRequest and TokenResponse models to include role for RBAC. - Modified create_access_token function to accept role parameter. - Updated obtain_token endpoint to handle role assignment. - Integrated RBAC checks in contacts, telemetry, and weather routers using require_permission. - Created rbac.py for RBAC logic and role-permission mapping. - Defined roles and permissions in rbac_roles.py. - Added comprehensive tests for RBAC functionality, including integration tests for endpoint access based on roles. - Documented RBAC implementation and usage in AUTHORIZATION.md.
…cès basé sur les rôles (RBAC) avec 5 rôles et 7 permissions, mise à jour des tests unitaires et des événements d'autorisation dans les journaux d'audit.
- Implement Horizontal Pod Autoscaler for gateway service with CPU and memory utilization metrics. - Create Ingress resource with security headers, rate limiting, and mTLS support. - Add Namespace template with optional Pod Security Standards labels. - Define Network Policies for default deny, gateway ingress/egress, and internal services. - Establish Pod Disruption Budgets for gateway, telemetry, weather, and contacts services. - Configure RBAC with an empty Role and RoleBinding for least privilege access. - Set up Secrets management with options for direct creation or external secrets integration. - Define ClusterIP Services for gateway and internal services (telemetry, weather, contacts). - Create ServiceMonitor for Prometheus integration. - Implement health check tests for all services. - Add environment-specific values for development, staging, and production.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…e limiting, security headers, and error responses