Spaces:
Running
Running
File size: 4,176 Bytes
4717d76 3688dd6 4717d76 3688dd6 f665498 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 | """Tests for security configuration models."""
import pytest
from pydantic import ValidationError
from agent_bench.core.config import AppConfig
class TestSecurityConfig:
def test_security_config_has_defaults(self):
"""SecurityConfig is present on AppConfig with sane defaults."""
config = AppConfig()
assert config.security.injection.enabled is True
assert config.security.injection.action == "block"
assert config.security.injection.tiers == ["heuristic", "classifier"]
assert config.security.pii.enabled is True
assert config.security.pii.mode == "redact"
assert "EMAIL" in config.security.pii.redact_patterns
assert config.security.pii.use_ner is False
assert config.security.output.enabled is True
assert config.security.output.pii_check is True
assert config.security.output.url_check is True
assert config.security.output.blocklist == []
assert config.security.audit.enabled is True
assert config.security.audit.path == "logs/audit.jsonl"
def test_security_config_from_yaml(self, tmp_path):
"""Security config loads from YAML correctly."""
import yaml
config_data = {
"security": {
"injection": {"enabled": False, "action": "warn"},
"pii": {"mode": "passthrough", "use_ner": True},
"audit": {"path": "custom/audit.jsonl", "max_size_mb": 50},
}
}
yaml_path = tmp_path / "test.yaml"
yaml_path.write_text(yaml.dump(config_data))
from agent_bench.core.config import load_config
config = load_config(path=yaml_path)
assert config.security.injection.enabled is False
assert config.security.injection.action == "warn"
assert config.security.pii.mode == "passthrough"
assert config.security.pii.use_ner is True
assert config.security.audit.path == "custom/audit.jsonl"
assert config.security.audit.max_size_mb == 50
def test_injection_action_values(self):
"""Injection action accepts block, warn, flag."""
from agent_bench.core.config import InjectionConfig
for action in ("block", "warn", "flag"):
cfg = InjectionConfig(action=action)
assert cfg.action == action
def test_pii_mode_values(self):
"""PII mode accepts redact, detect_only, passthrough."""
from agent_bench.core.config import PIIConfig
for mode in ("redact", "detect_only", "passthrough"):
cfg = PIIConfig(mode=mode)
assert cfg.mode == mode
def test_injection_action_rejects_invalid(self):
"""Invalid injection action raises ValidationError."""
from agent_bench.core.config import InjectionConfig
with pytest.raises(ValidationError):
InjectionConfig(action="drop")
def test_pii_mode_rejects_invalid(self):
"""Invalid PII mode raises ValidationError."""
from agent_bench.core.config import PIIConfig
with pytest.raises(ValidationError):
PIIConfig(mode="whatever")
def test_invalid_action_in_yaml_rejected(self, tmp_path):
"""A YAML typo in injection.action must not silently pass."""
import yaml
config_data = {"security": {"injection": {"action": "yolo"}}}
yaml_path = tmp_path / "bad.yaml"
yaml_path.write_text(yaml.dump(config_data))
from agent_bench.core.config import load_config
with pytest.raises(ValidationError):
load_config(path=yaml_path)
def test_injection_tier_typo_rejected(self):
"""A typo in tiers must not silently disable detection."""
from agent_bench.core.config import InjectionConfig
with pytest.raises(ValidationError, match="Invalid injection tier"):
InjectionConfig(tiers=["heurisitic"])
def test_injection_tier_valid_values_accepted(self):
"""Valid tier combinations are accepted."""
from agent_bench.core.config import InjectionConfig
cfg = InjectionConfig(tiers=["heuristic"], classifier_url="")
assert cfg.tiers == ["heuristic"]
|