solidprivacy-nl commited on
Commit
b8b3671
·
1 Parent(s): 1534687

Add WP47 local file handling privacy tests

Browse files
tests/test_local_file_handling_privacy.py ADDED
@@ -0,0 +1,136 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ from __future__ import annotations
2
+
3
+ import importlib.util
4
+ import sys
5
+ from pathlib import Path
6
+
7
+
8
+ REPO_ROOT = Path(__file__).resolve().parents[1]
9
+ LAUNCHER_PATH = REPO_ROOT / "scripts" / "run_local_streamlit.py"
10
+ LOCAL_RUN_PATH = REPO_ROOT / "LOCAL_RUN.md"
11
+
12
+ SYNTHETIC_FILENAME = "synthetic_confidential_fixture.txt"
13
+ SYNTHETIC_CONTENT = "SYNTHETIC-BETROKKENE-TEST-LOCAL-001"
14
+
15
+
16
+ def load_launcher_module():
17
+ spec = importlib.util.spec_from_file_location("run_local_streamlit_under_test", LAUNCHER_PATH)
18
+ module = importlib.util.module_from_spec(spec)
19
+ assert spec.loader is not None
20
+ sys.modules[spec.name] = module
21
+ spec.loader.exec_module(module)
22
+ return module
23
+
24
+
25
+ def test_local_launcher_defaults_to_loopback_and_expected_port():
26
+ launcher = load_launcher_module()
27
+
28
+ args = launcher.parse_args([])
29
+
30
+ assert args.address == "127.0.0.1"
31
+ assert args.port == "8501"
32
+
33
+
34
+ def test_local_launcher_streamlit_command_disables_usage_stats_and_has_no_cloud_endpoint(monkeypatch):
35
+ launcher = load_launcher_module()
36
+ commands: list[list[str]] = []
37
+
38
+ def fake_run_checked(command: list[str]) -> None:
39
+ commands.append(command)
40
+
41
+ monkeypatch.setattr(launcher, "run_checked", fake_run_checked)
42
+
43
+ assert launcher.main([]) == 0
44
+
45
+ assert commands[:2] == [
46
+ [sys.executable, "fix_streamlit_nested_expanders.py"],
47
+ [sys.executable, "fix_streamlit_pdf_text_reinsert.py"],
48
+ ]
49
+ streamlit_command = commands[-1]
50
+ command_text = " ".join(streamlit_command).lower()
51
+
52
+ assert streamlit_command[:5] == [sys.executable, "-m", "streamlit", "run", "presidio_streamlit.py"]
53
+ assert streamlit_command[streamlit_command.index("--server.address") + 1] == "127.0.0.1"
54
+ assert streamlit_command[streamlit_command.index("--server.port") + 1] == "8501"
55
+ assert streamlit_command[streamlit_command.index("--server.headless") + 1] == "true"
56
+ assert streamlit_command[streamlit_command.index("--browser.gatherUsageStats") + 1] == "false"
57
+
58
+ forbidden_fragments = [
59
+ "0.0.0.0",
60
+ "huggingface.co",
61
+ "api.openai.com",
62
+ "http://",
63
+ "https://",
64
+ "telemetry",
65
+ "analytics",
66
+ "cloud",
67
+ ]
68
+ assert not any(fragment in command_text for fragment in forbidden_fragments)
69
+
70
+
71
+ def test_launcher_command_does_not_include_document_content_or_file_names(monkeypatch):
72
+ launcher = load_launcher_module()
73
+ commands: list[list[str]] = []
74
+
75
+ def fake_run_checked(command: list[str]) -> None:
76
+ commands.append(command)
77
+
78
+ monkeypatch.setattr(launcher, "run_checked", fake_run_checked)
79
+
80
+ launcher.main(["--port", "8502"])
81
+
82
+ command_text = " ".join(" ".join(command) for command in commands)
83
+ assert SYNTHETIC_FILENAME not in command_text
84
+ assert SYNTHETIC_CONTENT not in command_text
85
+
86
+
87
+ def test_launcher_source_does_not_write_logs_temp_files_or_packaging_behavior():
88
+ source = LAUNCHER_PATH.read_text(encoding="utf-8")
89
+ lowered = source.lower()
90
+
91
+ forbidden_source_fragments = [
92
+ "logging",
93
+ "print(",
94
+ ".write_text",
95
+ ".write_bytes",
96
+ "open(",
97
+ "tempfile",
98
+ "namedtemporaryfile",
99
+ "pyinstaller",
100
+ "tauri",
101
+ "electron",
102
+ "msi",
103
+ "installer",
104
+ ]
105
+ assert not any(fragment in lowered for fragment in forbidden_source_fragments)
106
+
107
+
108
+ def test_local_run_documentation_contains_privacy_boundaries():
109
+ doc = LOCAL_RUN_PATH.read_text(encoding="utf-8")
110
+ lowered = doc.lower()
111
+
112
+ assert "hugging face" in lowered
113
+ assert "do not process confidential real documents" in lowered
114
+ assert "127.0.0.1" in doc
115
+ assert "--browser.gatherUsageStats false" in doc
116
+ assert "no real data" in lowered
117
+ assert "synthetic examples" in lowered
118
+ assert "local-only" in lowered or "local runtime" in lowered
119
+
120
+
121
+ def test_local_run_documentation_covers_temp_runtime_limits_and_no_packaging_claim():
122
+ doc = LOCAL_RUN_PATH.read_text(encoding="utf-8")
123
+ lowered = doc.lower()
124
+
125
+ assert "runtime privacy expectations" in lowered
126
+ assert "should not pass source document content" in lowered
127
+ assert "should not create application-managed temporary files" in lowered
128
+ assert "write document-content logs" in lowered
129
+ assert "does not add ai processing" in lowered
130
+ assert "cloud document processing" in lowered
131
+ assert "does not prove a full offline or network-traffic guarantee" in lowered
132
+ assert "no installer" in lowered
133
+ assert "pyinstaller" in lowered
134
+ assert "tauri" in lowered
135
+ assert "electron" in lowered
136
+ assert "msi" in lowered