fetch_ml

jfraeysd/fetch_ml

Fork 0

Commit graph

Author	SHA1	Message	Date
Jeremie Fraeys	61660dc925	refactor: co-locate security, storage, telemetry, tracking, worker tests Move unit tests from tests/unit/ to internal/ following Go conventions: Security tests: - tests/unit/security/* -> internal/security/* (audit, config_integrity, filetype, gpu_audit, hipaa_validation, manifest_filename, path_traversal, resource_quota, secrets) Storage tests: - tests/unit/storage/* -> internal/storage/* (db, experiment_metadata) Telemetry tests: - tests/unit/telemetry/* -> internal/telemetry/* (telemetry) Tracking tests: - tests/unit/reproducibility/* -> internal/tracking/* (config_hash, environment_capture) Worker tests: - tests/unit/worker/* -> internal/worker/* (artifacts, config, hash_bench, plugins/jupyter_task, plugins/vllm, prewarm_v1, run_manifest_execution, snapshot_stage, snapshot_store, worker) Update import paths in test files to reflect new locations.	2026-03-12 16:37:03 -04:00
Jeremie Fraeys	b33c6c4878	test(security): Add PHI denylist tests to secrets validation Add comprehensive PHI detection tests: - patient_id rejection - ssn rejection - medical_record_number rejection - diagnosis_code rejection - Mixed secrets with PHI rejection - Normal secrets acceptance (HF_TOKEN, WANDB_API_KEY, etc.) Ensures AllowedSecrets PHI denylist validation works correctly across all PHI pattern variations. Part of: PHI denylist validation from security plan	2026-02-23 19:44:33 -05:00
Jeremie Fraeys	fccced6bb3	test(security): add comprehensive security unit tests Adds 13 security tests across 4 files for hardening verification: Path Traversal Tests (path_traversal_test.go): - TestSecurePathValidator_ValidRelativePath - TestSecurePathValidator_PathTraversalBlocked - TestSecurePathValidator_SymlinkEscape - Tests symlink resolution and path boundary enforcement File Type Validation Tests (filetype_test.go): - TestValidateFileType_AllowedTypes - TestValidateFileType_DangerousTypesBlocked - TestValidateModelFile - Tests magic bytes validation and dangerous extension blocking Secrets Management Tests (secrets_test.go): - TestExpandSecrets_BasicExpansion - TestExpandSecrets_NestedAndMissingVars - TestValidateNoPlaintextSecrets_HeuristicDetection - Tests env variable expansion and plaintext secret detection with entropy Audit Logging Tests (audit_test.go): - TestAuditLogger_ChainIntegrity - TestAuditLogger_VerifyChain - TestAuditLogger_LogFileAccess - TestAuditLogger_Disabled - Tests tamper-evident chain hashing and file access logging	2026-02-23 18:00:45 -05:00

Author

SHA1

Message

Date

Jeremie Fraeys

61660dc925

refactor: co-locate security, storage, telemetry, tracking, worker tests

Move unit tests from tests/unit/ to internal/ following Go conventions:

Security tests:
- tests/unit/security/* -> internal/security/* (audit, config_integrity, filetype, gpu_audit, hipaa_validation, manifest_filename, path_traversal, resource_quota, secrets)

Storage tests:
- tests/unit/storage/* -> internal/storage/* (db, experiment_metadata)

Telemetry tests:
- tests/unit/telemetry/* -> internal/telemetry/* (telemetry)

Tracking tests:
- tests/unit/reproducibility/* -> internal/tracking/* (config_hash, environment_capture)

Worker tests:
- tests/unit/worker/* -> internal/worker/* (artifacts, config, hash_bench, plugins/jupyter_task, plugins/vllm, prewarm_v1, run_manifest_execution, snapshot_stage, snapshot_store, worker)

Update import paths in test files to reflect new locations.

2026-03-12 16:37:03 -04:00

Jeremie Fraeys

b33c6c4878

test(security): Add PHI denylist tests to secrets validation

Add comprehensive PHI detection tests:
- patient_id rejection
- ssn rejection
- medical_record_number rejection
- diagnosis_code rejection
- Mixed secrets with PHI rejection
- Normal secrets acceptance (HF_TOKEN, WANDB_API_KEY, etc.)

Ensures AllowedSecrets PHI denylist validation works correctly
across all PHI pattern variations.

Part of: PHI denylist validation from security plan

2026-02-23 19:44:33 -05:00

Jeremie Fraeys

fccced6bb3

test(security): add comprehensive security unit tests

Adds 13 security tests across 4 files for hardening verification:

**Path Traversal Tests (path_traversal_test.go):**
- TestSecurePathValidator_ValidRelativePath
- TestSecurePathValidator_PathTraversalBlocked
- TestSecurePathValidator_SymlinkEscape
- Tests symlink resolution and path boundary enforcement

**File Type Validation Tests (filetype_test.go):**
- TestValidateFileType_AllowedTypes
- TestValidateFileType_DangerousTypesBlocked
- TestValidateModelFile
- Tests magic bytes validation and dangerous extension blocking

**Secrets Management Tests (secrets_test.go):**
- TestExpandSecrets_BasicExpansion
- TestExpandSecrets_NestedAndMissingVars
- TestValidateNoPlaintextSecrets_HeuristicDetection
- Tests env variable expansion and plaintext secret detection with entropy

**Audit Logging Tests (audit_test.go):**
- TestAuditLogger_ChainIntegrity
- TestAuditLogger_VerifyChain
- TestAuditLogger_LogFileAccess
- TestAuditLogger_Disabled
- Tests tamper-evident chain hashing and file access logging

2026-02-23 18:00:45 -05:00

3 commits